



# Hardware Trojan Detection and High-Precision Localization in NoC-based MPSoC using Machine Learning

<u>Haoyu Wang</u>, Basel Halak

Advancing Cyber Security Group School of Electronic and Computer Science University of Southampton, UK



#### Contents

- i. Motivation
- ii. Threat model

iii. Proposed framework: ML-based Packet Tampering Attack Detection & HT Localization

- iv. Experiment and Results
- v. Conclusion and Future Work



### Motivation: NoC (mesh based)

Scalable

Flexible

**Shared-Resources** 

Extendable

High-Parallel

. . . . . .



Fig1. Typical NoC architecture

- NoC is one of the better solutions for Multi-Processer SoC (MPSoC) design (Data center chips, Al chips, cloud computing infrastructures...)
  - More functionalities, higher performance, and a shorter R&D period
- Needs more outsourced 3PIPs (untrusted?) and licensed 3PEDAs (untrusted?)
  - The increasing number of security attacks that undermine the NoC



#### Motivation: Attacks on NoC

- Security attacks on NoC [1]:
   Eavesdropping, Spoofing, Denial-of-Services, Buffer Overflow, Side Channel
- DoS: Tampering Attack





Fig2. Packet tampering attack examples



## Threat model (adversary capability)



Fig3. Packet example

- Tampered packet data: memory address, type of the instruction, number of dependencies
- Safe packet data: source node ID, destination node ID
- Reason: leading to other unwanted attacks such as traffic diversion<sub>[2]</sub>, route looping<sub>[2],</sub> and flooding



### Proposed framework: Overview & DCI

- Proposed Framework: attack detection by DCI, HT localization by DSCT
- Tampering attack detection: Dynamic Confidence Interval (DCI) and ML



Fig4. Framework workflow



### Proposed framework : DCI & ML model

- Trained ML model: ANN (2 hidden layers)
- Features: Address, Instruction Type, Source ID, Destination ID, Number of dependencies
- Dataset: Blackschole workload of PARSEC benchmark, parsed by Netrace tool



Fig7. DCI working with ANN



# Proposed framework: DSCT localization illustration

HT node localization: Dynamic Security Credit Table (DSCT)





# Proposed framework: DSCT localization real example

HT node localization: Dynamic Security Credit Table (DSCT)

Fig10. Framework workflow



Fig11. DSCT Localization Example



# **Experiment and Results**

NoC configuration:

| # of cores            | 64 O3CPUs               |  |
|-----------------------|-------------------------|--|
| NoC Topology          | 8 x 8 2D Mesh           |  |
| NoC Routing Algorithm | X-Y Routing             |  |
| NoC Packet Length     | 168 Bits                |  |
| NoC Packets Generator | Netrace                 |  |
| PARSEC Workload       | Balckscholes (simsmall) |  |

Experiment flow:



Fig12. Experiment flow

## **Experiment and Results**



#### DCI detection:

#### 

**DSCT** localization:



Fig13. Malicious packets (tampering attack) detection result

Fig14. HT-injected node localization result

#### Comparison with related works:

|                     | Charles et al. (2020) | Sinha et al. (2021b)         | Chaves et al. (2019) | [Our work]            |
|---------------------|-----------------------|------------------------------|----------------------|-----------------------|
| HT &                | DoS:                  | DoS:                         | DoS: Path            | DoS: Packet           |
| Attacks             | Flooding              | Flooding                     | Collision            | Tampering             |
| ML model            | N/A                   | Perceptron<br>-based ML      | N/A                  | ANN                   |
| Detection<br>Method | PAC, DLC              | ML using<br>BWT, IFI,<br>VCL | CPRD<br>Architecture | ML + DCI<br>Algorithm |
| Precision           | N/A                   | 97.6 %                       | N/A                  | 96.3 %                |
| Localization        | Event Handler         | MIP                          | CPDD                 | DSCT                  |
| Method              | for Router            | Algorithm                    | Architecture         | Algorithm             |
| Precision           | N/A                   | 96.7 %                       | N/A                  | 100 %                 |
| Min-time            | 8~24us                | 30~140                       | 97~1118              | 5.8~12.9us            |
|                     | @ 1.4GHz              | Cycles                       | Cycles               | @ 2GHz                |



#### Conclusion and Future Work

- First work to detect and localize tampering attack using ML
- Expected detection and localization precision and speed
- Future work1 for framework enhancement: A malicious node localization-specific workload/traffic pattern will be required instead of an application-specific workload (PARSEC).
- Future work2 for exploration: More SoC architectures could be explored, such as AMBA bus-based SoC system.



#### Reference

[1] Subodha Charles and Prabhat Mishra. A survey of network-on-chip security attacks and countermeasures. ACM Computing Surveys (CSUR), 54(5):1-36, 2021.

[2] Amey Kulkarni, Youngok Pino, Matthew French, and Tinoosh Mohsenin. Real-time anomaly detection framework for many-core router through machine-learning techniques. ACM Journal on Emerging Technologies in Computing Systems (JETC), 13 (1):1-22, 2016.



# **YOUR QUESTIONS**