Professional Documents
Culture Documents
Network-on-Chip Architectures
Chamika Sudusinghe‡ , Subodha Charles‡ and Prabhat Mishra∗
‡ University of Moratuwa, Colombo, Sri Lanka
∗ University of Florida, Gainesville, Florida, USA
ABSTRACT and iii) the complexity of NoC design allows Trojans to hide without
State-of-the-art System-on-Chip (SoC) designs consist of many In- being detected. These vulnerabilities have motivated both industry
tellectual Property (IP) cores that interact using a Network-on-Chip and academic researchers to develop countermeasures to secure NoC-
(NoC) architecture. SoC designers increasingly rely on global supply based SoCs. There are a wide variety of threats from MIPs such as
chains for obtaining third-party IPs. In addition to inherent vulner- eavesdropping attacks [6, 9], data integrity attacks [8], denial-of-
abilities associated with utilizing third-party IPs, NoC based SoCs service (DoS) attacks [5], etc. In this paper, we focus on securing the
enable attackers to exploit the distributed nature of NoC and its con- SoC from DoS attacks. The primary objective of a DoS attack is to
nectivity with various IPs to launch a plethora of attacks. Specifically, prevent legitimate users from accessing services and information. In
Denial-of-Service (DoS) attacks pose a serious threat in degrading the the context of NoC, MIPs sending unnecessary requests to IPs can
SoC performance by flooding the NoC with unnecessary packets. In delay legitimate requests leading to delay of service (e.g., deadline
this paper, we present a machine learning-based runtime monitoring violations in real-time systems) or denial of service (e.g., temporary
mechanism to detect DoS attacks. The models are statically trained or permanent service failure). Such “flooding” type of DoS attacks can
and used for runtime attack detection leading to minimum runtime also cause congestion in the network, further degrading performance
performance overhead. Our approach is capable of detecting DoS and energy efficiency [5, 7].
attacks with high accuracy, even in the presence of unpredictable Previous work on mitigating flooding type of DoS attacks explored
NoC traffic patterns caused by various application mappings. We traffic latency comparison [15] and packet arrival monitoring [5, 7].
extensively explore machine learning models and features to provide These approaches made an unrealistic assumption, highly predictable
a comprehensive study on how to use machine learning for DoS NoC traffic patterns, which allowed the construction of linear statis-
attack detection in NoC-based SoCs. tical bounds to detect DoS attacks. Unfortunately, this assumption
does not hold during many realistic scenarios that include task mi-
1 INTRODUCTION gration, task preemption, changing application characteristics due to
major input variations, etc. As a potential solution to address such
Network-on-chip (NoC) is widely used for on-chip communication in runtime variations, in this paper, we explore the feasibility of using
modern system-on-chips (SoC). NoC has allowed computer architects machine learning (ML) for DoS attack detection. While ML has shown
to fully utilize the computational power in an SoC by facilitating low- promising results for optimizing NoC power consumption [20], to the
latency and high-throughput communication between intellectual best of our knowledge, our approach is the first attempt at securing
property (IP) cores in a many-core SoC. As a result, NoC has become NoC-based SoCs from DoS attacks using machine learning. Major
a critical component in state-of-the-art SoC designs [16, 17, 19]. With contributions of this paper are as follows:
the increased complexity of SoCs, manufacturers have favored IP li-
censing and outsourcing where only a subset of IPs are manufactured • We propose an ML-based DoS attack detection method that
in-house and the rest is sourced from third-party vendors. There trains ML models during design time and uses the trained
are multiple avenues to introduce malicious implants (e.g., hardware models to classify network traffic behavior as normal or attack
Trojans) in designs during the long supply chain, such as by an un- during runtime, to detect flooding type of DoS attacks.
trusted CAD tool, a rouge designer or at the foundry via reverse • We outline features that can be extracted from NoC traffic as
engineering [10, 17]. well as engineered features, and experimentally evaluate the
The NoC is at an elevated risk of being vulnerable to hardware most suitable features.
attacks due to several reasons: i) NoC interconnects IPs manufactured • We perform a comprehensive exploration of 12 different ML
in house and/or sourced from trusted vendors (secure IPs) together models to select the best fit for the given architecture and
with IPs from potentially untrusted vendors (non-secure IPs) allowing threat models.
Trojan-infected malicious IPs (MIPs) to utilize NoC to launch attacks, • Our approach achieves high accuracy in DoS attack detec-
ii) the distributed nature of NoC makes it easier to replicate an attack, tion across different NoC traffic patterns caused by various
application mappings.
