RISC-V processors are widely deployed in safety-critical applications, yet efficient and interpretable detection of microarchitectural side-channel attacks—particularly Flush+Fault variants—remains an open challenge. This paper proposes a novel detection method integrating statistical preprocessing with association rule mining: it is the first to introduce high-interpretability association rules into RISC-V side-channel attack detection, enabling dynamic rule reconstruction to adapt to emerging attack variants. Leveraging gem5-simulated traces, we design a lightweight, reconfigurable detection framework. Experimental evaluation across cryptographic, compute-intensive, and memory-intensive workloads demonstrates average improvements of 5.15% in accuracy, 7% in precision, and 3.91% in recall over baseline methods. The approach significantly enhances generalizability across diverse attack patterns and provides transparent, behavior-level interpretability through human-readable association rules.

RISC-V processors are becoming ubiquitous in critical applications, but their susceptibility to microarchitectural side-channel attacks is a serious concern. Detection of microarchitectural attacks in RISC-V is an emerging research topic that is relatively underexplored, compared to x86 and ARM. The first line of work to detect flush+fault-based microarchitectural attacks in RISC-V leverages Machine Learning (ML) models, yet it leaves several practical aspects that need further investigation. To address overlooked issues, we leveraged gem5 and propose a new detection method combining statistical preprocessing and association rule mining having reconfiguration capabilities to generalize the detection method for any microarchitectural attack. The performance comparison with state-of-the-art reveals that the proposed detection method achieves up to 5.15% increase in accuracy, 7% rise in precision, and 3.91% improvement in recall under the cryptographic, computational, and memory-intensive workloads alongside its flexibility to detect new variant of flush+fault attack. Moreover, as the attack detection relies on association rules, their human-interpretable nature provides deep insight to understand microarchitectural behavior during the execution of attack and benign applications.