Abstract: Various embodiments provide a robust backdoor attack on machine learning (ML)-based detection systems that can be applied to demonstrate and identify vulnerabilities thereof. In various embodiments, an artificial intelligence (AI)-based Trojan attack is generated and implanted inside a ML model trained for classification and/or detection tasks, and the AI-based Trojan attack can be triggered by specific inputs to manipulate the expected outputs of the ML model. Analysis of the behavior of an ML model having the AI-based Trojan implanted (and/or triggered) then enables identification of vulnerabilities of the ML model and further enables the design of ML models with improved security. Various embodiments of the present disclosure provide a fast and cost-effective solution in achieving 100% attack success rate that significantly outperforms adversarial attacks on ML models, thereby improving applicability and depth in testing ML-based detection systems.

Abstract: The present disclosure describes systems and methods for hardware-assisted malware detection. One such system comprises a memory; and a hardware processor of a computing device operatively coupled to the memory. The hardware processor is configured to execute a software application suspected of being malware; monitor behavior of the software application at run-time; and acquire an input time sequence of data records based on a trace analysis of the software application, wherein the input time sequence comprises a plurality of features of the software application. The hardware processor is further configured to classify the software application as being a malicious software application based on the plurality of features of the software application; and output a ranking of a subset plurality of features by their respective contributions towards the classification of the software application as being malicious software.

Abstract: Various examples are provided related to software and hardware architectures that enable lightweight and real-time Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attack detection. In one example, among others, a method for detection and localization of denial-of-service (DoS) attacks includes detecting, by a router of an intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a compromised packet stream based at least in part upon a packet arrival curve (PAC) associated with the router; identifying, by the IP core, a candidate IP core in the NoC as a potential attacker based at least in part upon a destination packet latency curve (DLC) associated with the IP core; and transmitting, by the router, a notification message indicating that the candidate IP core is the potential attacker to a router of the candidate IP core.

Abstract: The present disclosure describes systems and methods for test pattern generation to detect a hardware Trojan using delay-based analysis. One such method comprises determining a set of initial test patterns to activate the hardware Trojan within an integrated circuit design; and generating a set of succeeding test patterns to activate the hardware Trojan within the integrated circuit design using a reinforcement learning model. The set of initial test patterns can be applied as an input to the reinforcement learning model. Further, the reinforcement learning model can be trained with a stochastic learning scheme to increase a probability of triggering one or more rare nodes in the integrated circuit design and identify optimal test vectors to maximize delay-based side-channel sensitivity when the hardware Trojan is activated in the integrated circuit design. Other methods and systems are also provided.

Abstract: Various examples are provided related to software and hardware architectures that enable lightweight and trust-aware routing. In one example, among others, a method for trust-aware routing includes calculating trust values to represent how much a node can be trusted to route packets through its router. Each node can store the trust values of routers that are one hop and two hops away from it, which represent direct trust and delegated trust, respectively. When a router receives a packet, the router can update trust values and forward the packet to the next hop.

Abstract: Various embodiments provide methods, apparatuses, computer program products, systems, and/or the like for an efficient framework that enables explainability machine learning for various machine learning-based tasks. In various embodiments, the framework for explainable ML is configured for acceleration and efficient computing using hardware accelerators. To provide acceleration of explainable ML, various embodiments exploit synergies between convolution operations for data objects (e.g., matrix, images, tensors, arrays) and Fourier transform operations, and various embodiments apply these synergies in hardware accelerators configured to perform such operations. Accordingly, various embodiments of the present disclosure may be applied in order to provide real-time or near real-time outcome interpretation in various machine learning-based tasks. Extensive experimental evaluations demonstrate that various embodiments described herein can provide drastic improvement in interpretation time (e.g.

Abstract: The present disclosure presents systems and methods of secure communication by a system-on-chip. One such method comprises receiving, by a sender of a network-on-chip component of the system-on-chip, a message sequence; transforming, by the sender of the network-on-chip component of the system-on-chip, the message sequence into a pseudo-message sequence with an all-or-nothing transform; performing key-less encryption, by the sender of the network-on-chip component of the system-on-chip, of the pseudo-message sequence to obtain a ciphertext message sequence using a chaffing and winnowing scheme; and transmitting, by the sender of the network-on-chip component of the system-on-chip, the ciphertext message sequence to a receiver of the network-on-chip component of the system-on-chip.

Abstract: Various embodiments of the present disclosure provide systems, methods, and computer program products for detecting unauthorized memory access cyberattacks, such as Spectre and Meltdown, which are intended to maliciously reveal information stored in concealed or restricted memory of a targeted device.

Abstract: The present disclosure presents an exemplary tier-based reconfigurable security architecture that can adapt to different use-case scenarios by selecting security tiers and configure parameters in each security tier based on system requirements. An exemplary system comprises a security agent that is configured to monitor system characteristics of embedded components on a system-on-chip and communicate a status of the system characteristics to a reconfigurable service engine integrated on the system-on-chip, such that the reconfigurable service engine is configured to activate one of a plurality of tiers of security based at least upon the status of the system characteristics communicated.

Abstract: The present disclosure describes various embodiments of systems, apparatuses, and methods for detecting a Trojan inserted integrated circuit design using delay-based side channel analysis. In one such embodiment, an automated test generation algorithm produces test patterns that are likely to activate trigger conditions and change critical paths of an integrated circuit design.

