Anomaly Detection with Machine Learning
Charles River Analytics Inc., developer of intelligent systems solutions, has partnered with Assured Information Security (AIS) to develop a Trojan detection framework as part of DARPA’s Microsystems Exploration program topic: Safeguards against Hidden Effects and Anomalous Trojans in Hardware (SHEATH). Our framework, Fuzzing Automatically to Locate Compromised Hardware with Isolation to Omit Noise (FALCHION), can detect a wide range of different hardware Trojans, with a current focus on Peripheral Component Interconnect Express-based devices.
“Team AIS will leverage state-of-the-art solutions in hypervisor-based isolation, software fuzzing, and machine learning to produce accurate results with minimal false detections.”
Senior Software Engineer and Principal Investigator on the FALCHION effort.
Hardware Trojans – or the malicious modification of hardware during design, manufacturing, or deployment – are a major security concern. This altering causes an integrated circuit to behave abnormally and can have disastrous consequences, especially in security-sensitive applications.
“Current anomaly detection techniques have limitations that can lead to a high false alarm rate,” said Dan Mitchell, Senior Software Engineer at Charles River Analytics. “Team AIS will leverage state-of-the-art solutions in hypervisor-based isolation, software fuzzing, and machine learning to produce accurate results with minimal false detections.”
The FALCHION approach consists of three elements:
- Hypervisor control to isolate anomalies and reduce complexity, non-determinism, and noise
- Intelligent probing using fuzzing techniques to elicit Trojan activities
- Ensemble-based anomaly detection for high accuracy and low false alarm rate
Charles River Analytics will lead the research and development (R&D) of the ensemble anomaly detection models. We will apply our expertise in machine learning with an emphasis on anomaly detection and probabilistic modeling to detect hardware Trojans accurately and with a low false alarm rate.