Anomaly detection with machine learning
Charles River Analytics, developer of intelligent systems solutions, has partnered with Assured Information Security (AIS) to develop a Trojan detection framework as part of DARPA’s Microsystems Exploration program topic: Safeguards against Hidden Effects and Anomalous Trojans in Hardware (SHEATH). Our framework, Fuzzing Automatically to Locate Compromised Hardware with Isolation to Omit Noise (FALCHION), can detect a wide range of different hardware Trojans, with a current focus on Peripheral Component Interconnect Express–based devices.
“Team AIS will leverage state-of-the-art solutions in hypervisor-based isolation, software fuzzing, and machine learning to produce accurate results with minimal false detections.”
Scientist and Principal Investigator on the FALCHION effort
Hardware Trojans—or the malicious modification of hardware during design, manufacturing, or deployment–are a major security concern. This altering causes an integrated circuit to behave abnormally and can have disastrous consequences, especially in security-sensitive applications.
“Current anomaly detection techniques have limitations that can lead to a high false alarm rate,” said Gerald Fry. “Team AIS will leverage state-of-the-art solutions in hypervisor-based isolation, software fuzzing, and machine learning to produce accurate results with minimal false detections.”
The FALCHION approach consists of three elements:
- Hypervisor control to isolate anomalies and reduce complexity, nondeterminism, and noise
- Intelligent probing using fuzzing techniques to elicit Trojan activities
- Ensemble-based anomaly detection for high accuracy and low false alarm rate
Charles River Analytics will lead the research and development (R&D) of the ensemble anomaly detection models. We will apply our expertise in machine learning with an emphasis on anomaly detection and probabilistic modeling to detect hardware Trojans accurately and with a low false alarm rate.