This work was partially supported by National Science Foundation grant SaTC-1936040. • Our approach can detect DoS attacks in real-time with detec-
tion times comparable to previous work [5, 7] without requir-
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed ing highly predictable traffic patterns.
for profit or commercial advantage and that copies bear this notice and the full citation
on the first page. Copyrights for components of this work owned by others than ACM
must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, 2 THREAT MODEL AND RELATED WORK
to post on servers or to redistribute to lists, requires prior specific permission and/or a
fee. Request permissions from permissions@acm.org. 2.1 Threat Model
NOCS ’21, October 14–15, 2021, Virtual Event, USA Figure 1 shows the architecture model considered in this paper that
© 2021 Association for Computing Machinery.
ACM ISBN 978-1-4503-9083-5/21/10. . . $15.00 includes a 4 × 4 mesh NoC connecting 16 IP cores. When a mem-
https://doi.org/10.1145/3479876.3481589 ory request (e.g., memory LOAD or STORE instruction) is initiated
by a core during application execution, in case of a cache miss, a security countermeasures developed by the industry. Shekhawat
memory request is injected into the NoC in the form of NoC packets. et al. [18] showed that XGBoost, an algorithm based on gradient
Typically, the packets are further broken down into smaller units boosting, can classify encrypted traffic as malicious or benign with
called flits to facilitate flow control mechanisms. The flits are routed an accuracy of 99.15%. To the best of our knowledge, there are no
in the appropriate virtual network (vnet) that matches the cache prior efforts that use ML to secure NoC-based SoCs from DoS attacks.
coherence request type via routers and links. When the flits arrive
at the memory controller, the memory fetch is initiated. Once the 3 ML-BASED DOS ATTACK DETECTION
operation is completed, the response is routed back to the requestor. As a means of achieving high accuracy in detecting DoS attacks in
DoS attacks can happen from MIPs intentionally degrading SoC the presence of runtime variations of NoC traffic, we explore the
performance by flooding the NoC with packets. MIPs can target a feasibility of using ML for DoS attack detection. An overview of
component that is critical to SoC performance, such as a memory our approach is shown in Figure 2. During design time, NoC traffic
controller that provides the interface to off-chip memory, and in- is statically analyzed to gather the dataset that is used to train the
ject unnecessary requests [7]. As a result, the legitimate requests ML models. Both normal and attack scenarios are emulated during
can experience severe delays. Figure 1 shows a MIP at node 1 that this phase using a few known application mappings. The trained
targets its victim at node 7 and injects additional packets. The traf- models are stored in a dedicated IP denoted as the Security Engine
fic rate in routers along the routing path is increased causing NoC (SE). During runtime, NoC traffic data is gathered at each router using
congestion, which leads to performance degradation and reduced probes attached to routers and the collected data is sent to the SE
energy efficiency. Since the victim receives a lot more requests than using a separate physical Service NoC. The models at the SE use data
it is designed to handle, responses are delayed and that can lead collected within a predefined time window to make inferences about
to violation of task deadlines. Violation of real-time requirements the condition of the NoC. In Section 4, we show that our method is
can be catastrophic for safety-critical applications. A similar threat capable of classifying data as normal or attack, irrespective of the
model was also used by previous work that explored DoS attacks in locations of cores running the applications (active cores) and the
NoC-based SoCs [5, 7, 15]. locations of MIP(s).
5 CONCLUSION
In this paper, we introduced a machine learning based DoS attack
Figure 6: Results for attack scenario for IID 2 and test N-0-15- detection mechanism for NoC-based SoCs. We consider a widely
A-12 (𝜏 𝑗 = 1000). explored threat model where a malicious IP floods the NoC with a
large number of packets causing deadline violations, performance
degradation or reduced energy efficiency. Unlike existing DoS at-
tack detection methods that rely on highly predictable NoC traffic
patterns and specific use cases, our approach is capable of detect-
ing DoS attacks with high accuracy in real-time, in the presence of
unpredictable NoC traffic patterns caused by diverse applications
with input variations and application mappings. Experimental results
demonstrated that non-linear models, such as gradient boosting, pro-
duce the best results for the given architecture and threat models.
Our observations reveal that the key to achieving high accuracy is
Figure 7: Normal scenario IID 2 and test N-0-15 (𝜏 𝑗 = 1000). to carefully craft features out of the data extracted from NoC traffic.
