CN119885169A - Hardware attack detection method, device, storage medium and product - Google Patents
Hardware attack detection method, device, storage medium and product Download PDFInfo
- Publication number
- CN119885169A CN119885169A CN202510378151.9A CN202510378151A CN119885169A CN 119885169 A CN119885169 A CN 119885169A CN 202510378151 A CN202510378151 A CN 202510378151A CN 119885169 A CN119885169 A CN 119885169A
- Authority
- CN
- China
- Prior art keywords
- power consumption
- data
- frequency
- temperature
- hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/213—Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Bioinformatics & Computational Biology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Bioethics (AREA)
- Virology (AREA)
- Testing Or Calibration Of Command Recording Devices (AREA)
Abstract
The application discloses a hardware attack detection method, equipment, a storage medium and a product, which relate to the technical field of computers and comprise the steps of collecting power consumption signals of electronic equipment to be detected in real time to monitor hardware safety of the electronic equipment to be detected, collecting power consumption characteristics from multiple dimensions, and comprehensively covering various state information of hardware operation. In addition, the detection accuracy can be improved by capturing fine power consumption characteristics through wavelet transformation. And inputting the standard characteristic data into a reference fingerprint library constructed by clustering the power consumption characteristic data of the normal electronic equipment by using a Gaussian mixture model, calculating the similarity degree with each power consumption type, and outputting a hardware attack detection result through weighted summation, so that an unknown attack mode can be identified, and the false alarm rate is reduced.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, a storage medium, and a product for detecting a hardware attack.
Background
As the complexity of hardware of electronic devices increases, covering a number of links from hardware design, manufacturing, to transportation, hardware attacks have become a significant challenge in the field of server security.
At present, whether hardware attack abnormality exists in electronic equipment is generally identified by measuring physical characteristics of hardware, including scanning a circuit board by using a radiographic imaging technology to generate a high-resolution image, and detecting whether the attack abnormality exists by comparing the image with a design drawing. However, the above-mentioned physical inspection method needs to be performed off-line, and cannot be implemented in a production or operation environment.
Disclosure of Invention
The application provides a hardware attack detection method, equipment, a storage medium and a product, which at least solve the problem that the related technology cannot be implemented in a production or running environment.
The application provides a hardware attack detection method which comprises the steps of collecting power consumption signals of electronic equipment to be detected in real time, preprocessing the power consumption signals to obtain standard power consumption signal samples, extracting feature data from the standard power consumption signal samples, reducing the dimension of the feature data, normalizing the feature data after the dimension reduction to obtain standard feature data, inputting the standard feature data into a standard fingerprint library, outputting the similarity degree of the standard feature data and each power consumption type, wherein the standard fingerprint library is obtained by clustering the power consumption feature data generated by the normal electronic equipment under different operation conditions by adopting a Gaussian mixture model, carrying out weighted summation on the similarity degree of the standard feature data and each power consumption type to obtain the weighted similarity degree of the standard feature data, and outputting a hardware attack detection result of the electronic equipment to be detected according to the weighted similarity degree.
The application also provides a hardware attack detection device, which comprises:
The signal acquisition module is used for acquiring the power consumption signal of the electronic equipment to be detected in real time, and preprocessing the power consumption signal to obtain a standard power consumption signal sample.
And the characteristic extraction module is used for extracting characteristic data from the standard power consumption signal samples.
The feature dimension reduction module is used for reducing the dimension of the feature data and carrying out normalization processing on the feature data after dimension reduction to obtain standard feature data.
The similarity comparison module is used for inputting the standard characteristic data into the reference fingerprint library and outputting the similarity degree of the standard characteristic data and each power consumption type, wherein the reference fingerprint library is obtained by clustering the power consumption characteristic data generated by the normal electronic equipment under different running conditions by adopting a Gaussian mixture model.
And the similarity degree weighting module is used for carrying out weighted summation on the similarity degree of the standard characteristic data and each power consumption type to obtain the weighted similarity degree of the standard characteristic data.
And the result output module is used for outputting a hardware attack detection result of the electronic equipment to be detected according to the weighted similarity degree.
The application also provides a server which comprises a memory for storing the computer program and a processor for realizing any one of the steps of the hardware attack detection method when executing the computer program.
The present application also provides a computer readable storage medium having a computer program stored therein, wherein the computer program when executed by a processor implements the steps of any of the above-described hardware attack detection methods.
The application also provides a computer program product comprising a computer program which when executed by a processor implements the steps of any of the above described hardware attack detection methods.
