The widespread adoption of large language models (LLMs) is transforming computing paradigms while introducing new challenges in hardware security vulnerability detection. Existing hardware performance counter (HPC)-based detectors demonstrate high efficacy for conventional applications (e.g., editing Office files, and playing videos) as well as web-accessible LLMs; however, our novel observation reveals that locally deployed large-scale LLMs exhibit access patterns with striking similarity to Spectre attacks. This similarity causes a dramatic deterioration in attack detection accuracy, plummeting from 99.86% to just 66.16% for DeepSeek-7b. To effectively mitigate detection performance degradation, we propose for the first time, LLMsafe-Spectre, a novel intelligent HPC event selection methodology designed for efficient Spectre attack detection in LLM environments. LLMsafe-Spectre is composed of two phases: (1) AI-assisted clustering of HPC events to efficiently narrow the search space, (2) ANOVA-based statistical analysis of inner-group and inter-group variances to pick out Top-K Spectre attack-LLMs discriminative events under limited registers in processors. This approach uniquely addresses the interference caused by LLM access while maintaining detection robustness. We comprehensively evaluate LLMsafe-Spectre across diverse Spectre variants, hardware architectures, web accessible LLMs and locally deployed large-scale LLMs scaling up from 1.5b to 14b. Experimental results demonstrate that our novel solution achieves superior detection accuracy up to 99.91% on average of scaling LLMs, significantly outperforming state-of-the-art approaches.
Zhou et al. (Wed,) studied this question.