Our approach is capable of detecting DoS attacks with high accuracy
in a wide variety of scenarios.
even when tested with MIP locations which the model was not trained
on. Since a decision is made at the end of each time window, the time REFERENCES
taken to detect an attack is 𝜏 𝑗 , which is experimentally set to 1000 [1] N. Agarwal et al. 2009. GARNET: A detailed on-chip network model inside a
cycles (1 𝜇s). Attack detection times of previous work that addressed full-system simulator. In ISPASS. 33–42.
[2] N. Binkert et al. 2011. The Gem5 Simulator. SIGARCH Comput. Archit. News 39, 2
DoS attack detection in real-time systems fall in the same range (3-8 (2011), 1–7.
𝜇s) [5, 7]. [3] T. Boraten et al. 2016. Secure model checkers for Network-on-Chip (NoC) architec-
tures. In GLSVLSI. 45–50.
[4] S. Charles et al. 2018. Exploration of Memory and Cluster Modes in Directory-Based
Many-Core CMPs. In International Symposium on Networks-on-Chip (NOCS).
[5] S. Charles et al. 2019. Real-time Detection and Localization of DoS Attacks in NoC
based SoCs. In Design Automation and Test in Europe (DATE). 1160–1165.
[6] S. Charles et al. 2020. Lightweight Anonymous Routing in NoC based SoCs. In
Design Automation and Test in Europe (DATE). 334–337.
[7] S. Charles et al. 2020. Real-time Detection and Localization of Distributed DoS
Attacks in NoC based SoCs. IEEE Transactions on CAD (TCAD) 39(12) (2020).
[8] S. Charles and P. Mishra. 2020. Lightweight and trust-aware routing in NoC-based
SoCs. In IEEE Annual Symposium on VLSI (ISVLSI). 160–167.
[9] S. Charles and P. Mishra. 2020. Securing network-on-chip using incremental
cryptography. In IEEE Annual Symposium on VLSI (ISVLSI). IEEE, 168–175.
[10] S Charles and P. Mishra. 2021. A Survey of Network-on-Chip Security Attacks and
Countermeasures. ACM Comput. Surv. 54, 5, Article 101 (May 2021).
[11] C. Ciordas et al. 2004. An event-based network-on-chip monitoring service. In
HLDVT. 149–154.
[12] L. Fiorin et al. 2008. A security monitoring service for NoCs. In CODES+ISSS.
197–202.
[13] M. Geller and P. Nair. 2018. 5G Security Innovation with Cisco. Whitepaper Cisco
Public (2018), 1–29.
[14] S. Gupta et al. 2016. Vulnerable network analysis using war driving and security
Figure 8: DoS attack detection accuracy for all tests in Table 2. intelligence. In ICICT, Vol. 3. 1–5.
[15] Rajesh JS et al. 2015. Runtime Detection of a Bandwidth Denial Attack from a
Rogue Network-on-Chip. In NOCS.
Figure 9 shows a comparison of common evaluation metrics used [16] Hyung Gyu Lee et al. 2008. On-chip communication architecture exploration: A
to evaluate ML models. The false positive rate ranges from 2.08% to quantitative evaluation of point-to-point, bus, and network-on-chip approaches.
ACM Trans. on Design Automation of Electronic Sys. (TODAES) 12, 3 (2008), 1–20.
12.51% (on average), and the true negative rate ranges from 89.98% to [17] P. Mishra and S. Charles. 2021. Network-on-Chip Security and Privacy. Springer.
99.35% (on average), for all 3 iterations of test cases. Further, having [18] A. S. Shekhawat. 2018. Analysis of Encrypted Malicious Traffic. (2018).
precision, recall and f1 score in the range of 0.89 or above gives [19] A. Sodani et al. 2016. Knights Landing: Second-Generation Intel Xeon Phi Product.
IEEE Micro 36, 2 (2016), 34–46.
evidence to the high precision of the model. Hence, results show that [20] K. Wang et al. 2019. High-performance, energy-efficient, fault-tolerant network-
our approach is capable of detecting DoS attacks with high accuracy and on-chip design using reinforcement learning. In DATE.
in real time, irrespective of the number or the placement of MIPs and [21] D. Wentzlaff et al. 2007. On-Chip Interconnection Architecture of the Tile Processor.
IEEE Micro 27, 5 (2007), 15–31.
the number of applications running on the SoC. High attack detection [22] S. C. Woo et al. 1995. The SPLASH-2 programs: characterization and methodological
accuracy is achieved not only if active and malicious IP placements considerations. In ISCA. 24–36.
[23] Y. J. Yoon et al. 2013. Virtual Channels and Multiple Physical Networks: Two
match the training configurations, but also in new MIP placements, Alternatives to Improve NoC Performance. TCAD 32 (12) (2013).
which the model has not been trained on.