基于贝叶斯方法的片上网络硬件木马数据包篡改攻击在线检测

IF 2.5 3区工程技术 Q3 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Integration-The Vlsi Journal Pub Date : 2025-09-17 DOI:10.1016/j.vlsi.2025.102506

Xiaohang Wang , Ge Cao , Yiming Zhao , Yingtao Jiang , Amit Kumar Singh , Mei Yang , Liang Wang , Yinhe Han , Fen Guo

{"title":"基于贝叶斯方法的片上网络硬件木马数据包篡改攻击在线检测","authors":"Xiaohang Wang , Ge Cao , Yiming Zhao , Yingtao Jiang , Amit Kumar Singh , Mei Yang , Liang Wang , Yinhe Han , Fen Guo","doi":"10.1016/j.vlsi.2025.102506","DOIUrl":null,"url":null,"abstract":"<div><div>Hardware Trojans (HTs), proven difficult to be detected and removed at the offline post-silicon stage, can secretly launch dangerous packet tampering attacks on the network-on-chip (NoC) of a many-core chip. In this paper, we present an online HT detection scheme that is based on continuous, on-the-fly assessment of how likely any single node in the NoC includes an HT. In specific, the scheme first collects the routing path information of any data packet flowing through the NoC. The probability of a node being infected with HTs will next be determined based on each packet’s authentication result and this probability is iteratively updated through Bayesian analysis. A node shall be marked as a high-risk node, if its probability of infection exceeds a threshold, and all the high-risk nodes thus discovered will be bypassed by any future traffic. Since the proposed scheme only needs end-to-end authentication, as opposed to costly hop-to-hop authentication, the hardware overhead is kept low. To help further reduce the bandwidth and computation overheads, three approximate schemes are also proposed. Experiments have confirmed that the proposed HT detection methods can effectively locate the malicious nodes and thus reduce the infection rate to below 5%.</div></div>","PeriodicalId":54973,"journal":{"name":"Integration-The Vlsi Journal","volume":"106 ","pages":"Article 102506"},"PeriodicalIF":2.5000,"publicationDate":"2025-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Online detection of hardware Trojan enabled packet tampering attack on network-on-chip: A Bayesian approach\",\"authors\":\"Xiaohang Wang , Ge Cao , Yiming Zhao , Yingtao Jiang , Amit Kumar Singh , Mei Yang , Liang Wang , Yinhe Han , Fen Guo\",\"doi\":\"10.1016/j.vlsi.2025.102506\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Hardware Trojans (HTs), proven difficult to be detected and removed at the offline post-silicon stage, can secretly launch dangerous packet tampering attacks on the network-on-chip (NoC) of a many-core chip. In this paper, we present an online HT detection scheme that is based on continuous, on-the-fly assessment of how likely any single node in the NoC includes an HT. In specific, the scheme first collects the routing path information of any data packet flowing through the NoC. The probability of a node being infected with HTs will next be determined based on each packet’s authentication result and this probability is iteratively updated through Bayesian analysis. A node shall be marked as a high-risk node, if its probability of infection exceeds a threshold, and all the high-risk nodes thus discovered will be bypassed by any future traffic. Since the proposed scheme only needs end-to-end authentication, as opposed to costly hop-to-hop authentication, the hardware overhead is kept low. To help further reduce the bandwidth and computation overheads, three approximate schemes are also proposed. Experiments have confirmed that the proposed HT detection methods can effectively locate the malicious nodes and thus reduce the infection rate to below 5%.</div></div>\",\"PeriodicalId\":54973,\"journal\":{\"name\":\"Integration-The Vlsi Journal\",\"volume\":\"106 \",\"pages\":\"Article 102506\"},\"PeriodicalIF\":2.5000,\"publicationDate\":\"2025-09-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Integration-The Vlsi Journal\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167926025001634\",\"RegionNum\":3,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Integration-The Vlsi Journal","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167926025001634","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

硬件木马（HTs）在离线后硅阶段很难被检测和移除，它可以秘密地对多核芯片的片上网络（NoC）发起危险的数据包篡改攻击。在本文中，我们提出了一种在线高温检测方案，该方案基于对NoC中任何单个节点包含高温的可能性的连续、实时评估。具体来说，该方案首先收集流经NoC的任何数据包的路由路径信息。接下来，将根据每个数据包的认证结果确定节点被ht感染的概率，并通过贝叶斯分析迭代更新该概率。如果一个节点的感染概率超过某个阈值，则将其标记为高风险节点，所有由此发现的高风险节点都将被未来的流量绕过。由于所提出的方案只需要端到端身份验证，而不需要昂贵的跳到跳身份验证，因此硬件开销很低。为了进一步减少带宽和计算开销，还提出了三种近似方案。实验证实，本文提出的HT检测方法能够有效定位恶意节点，从而将感染率降低到5%以下。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Online detection of hardware Trojan enabled packet tampering attack on network-on-chip: A Bayesian approach

Hardware Trojans (HTs), proven difficult to be detected and removed at the offline post-silicon stage, can secretly launch dangerous packet tampering attacks on the network-on-chip (NoC) of a many-core chip. In this paper, we present an online HT detection scheme that is based on continuous, on-the-fly assessment of how likely any single node in the NoC includes an HT. In specific, the scheme first collects the routing path information of any data packet flowing through the NoC. The probability of a node being infected with HTs will next be determined based on each packet’s authentication result and this probability is iteratively updated through Bayesian analysis. A node shall be marked as a high-risk node, if its probability of infection exceeds a threshold, and all the high-risk nodes thus discovered will be bypassed by any future traffic. Since the proposed scheme only needs end-to-end authentication, as opposed to costly hop-to-hop authentication, the hardware overhead is kept low. To help further reduce the bandwidth and computation overheads, three approximate schemes are also proposed. Experiments have confirmed that the proposed HT detection methods can effectively locate the malicious nodes and thus reduce the infection rate to below 5%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Integration-The Vlsi Journal 工程技术-工程：电子与电气

CiteScore

3.80

自引率

5.30%

发文量

107

审稿时长

6 months

期刊介绍： Integration''s aim is to cover every aspect of the VLSI area, with an emphasis on cross-fertilization between various fields of science, and the design, verification, test and applications of integrated circuits and systems, as well as closely related topics in process and device technologies. Individual issues will feature peer-reviewed tutorials and articles as well as reviews of recent publications. The intended coverage of the journal can be assessed by examining the following (non-exclusive) list of topics: Specification methods and languages; Analog/Digital Integrated Circuits and Systems; VLSI architectures; Algorithms, methods and tools for modeling, simulation, synthesis and verification of integrated circuits and systems of any complexity; Embedded systems; High-level synthesis for VLSI systems; Logic synthesis and finite automata; Testing, design-for-test and test generation algorithms; Physical design; Formal verification; Algorithms implemented in VLSI systems; Systems engineering; Heterogeneous systems.