GNS: Graph-based Network-on-Chip Shield for Early Defense Against Malicious Nodes in MPSoC
GNS: Graph-based Network-on-Chip Shield for Early Defense Against Malicious Nodes in MPSoC
In the rapidly evolving landscape of system design, Multi-Processor Systems-on-Chip (MPSoCs) have experienced significant growth in both scale and complexity, by integrating an array of Intellectual Properties (IPs) through Network-on-Chip (NoC) to execute complex parallel applications. However, this advancement has led to the emergence of security attacks caused by Malicious Third-Party IPs (M3PIPs), such as Denial-of-Service (DoS). Many current methods for detecting DoS attacks involve significant hardware overhead and are often inefficient in identifying anomalies at an early stage. Addressing this gap, we propose the Graph-based NoC Shield (GNS), a robust strategy meticulously crafted to detect, localize, and isolate malicious IPs at the very early stage of DoS appearance. Central to our approach is the use of a Graph Neural Network (GNN) and Long Short-Term Memory (LSTM) detection model. This combination capitalizes on network traffic data and routing dependency graphs to efficiently trace the source of network congestion and pinpoint attackers. Our extensive experimental analysis validates the effectiveness of the GNS framework, demonstrating a 98% detection accuracy and localization capabilities, achieved with minimal hardware overhead of 1.8% in each router, based on a pure 4∗4 Mesh NoC system. The detection performance exceeds that of all other state-of-the-art works and most straightforward single machine learning inference models within the same context. Additionally, the hardware overhead is notably superior compared to other security schemes. Another key feature of our system is the implementation of a credit interposing mechanism. It was specifically designed to isolate M3PIPs engaging in Flooding-based DoS and effectively mitigate the spread of malicious traffic. This approach significantly enhances the security of NoC-based MPSoCs, offering early-stage detection with the superior accuracy compared to other models. Crucially, the GNS achieves this with up to 75% less hardware overhead than state-of-the-art solutions, thus striking a balance between efficiency and effectiveness in security implementation.
hardware security, LSTM, NoC, GNN, MPSoC, machine learning
483-494
Wang, Haoyu
3d04a266-1db2-42a6-9a4d-052c33c43873
Ren, Jianjie
f6667eb7-ee16-49f6-bede-5f805809d6a1
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Atamli, Ahmad
dacf7d9e-9898-4385-bf88-5aec14d76872
5 August 2024
Wang, Haoyu
3d04a266-1db2-42a6-9a4d-052c33c43873
Ren, Jianjie
f6667eb7-ee16-49f6-bede-5f805809d6a1
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Atamli, Ahmad
dacf7d9e-9898-4385-bf88-5aec14d76872
Wang, Haoyu, Ren, Jianjie, Halak, Basel and Atamli, Ahmad
(2024)
GNS: Graph-based Network-on-Chip Shield for Early Defense Against Malicious Nodes in MPSoC.
IEEE Journal on Emerging and Selected Topics in Circuits and Systems, 14 (3), .
(doi:10.1109/jetcas.2024.3438435).
Abstract
In the rapidly evolving landscape of system design, Multi-Processor Systems-on-Chip (MPSoCs) have experienced significant growth in both scale and complexity, by integrating an array of Intellectual Properties (IPs) through Network-on-Chip (NoC) to execute complex parallel applications. However, this advancement has led to the emergence of security attacks caused by Malicious Third-Party IPs (M3PIPs), such as Denial-of-Service (DoS). Many current methods for detecting DoS attacks involve significant hardware overhead and are often inefficient in identifying anomalies at an early stage. Addressing this gap, we propose the Graph-based NoC Shield (GNS), a robust strategy meticulously crafted to detect, localize, and isolate malicious IPs at the very early stage of DoS appearance. Central to our approach is the use of a Graph Neural Network (GNN) and Long Short-Term Memory (LSTM) detection model. This combination capitalizes on network traffic data and routing dependency graphs to efficiently trace the source of network congestion and pinpoint attackers. Our extensive experimental analysis validates the effectiveness of the GNS framework, demonstrating a 98% detection accuracy and localization capabilities, achieved with minimal hardware overhead of 1.8% in each router, based on a pure 4∗4 Mesh NoC system. The detection performance exceeds that of all other state-of-the-art works and most straightforward single machine learning inference models within the same context. Additionally, the hardware overhead is notably superior compared to other security schemes. Another key feature of our system is the implementation of a credit interposing mechanism. It was specifically designed to isolate M3PIPs engaging in Flooding-based DoS and effectively mitigate the spread of malicious traffic. This approach significantly enhances the security of NoC-based MPSoCs, offering early-stage detection with the superior accuracy compared to other models. Crucially, the GNS achieves this with up to 75% less hardware overhead than state-of-the-art solutions, thus striking a balance between efficiency and effectiveness in security implementation.
Text
jetcas_gns_revision2
- Accepted Manuscript
Restricted to Repository staff only until 31 July 2026.
Request a copy
More information
Accepted/In Press date: 31 July 2024
Published date: 5 August 2024
Keywords:
hardware security, LSTM, NoC, GNN, MPSoC, machine learning
Identifiers
Local EPrints ID: 493607
URI: http://eprints.soton.ac.uk/id/eprint/493607
PURE UUID: c3a08ce9-9a50-4225-86ce-5d88b5efe170
Catalogue record
Date deposited: 22 Jan 2025 17:43
Last modified: 23 Jan 2025 02:44
Export record
Altmetrics
Contributors
Author:
Haoyu Wang
Author:
Jianjie Ren
Author:
Basel Halak
Author:
Ahmad Atamli
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics