Detecting DoS attacks on Network-on-Chip using Neural Networks
After getting an overview of the threats the NoCs face both in hardware and software from Secure Network-on-Chip Architectures for MPSoC: Overview and Challenges Blog we will take a look at a proposed architecture to add security to detect those security risks in NoCs using neural network or Artificial Intelligence.
Modern computing systems are comprised of many computational cores so they use Networks-on-Chip (NoC) communication paradigm as communication between these cores is essential to ensure high performance, scalability and overcome physical area constraints. However, NoCs are vulnerable to attacks such as hardware Trojans, hijacking, extraction of secret information and Denial of Service (DoS), these security risks need to be detected and mitigated in order to ensure trusted functionality. Artificial Neural Networks (ANNs) and Spiking Neural Networks (SNNs) in particular have the ability to recognize spatial and temporal patterns in data.
This Blog investigates the development of scalable SNN-based hardware to detect Denial of Service (DoS) attacks in NoC-based systems. The key challenge is to achieve this malicious attack detection without impacting on the NoC throughput/traffic communication performance, and within a small hardware area/power budget compared to the overall NoC.
Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) are initiated by flooding the system with data requests and false data, in turn this prevents legitimate data flow and ultimately causes termination of service or a noticeable reduction in overall system performance. An abnormal pattern of data requests or more requests than normal within a certain time period can be classified as a potential attack. These attacks are carefully timed to interrupt wireless sensor readings which are sent periodically from a sensor device; this will ultimately reduce system accuracy or failure to operate correctly.
A significant DDoS attack was performed on Dyn web services in 2016 utilizing multiple hosts which generate DoS attack activity focused on a common target. This resulted in significant server down-time and many large online companies were affected including Netflix, Twitter, and Reddit, etc. This type of attack is a growing concern for IoT companies as IoT devices are expected to exceed 20 Billion by 2021.
Another DoS attack scenario is realized by implementing a Hardware Trojan (HT) to create a Trojan Activated Sequential Payload (TASP) .Where HT discretely performs packet inspection on links in the NoC to identify a target. The retransmission of ‘undelivered’ or ‘corrupted’ messages consumes the network and reduces bandwidth. Another example could be where a focused bandwidth denial attack is implemented in by creating a ‘Rogue’ NoC (rNoC) and inserting this into the chip at an appropriate stage of development.
So basically, DoS attack will present a different temporal and spatial behavior pattern than regular or routine data across a two-dimensional NoC structure. These suspicious patterns will firstly have to be detected in order to mitigate potential threats.
Spiking Neural Networks (SNNs) is a type of Artificial Neural Networks (ANNs), and have the ability to recognise spatial and temporal patterns by analysis of event data through networks of synapses/neurons. In essence, event data known as spikes are aggregated through several synapses and accumulated by a neuron. When the accumulated value of the neuron exceeds a threshold, it causes the neuron to output a spike event or fire to next neuron. This process enables temporal events or particular patterns of pulses to be detected by groups of neurons. Synapses are dynamic in nature, and this effect acts as a filter on the input vector; potentially resulting in a change in output signal.
The synapses read the pulses of digital data (temporal patterns) being exchanged across channels between adjacent routers of the NoC. They will be trained under supervised learning based model with binary classification output (abnormal or normal). The SNN can be trained to detect both spatial (e.g. across the 2D array of NoC routers) and temporal patterns (a serial exchange between two routers). A request to- send (RTS) signal has to be sent from the sending router across a channel, to the receiving router in order to check if the router is available to receive data; if there are many RTS in a certain time period that can be classified as an attack .The output can later be taken as a feedback to the higher level system to act upon.
The proposed architecture uses a video playing Multi-Media System (MMS) as a single application system which is based on a 4x4 grid of interconnected cores was selected due to its representation of typical computing tasks. The architecture has 36 input neurons taking inputs from the routers. The input neurons are then connected to a hidden input layer for interpretation and ultimately two output neurons. These output neurons will fire depending on whether the SNN has classified the input patterns as Normal or Abnormal.
Thus, this was the novel approach to detecting attacks in NoC has been presented using spiking neural networks. Results from experiments show that after an initial learning phase, the SNN can detect most of the DoS attack variations. These experiments have resulted in 86% detection accuracy on unseen attacks evaluated on various parameters. Results demonstrate that the start time of attacks is not a key parameter i.e. an attack can be detected regardless of when they begin within the lifetime of the execution of an application. The temporal duration has the most significance, as the longer the length of the attack, the greater the likelihood of detection of an attack. Attacks down to approximately 30% duration of the total data exchange times can be detected for the proposed model which can be improved. Future work aims to explore other types of attacks on NoCs and try to provide real time analysis of any DoS attack on the MPSoCs.
Till then Stay safe, Stay connected and be aware !
