Multi-Modal Side Channel Data Driven Golden-Free Detection of Software and Firmware Trojans

Prashanth Krishnamurthy, Virinchi Roy Surabhi, Hammond Pearce, Ramesh Karri, Farshad Khorrami

Research output: Contribution to journalArticlepeer-review

Abstract

This study explores data-driven detection of firmware/software Trojans in embedded systems without golden models. We consider embedded systems such as single board computers and industrial controllers. While prior literature considers side channel based anomaly detection, this study addresses the following central question: is anomaly detection feasible when using low-fidelity simulated data without using data from a known-good (golden) system? To study this question, we use data from a simulator-based proxy as a stand-in for unavailable golden data from a known-good system. Using data generated from the simulator, one-class classifier machine learning models are applied to detect discrepancies against expected side channel signal patterns and their inter-relationships. Side channels fused for Trojan detection include multi-modal side channel measurement data (such as Hardware Performance Counters, processor load, temperature, and power consumption). Additionally, fuzzing is introduced to increase detectability of Trojans. To experimentally evaluate the approach, we generate low-fidelity data using a simulator implemented with a component-based model and an information bottleneck based on Gaussian stochastic models. We consider example Trojans and show that fuzzing-aided golden-free Trojan detection is feasible using simulated data as a baseline.

Original languageEnglish (US)
Pages (from-to)4664-4677
Number of pages14
JournalIEEE Transactions on Dependable and Secure Computing
Volume20
Issue number6
DOIs
StatePublished - Nov 1 2023

Keywords

  • Anomaly detection
  • embedded system
  • golden-free
  • machine learning
  • trojan detection

ASJC Scopus subject areas

  • General Computer Science
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Multi-Modal Side Channel Data Driven Golden-Free Detection of Software and Firmware Trojans'. Together they form a unique fingerprint.

Cite this