IMS: Intelligent Hardware Monitoring System for Secure SoCs
- URL: http://arxiv.org/abs/2601.11447v1
- Date: Fri, 16 Jan 2026 17:10:17 GMT
- Title: IMS: Intelligent Hardware Monitoring System for Secure SoCs
- Authors: Wadid Foudhaili, Aykut Rencber, Anouar Nechi, Rainer Buchty, Mladen Berekovic, Andres Gomez, Saleh Mulhem,
- Abstract summary: This paper presents an intelligent hardware monitoring system (IMS) for real-time detection of AXI protocol violations.<n>For model training, we perform DoS attacks through header-field manipulation and systematic malicious operations.<n>We then deploy a quantization-optimized neural network, achieving 98.7% detection accuracy with =3% latency overhead.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: In the modern Systems-on-Chip (SoC), the Advanced eXtensible Interface (AXI) protocol exhibits security vulnerabilities, enabling partial or complete denial-of-service (DoS) through protocol-violation attacks. The recent countermeasures lack a dedicated real-time protocol semantic analysis and evade protocol compliance checks. This paper tackles this AXI vulnerability issue and presents an intelligent hardware monitoring system (IMS) for real-time detection of AXI protocol violations. IMS is a hardware module leveraging neural networks to achieve high detection accuracy. For model training, we perform DoS attacks through header-field manipulation and systematic malicious operations, while recording AXI transactions to build a training dataset. We then deploy a quantization-optimized neural network, achieving 98.7% detection accuracy with <=3% latency overhead, and throughput of >2.5 million inferences/s. We subsequently integrate this IMS into a RISC-V SoC as a memory-mapped IP core to monitor its AXI bus. For demonstration and initial assessment for later ASIC integration, we implemented this IMS on an AMD Zynq UltraScale+ MPSoC ZCU104 board, showing an overall small hardware footprint (9.04% look-up-tables (LUTs), 0.23% DSP slices, and 0.70% flip-flops) and negligible impact on the overall design's achievable frequency. This demonstrates the feasibility of lightweight, security monitoring for resource-constrained edge environments.
Related papers
- A Protocol-Aware P4 Pipeline for MQTT Security and Anomaly Mitigation in Edge IoT Systems [0.8481798330936976]
Cloud-based intrusion detection systems add latency that is unsuitable for real-time control.<n>We propose a data-plane enforcement scheme for protocol-aware security and anomaly detection at the network edge.<n>Experiments on a Mininet/BMv2 testbed demonstrate high policy enforcement accuracy (99.8%, within 95% CI), strong anomaly detection sensitivity (98% true-positive rate), and high delivery >99.9% for 100-second-5kpps.
arXiv Detail & Related papers (2026-01-12T13:38:59Z) - RockNet: Distributed Learning on Ultra-Low-Power Devices [49.01692357536576]
This paper presents RockNet, a new TinyML method tailored for ultra-low-power hardware.<n>By leveraging that CPS consist of multiple devices, we design a distributed learning method that integrates Machine Learning and wireless communication.<n>Our results show that a tight integration of distributed ML, distributed computing, and communication enables, for the first time, training on ultra-low-power hardware with state-of-the-art accuracy.
arXiv Detail & Related papers (2025-10-15T09:09:30Z) - New Machine Learning Approaches for Intrusion Detection in ADS-B [0.0]
Air traffic management relies on the vulnerable Automatic Dependent Surveillance-Broadcast (ADS-B) protocol.<n>This study investigates emerging machine learning models and training strategies to improve AI-based intrusion detection systems (IDS) for ADS-B.
arXiv Detail & Related papers (2025-10-09T15:22:20Z) - CANDoSA: A Hardware Performance Counter-Based Intrusion Detection System for DoS Attacks on Automotive CAN bus [45.24207460381396]
This paper presents a novel Intrusion Detection System (IDS) designed for the Controller Area Network (CAN) environment.<n>A RISC-V-based CAN receiver is simulated using the gem5 simulator, processing CAN frame payloads with AES-128 encryption as FreeRTOS tasks.<n>Results indicate that this approach could significantly improve CAN security and address emerging challenges in automotive cybersecurity.
arXiv Detail & Related papers (2025-07-19T20:09:52Z) - CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
arXiv Detail & Related papers (2025-05-14T13:37:07Z) - Efficient Denial of Service Attack Detection in IoT using Kolmogorov-Arnold Networks [22.036794530902608]
This paper introduces a novel lightweight approach to DoS attack detection based on Kolmogorov-Arnold Networks (KANs)<n>KAN achieves state-of-the-art detection performance while maintaining minimal resource requirements.<n>Compared to existing solutions, KAN reduces memory requirements by up to 98% while maintaining competitive detection rates.
arXiv Detail & Related papers (2025-02-03T21:19:46Z) - iCNN-LSTM: A batch-based incremental ransomware detection system using Sysmon [1.495391051525033]
This study presents a novel detection system that integrates Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks.<n>By leveraging Sysmon logs, the system enables real-time analysis on Windows-based endpoints.
arXiv Detail & Related papers (2025-01-02T05:57:41Z) - SISSA: Real-time Monitoring of Hardware Functional Safety and
Cybersecurity with In-vehicle SOME/IP Ethernet Traffic [49.549771439609046]
We propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security.
Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication.
Extensive experimental results show the effectiveness and efficiency of SISSA.
arXiv Detail & Related papers (2024-02-21T03:31:40Z) - A Lightweight Multi-Attack CAN Intrusion Detection System on Hybrid
FPGAs [13.581341206178525]
Intrusion detection and mitigation approaches have shown promising results in detecting multiple attack vectors in Controller Area Network (CAN)
We present a lightweight multi-attack quantised machine learning model that is deployed using Xilinx's Deep Learning Processing Unit IP on a Zynq Ultrascale+ (XCZU3EG) FPGA.
The model detects denial of service and fuzzing attacks with an accuracy of above 99 % and a false positive rate of 0.07%, which are comparable to the state-of-the-art techniques in the literature.
arXiv Detail & Related papers (2024-01-19T13:39:05Z) - Near-chip Dynamic Vision Filtering for Low-Bandwidth Pedestrian
Detection [99.94079901071163]
This paper presents a novel end-to-end system for pedestrian detection using Dynamic Vision Sensors (DVSs)
We target applications where multiple sensors transmit data to a local processing unit, which executes a detection algorithm.
Our detector is able to perform a detection every 450 ms, with an overall testing F1 score of 83%.
arXiv Detail & Related papers (2020-04-03T17:36:26Z) - Taurus: A Data Plane Architecture for Per-Packet ML [59.1343317736213]
We present the design and implementation of Taurus, a data plane for line-rate inference.
Our evaluation of a Taurus switch ASIC shows that Taurus operates orders of magnitude faster than a server-based control plane.
arXiv Detail & Related papers (2020-02-12T09:18:36Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.