The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Anti-AdvTamp: exposing adversarial evasive tampering attacks in Network-on-Chips with a multi-scale attribute fusion detection

Anti-AdvTamp: exposing adversarial evasive tampering attacks in Network-on-Chips with a multi-scale attribute fusion detection
Anti-AdvTamp: exposing adversarial evasive tampering attacks in Network-on-Chips with a multi-scale attribute fusion detection
Network-on-chip (NOC) architectures are increasingly becoming a widely adopted system-on-chip (SoC) architecture due to their scalable and modular communication structure, which matches the requirements of modern multiprocessor system-on-chip (MPSoC) and deep learning (DL) accelerator architectures, yet they are vulnerable to routing tampering attacks (e.g., traffic diversion) that induce Denial-of-Service (DoS). Therefore, machine learning (ML) have been increasingly applied to tampering detection in NoC; however, existing ML-based detectors struggle to cope with more covert adversarial tampering attacks. To address this challenge, this paper proposes SEAA, a symmetry-exploiting framework to construct two adversarial tampering attack models (AdvTamp1 and AdvTamp2), and evaluates their impact on ML-based detection. Furthermore, this research proposes a novel ML detection framework based on multi-scale attribute fusion, which integrates coarse-grained and fine-grained NoC performance metrics to improve detection accuracy. Experiments under PARSEC and synthetic Traffic Pattern benchmarks on various NoC topologies show that traditional ML models achieve detection accuracies of only 57.4% and 49.4% under AdvTamp1 and AdvTamp2 attacks, respectively. In contrast, our proposed multi-scale attribute fusion method significantly improves detection performance, achieving accuracies of 96.19% and 98% under AdvTamp1 and AdvTamp2 , respectively. These results demonstrate the effectiveness of the proposed method in improving detection under adversarial tampering and highlight its potential for enhancing the security of NoC.
Hu, Shengkai
c98a5142-7600-46d5-a111-7d775e055249
Kang, Boojoong
cfccdccd-f57f-448e-9f3c-1c51134c48dd
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Hu, Shengkai
c98a5142-7600-46d5-a111-7d775e055249
Kang, Boojoong
cfccdccd-f57f-448e-9f3c-1c51134c48dd
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33

Hu, Shengkai, Kang, Boojoong and Halak, Basel (2026) Anti-AdvTamp: exposing adversarial evasive tampering attacks in Network-on-Chips with a multi-scale attribute fusion detection. ISEDA 2026: International Syposium of EDA, Singapore. 08 - 10 May 2026. 7 pp .

Record type: Conference or Workshop Item (Paper)

Abstract

Network-on-chip (NOC) architectures are increasingly becoming a widely adopted system-on-chip (SoC) architecture due to their scalable and modular communication structure, which matches the requirements of modern multiprocessor system-on-chip (MPSoC) and deep learning (DL) accelerator architectures, yet they are vulnerable to routing tampering attacks (e.g., traffic diversion) that induce Denial-of-Service (DoS). Therefore, machine learning (ML) have been increasingly applied to tampering detection in NoC; however, existing ML-based detectors struggle to cope with more covert adversarial tampering attacks. To address this challenge, this paper proposes SEAA, a symmetry-exploiting framework to construct two adversarial tampering attack models (AdvTamp1 and AdvTamp2), and evaluates their impact on ML-based detection. Furthermore, this research proposes a novel ML detection framework based on multi-scale attribute fusion, which integrates coarse-grained and fine-grained NoC performance metrics to improve detection accuracy. Experiments under PARSEC and synthetic Traffic Pattern benchmarks on various NoC topologies show that traditional ML models achieve detection accuracies of only 57.4% and 49.4% under AdvTamp1 and AdvTamp2 attacks, respectively. In contrast, our proposed multi-scale attribute fusion method significantly improves detection performance, achieving accuracies of 96.19% and 98% under AdvTamp1 and AdvTamp2 , respectively. These results demonstrate the effectiveness of the proposed method in improving detection under adversarial tampering and highlight its potential for enhancing the security of NoC.

Text
new_ISEDA2026 (7) - Accepted Manuscript
Available under License Creative Commons Attribution.
Download (3MB)

More information

Accepted/In Press date: 2026
Published date: 8 May 2026
Venue - Dates: ISEDA 2026: International Syposium of EDA, Singapore, 2026-05-08 - 2026-05-10
Learn more about the School of Electronics and Computer Science Learn more about the Cyber Security

Identifiers

Local EPrints ID: 511613
URI: http://eprints.soton.ac.uk/id/eprint/511613
PURE UUID: c3c58751-ac8b-4350-9258-6a0c80d643e1
ORCID for Boojoong Kang: ORCID iD orcid.org/0000-0001-5984-9867
ORCID for Basel Halak: ORCID iD orcid.org/0000-0003-3470-7226

Catalogue record

Date deposited: 26 May 2026 16:31
Last modified: 27 May 2026 02:01

Export record

Contributors

Author: Shengkai Hu
Author: Boojoong Kang ORCID iD
Author: Basel Halak ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×