Real-Time Detection and Localization of Distributed DoS Attacks in NoC-Based SoCs

Network-on-chip (NoC) is widely employed by multicore system-on-chip (SoC) architectures to cater to their communication requirements. Increasing NoC complexity coupled with its widespread usage has made it a focal point of potential security attacks. Distributed denial-of-service (DDoS) is one such attack that is caused by malicious intellectual property (IP) cores flooding the network with unnecessary packets causing significant performance degradation through NoC congestion. In this article, we propose an efficient framework for real-time detection and localization of DDoS attacks. This article makes three important contributions. We propose a real-time and lightweight DDoS attack detection technique for NoC-based SoCs by monitoring packets to detect any violations. Once a potential attack has been flagged, our approach is also capable of localizing the malicious IPs using the latency data in the NoC routers. The applications are statically profiled during design time to determine communication patterns. These patterns are then used for real-time detection and localization of DDoS attacks. We have evaluated the effectiveness of our approach against different NoC topologies and architecture models using both real benchmarks and synthetic traffic patterns. Our experimental results demonstrate that our proposed approach is capable of real-time detection and localization of DDoS attacks originating from multiple malicious IPs in NoC-based SoCs.

[1]  Cristina Silvano,et al.  Security Aspects in Networks-on-Chips: Overview and Proposals for Secure Implementations , 2007, 10th Euromicro Conference on Digital System Design Architectures, Methods and Tools (DSD 2007).

[2]  Sudeep Pasricha,et al.  Lightweight Mitigation of Hardware Trojan Attacks in NoC-based Manycore Computing , 2019, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[3]  Niraj K. Jha,et al.  GARNET: A detailed on-chip network model inside a full-system simulator , 2009, 2009 IEEE International Symposium on Performance Analysis of Systems and Software.

[4]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[5]  S. Kumar,et al.  Smurf-based Distributed Denial of Service (DDoS) Attack Amplification in Internet , 2007, Second International Conference on Internet Monitoring and Protection (ICIMP 2007).

[6]  Zhang Chao-yang DOS Attack Analysis and Study of New Measures to Prevent , 2011, 2011 International Conference on Intelligence Science and Information Engineering.

[7]  Anoop Gupta,et al.  The SPLASH-2 programs: characterization and methodological considerations , 1995, ISCA.

[8]  Cristina Silvano,et al.  Security Aspects in Networks-on-Chips: Overview and Proposals for Secure Implementations , 2007 .

[9]  Ann Gordon-Ross,et al.  Dynamic Cache Reconfiguration for Soft Real-Time Systems , 2012, TECS.

[10]  Di Wu,et al.  A Survey on Latest Botnet Attack and Defense , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[11]  Sanghamitra Roy,et al.  Runtime Detection of a Bandwidth Denial Attack from a Rogue Network-on-Chip , 2015, NOCS.

[12]  Somayeh Sardashti,et al.  The gem5 simulator , 2011, CARN.

[13]  Georg Sigl,et al.  ChaCha20-Poly1305 authenticated encryption for high-speed embedded IoT applications , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[14]  Lothar Thiele,et al.  A general framework for analysing system properties in platform-based embedded system designs , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[15]  Avinash Karanth Kodi,et al.  Secure model checkers for Network-on-Chip (NoC) architectures , 2016, 2016 International Great Lakes Symposium on VLSI (GLSVLSI).

[16]  Jean-Yves Le Boudec,et al.  Network Calculus: A Theory of Deterministic Queuing Systems for the Internet , 2001 .

[17]  Prabhat Mishra,et al.  Proactive Thermal Management using Memory-based Computing in Multicore Architectures , 2018, 2018 Ninth International Green and Sustainable Computing Conference (IGSC).

[18]  Prabhat Mishra,et al.  Lightweight Anonymous Routing in NoC based SoCs , 2020, 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[19]  Lothar Thiele,et al.  Analytic real-time analysis and timed automata: a hybrid method for analyzing embedded real-time systems , 2009, EMSOFT '09.

[20]  Ümit Y. Ogras,et al.  Exploration of Memory and Cluster Modes in Directory-Based Many-Core CMPs , 2018, 2018 Twelfth IEEE/ACM International Symposium on Networks-on-Chip (NOCS).

[21]  Ümit Y. Ogras,et al.  Efficient Cache Reconfiguration Using Machine Learning in NoC-Based Many-Core CMPs , 2019, ACM Trans. Design Autom. Electr. Syst..

[22]  Khaled Elleithy,et al.  Denial of Service Attack Techniques: Analysis, Implementation and Comparison , 2005 .

[23]  Gianluca Palermo,et al.  A security monitoring service for NoCs , 2008, CODES+ISSS '08.

[24]  Prabhat Mishra,et al.  Trojan localization using symbolic algebra , 2019, 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC).

[25]  Yen-Chen Liu,et al.  Knights Landing: Second-Generation Intel Xeon Phi Product , 2016, IEEE Micro.

[26]  Lejla Batina,et al.  New directions in IoT privacy using attribute-based authentication , 2016, Conf. Computing Frontiers.

[27]  Prabhat Mishra,et al.  Real-time Detection and Localization of DoS Attacks in NoC based SoCs , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[28]  Jing Xie,et al.  Delay bound analysis in real-time networks with priority scheduling using network calculus , 2013, 2013 IEEE International Conference on Communications (ICC).

[29]  Xiaoyang Zeng,et al.  Robustness Analysis of Mesh-Based Network-on-Chip Architecture under Flooding-Based Denial of Service Attacks , 2013, 2013 IEEE Eighth International Conference on Networking, Architecture and Storage.

[30]  Lothar Thiele,et al.  A simple approximation method for reducing the complexity of Modular Performance Analysis , 2010 .

[31]  Gang Chen,et al.  Conforming the runtime inputs for hard real-time embedded systems , 2012, DAC Design Automation Conference 2012.

[32]  Jin Li,et al.  DDoS attack detection based on neural network , 2010, 2010 2nd International Symposium on Aware Computing.

[33]  Maurizio Palesi,et al.  ProNoC: A low latency network-on-chip based many-core system-on-chip prototyping platform , 2017, Microprocess. Microsystems.

[34]  Sanjoy K. Baruah,et al.  Scheduling periodic task systems to minimize output jitter , 1999, Proceedings Sixth International Conference on Real-Time Computing Systems and Applications. RTCSA'99 (Cat. No.PR00306).

[35]  Alexander Sprintson,et al.  GCA: Global congestion awareness for load balance in Networks-on-Chip , 2013, 2013 Seventh IEEE/ACM International Symposium on Networks-on-Chip (NoCS).

[36]  Ali Ahmadinia,et al.  An ID and Address Protection Unit for NoC based Communication Architectures , 2014, SIN.

[37]  Martin Lukasiewycz,et al.  Priority assignment for event-triggered systems using mathematical programming , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[38]  Martin Lukasiewycz,et al.  Automotive Electrical and Electronic Architecture Security via Distributed In-Vehicle Traffic Monitoring , 2017, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.