Abstract: An exemplary method of detecting a Trojan circuit in an integrated circuit is related to applying a test pattern comprising an initial test pattern followed by a corresponding succeeding test pattern to a golden design of the integrated circuit, wherein a change in the test pattern increases side-channel sensitivity; measuring a side-channel parameter in the golden design of the integrated circuit after application of the test pattern; applying the test pattern to a design of the integrated circuit under test; measuring the side-channel parameter in the design of the integrated circuit under test after application of the test pattern; and determining a Trojan circuit to be present in the integrated circuit under test when the measured side-channel parameters vary by a threshold.

Abstract: An exemplary method for generating a test vector to activate a Trojan triggering condition includes the operations of obtaining a design graph representation of an electronic circuit; constructing a satisfiability graph from the design graph representation, wherein the satisfiability graph includes a set of vertices representing rare signals of the electronic circuit and satisfiability connections between the vertices; finding a plurality of maximal satisfiable cliques in the satisfiability graph, wherein a maximal satisfiable clique corresponds to a triggering condition for a payload of the electronic circuit; generating a test vector for each of the maximal satisfiable cliques; and performing a test for the presence of a hardware Trojan circuit in the electronic circuit using the generated test vectors as input signals.

Abstract: Various examples are provided related to software and hardware architectures that enable a lightweight incremental encryption scheme that is implemented on a System-on-chip (SoC) resource such as a network interface. In one example, among others, a method for incremental encryption includes obtaining, by a network interface (NI) of a sender intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a payload for communication to a receiver intellectual property (IP) core; identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core; and encrypting, by the NI, the one or more different blocks to create encrypted blocks of an encrypted payload.

Abstract: The present disclosure provides systems and methods for test pattern generation to detect a hardware Trojan. One such method includes determining, by a computing device, a set of initial test patterns to activate the hardware Trojan within an integrated circuit design; evaluating nodes of the integrated circuit design and assigning a rareness attribute value and a testability attribute value associated with respective nodes of the integrated circuit design; and generating a set of additional test patterns to activate the hardware Trojan within the integrated circuit design using a reinforcement learning model. The set of initial test patterns is applied as an input along with rareness attribute values and testability attribute values associated with the nodes of the integrated circuit, and the reinforcement learning model is trained with a stochastic learning scheme to identify optimal test patterns for triggering nodes of the integrated circuit design.

Abstract: The present disclosure describes digital watermark detection systems and methods. In one such system, a plurality of intellectual property cores are integrated on a system-on-chip, such that the intellectual property cores comprise a first intellectual property core and a second intellectual property core. The system further includes a first network interface connected to the first intellectual property core that can encode a first digital watermark into a packet stream designated for the second intellectual property core. The system further includes a second network interface connected to the second intellectual property core that can receive the packet stream and decode the packet stream to generate a second digital watermark. The second network interface is further configured to perform a validation test on the packet stream and deliver the packet stream to the second intellectual property core when the first digital watermark is determined to match the second digital watermark.

Abstract: The present disclosure describes systems and methods for hardware-assisted malware detection. One such system comprises a memory; and a hardware processor of a computing device operatively coupled to the memory. The hardware processor is configured to execute a software application suspected of being malware; monitor behavior of the software application at run-time; and acquire an input time sequence of data records based on a trace analysis of the software application, wherein the input time sequence comprises a plurality of features of the software application. The hardware processor is further configured to classify the software application as being a malicious software application based on the plurality of features of the software application; and output a ranking of a subset plurality of features by their respective contributions towards the classification of the software application as being malicious software.

Abstract: A method and system for evaluating software tools that detect malicious hardware modifications is provided. In one embodiment, among others, a system comprises a computing device and an application. The application causes the computing device to at least receive hardware description language code that represents a circuit design and calculate a signal probability for one or more nodes in the circuit design. The application also causes the computing device to identify one or more rare nodes in the circuit design and generate a Trojan sample population. The application further causes the computing device to generate a feasible Trojan population and generate a Trojan test instance based at least in part on a random selection from the Trojan feasible population. Additionally, the application causes the computing device to generate modified hardware description code from the Trojan test instance.

Abstract: The present disclosure describes various embodiments of systems, apparatuses, and methods for detecting a Trojan inserted integrated circuit design using delay-based side channel analysis. In one such embodiment, an automated test generation algorithm produces test patterns that are likely to activate trigger conditions and change critical paths of an integrated circuit design.

Abstract: The present disclosure presents an exemplary tier-based reconfigurable security architecture that can adapt to different use-case scenarios by selecting security tiers and configure parameters in each security tier based on system requirements. An exemplary system comprises a security agent that is configured to monitor system characteristics of embedded components on a system-on-chip and communicate a status of the system characteristics to a reconfigurable service engine integrated on the system-on-chip, such that the reconfigurable service engine is configured to activate one of a plurality of tiers of security based at least upon the status of the system characteristics communicated.

Abstract: Various examples are provided related to software and hardware architectures that enable lightweight encryption and anonymous routing in a network-on-chip (NoC) based system-on-chip (SoC). In one example, among others, method for lightweight encryption and anonymous routing includes identifying, by a source node in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a routing path from the source node to a destination node in the NoC-based SoC architecture, where the routing path comprises the source node, a plurality of intermediate nodes in the NoC-based SoC architecture, and the destination node; generating, by the source node, a plurality of tuples, a number of tuples in the plurality of tuples being based on a threshold; and distributing, by the source node, the plurality of tuples to the plurality of intermediate nodes and the destination node.