TY - JOUR
T1 - Multi-Modal Side Channel Data Driven Golden-Free Detection of Software and Firmware Trojans
AU - Krishnamurthy, Prashanth
AU - Surabhi, Virinchi Roy
AU - Pearce, Hammond
AU - Karri, Ramesh
AU - Khorrami, Farshad
N1 - Publisher Copyright:
© 2004-2012 IEEE.
PY - 2023/11/1
Y1 - 2023/11/1
N2 - This study explores data-driven detection of firmware/software Trojans in embedded systems without golden models. We consider embedded systems such as single board computers and industrial controllers. While prior literature considers side channel based anomaly detection, this study addresses the following central question: is anomaly detection feasible when using low-fidelity simulated data without using data from a known-good (golden) system? To study this question, we use data from a simulator-based proxy as a stand-in for unavailable golden data from a known-good system. Using data generated from the simulator, one-class classifier machine learning models are applied to detect discrepancies against expected side channel signal patterns and their inter-relationships. Side channels fused for Trojan detection include multi-modal side channel measurement data (such as Hardware Performance Counters, processor load, temperature, and power consumption). Additionally, fuzzing is introduced to increase detectability of Trojans. To experimentally evaluate the approach, we generate low-fidelity data using a simulator implemented with a component-based model and an information bottleneck based on Gaussian stochastic models. We consider example Trojans and show that fuzzing-aided golden-free Trojan detection is feasible using simulated data as a baseline.
AB - This study explores data-driven detection of firmware/software Trojans in embedded systems without golden models. We consider embedded systems such as single board computers and industrial controllers. While prior literature considers side channel based anomaly detection, this study addresses the following central question: is anomaly detection feasible when using low-fidelity simulated data without using data from a known-good (golden) system? To study this question, we use data from a simulator-based proxy as a stand-in for unavailable golden data from a known-good system. Using data generated from the simulator, one-class classifier machine learning models are applied to detect discrepancies against expected side channel signal patterns and their inter-relationships. Side channels fused for Trojan detection include multi-modal side channel measurement data (such as Hardware Performance Counters, processor load, temperature, and power consumption). Additionally, fuzzing is introduced to increase detectability of Trojans. To experimentally evaluate the approach, we generate low-fidelity data using a simulator implemented with a component-based model and an information bottleneck based on Gaussian stochastic models. We consider example Trojans and show that fuzzing-aided golden-free Trojan detection is feasible using simulated data as a baseline.
KW - Anomaly detection
KW - embedded system
KW - golden-free
KW - machine learning
KW - trojan detection
UR - http://www.scopus.com/inward/record.url?scp=85146251477&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85146251477&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2022.3231632
DO - 10.1109/TDSC.2022.3231632
M3 - Article
AN - SCOPUS:85146251477
SN - 1545-5971
VL - 20
SP - 4664
EP - 4677
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 6
ER -