Hardware-based stack buffer overflow attack detection on RISC-V architectures
Cristiano Pegoraro Chenet, Ziteng Zhang, Alessandro Savino, Stefano Di Carlo
TL;DR
The paper investigates hardware-based detection of stack buffer overflow attacks on RISC-V by leveraging semi-supervised anomaly detection driven by micro-architectural events collected from GVSoC simulations of the RI5CY core. It systematically compares four traditional classifiers and an autoencoder, analyzing a dataset built from 10k clean and 10k mixed executions to detect deviations in control flow caused by SBOs. Results show high detection accuracy for several benchmarks even at a small attack footprint (as little as 1% of instructions), though overall performance remains challenging and the autoencoder offers limited gains. The authors advocate a hardware-first, software-assisted defense strategy to realize practical, runtime SBO protection in RISC-V systems.
Abstract
This work evaluates how well hardware-based approaches detect stack buffer overflow (SBO) attacks in RISC-V systems. We conducted simulations on the PULP platform and examined micro-architecture events using semi-supervised anomaly detection techniques. The findings showed the challenge of detection performance. Thus, a potential solution combines software and hardware-based detectors concurrently, with hardware as the primary defense. The hardware-based approaches present compelling benefits that could enhance RISC-V-based architectures.