According to the application, the power consumption signal of the electronic equipment to be detected is acquired in real time, so that the hardware safety of the electronic equipment to be detected can be monitored in real time, the power consumption characteristics are acquired from multiple dimensions, various state information of hardware operation can be covered comprehensively, the accuracy and reliability of hardware attack detection are improved, the high-dimensional characteristic data are converted into the low-dimensional characteristic data, the computational complexity can be reduced, and the distinguishability of different hardware is enhanced. In addition, the detection accuracy can be improved by capturing fine power consumption characteristics through wavelet transformation. And inputting the standard characteristic data into a reference fingerprint library constructed by clustering the power consumption characteristic data of the normal electronic equipment by using a Gaussian mixture model, calculating the similarity degree with each power consumption type, and outputting a hardware attack detection result through weighted summation, so that an unknown attack mode can be identified, and the false alarm rate is reduced.
Drawings
For a clearer description of embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described, it being apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.
Fig. 1 is a schematic diagram of a scenario of a hardware attack detection method according to an embodiment of the present application;
Fig. 2 is a flow chart of a hardware attack detection method according to an embodiment of the present application;
FIG. 2a is a schematic diagram of power consumption ripple provided in an embodiment of the present application;
Fig. 3 is a schematic structural diagram of a hardware attack detection device according to an embodiment of the present application;
Fig. 4 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. Based on the embodiments of the present application, all other embodiments obtained by a person of ordinary skill in the art without making any inventive effort are within the scope of the present application.
It should be noted that in the description of the present application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The terms "first," "second," and the like in this specification are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
For a clear understanding of the technical solutions of the present application, the prior art solutions will be described in detail first. As the complexity of the hardware of electronic devices increases, covering several links from hardware design, manufacturing, to transportation, hardware attacks have become a significant challenge in the field of server security. Common forms of hardware attacks include hardware Trojan, counterfeit devices, firmware tampering, and the like. At present, the detection technology for hardware attack is to identify whether the electronic equipment is abnormal by measuring the physical characteristics of hardware, including methods such as ray scanning, electron microscope detection, thermal imaging analysis and the like, however, the physical detection technology needs to be carried out in an offline state again, cannot be implemented in a production or operation environment, and has high single detection cost.
In order to solve the technical problems, the inventor thinks that a sensor is arranged on an electronic device to be tested to collect power consumption signals in real time, characteristic data is extracted from frequency domain characteristics, time domain characteristics and time-frequency combined characteristics in a multi-dimensional mode after preprocessing, the characteristic data is subjected to dimension reduction and normalization processing, is input into a reference fingerprint library constructed based on a Gaussian mixture model to be matched, and a hardware attack detection result of the electronic device to be tested is obtained through weighted summation. Through multidimensional power consumption characteristic collection, various state information of hardware operation can be covered comprehensively, accuracy and reliability of hardware attack detection are improved, high-dimensional characteristic data are converted into low-dimensional characteristic data, computational complexity can be reduced, distinguishing performance of different hardware is enhanced, and hardware safety of electronic equipment to be detected can be monitored in real time.
The present application will be further described in detail below with reference to the drawings and detailed description for the purpose of enabling those skilled in the art to better understand the aspects of the present application.
The specific application environment architecture or specific hardware architecture upon which the execution of the hardware attack detection method depends is described herein. Referring to fig. 1, fig. 1 is a schematic view of a scenario of a hardware attack detection method according to an embodiment of the present application. As shown in fig. 1, the specific application scenario of the present application includes a receiving device 101, a processor 102, and a display device 103.
It should be understood that the structure illustrated in the embodiment of the present application does not constitute a specific limitation on the hardware attack detection method. In other possible embodiments of the present application, the architecture may include more or less components than those illustrated, or some components may be combined, some components may be split, or different component arrangements may be specifically determined according to the actual application scenario, and the present application is not limited herein. The components shown in fig. 1 may be implemented in hardware, software, or a combination of software and hardware.
In a specific implementation process, the receiving device 101 may be an input/output interface or a communication interface, which is used to obtain a power consumption signal of an electronic device to be tested acquired in real time.
The processor 102 is capable of preprocessing the power consumption signal to obtain a standard power consumption signal sample, extracting feature data from the standard power consumption signal sample, performing dimension reduction on the feature data, normalizing the feature data after dimension reduction to obtain standard feature data, inputting the standard feature data into the reference fingerprint library, and outputting the similarity degree of the standard feature data and each power consumption type, wherein the reference fingerprint library is obtained by clustering the power consumption feature data generated by the normal electronic device under different operation conditions by adopting a Gaussian mixture model, performing weighted summation on the similarity degree of the standard feature data and each power consumption type to obtain the weighted similarity degree of the standard feature data, and outputting a hardware attack detection result of the electronic device to be detected according to the weighted similarity degree.
The display device 103 may be used for displaying the hardware attack detection result.
The display device may also be a touch display screen for receiving user instructions while displaying the above to enable operational interaction with the user.
It should be appreciated that the above-described processor may be implemented by a processor reading instructions in a memory and executing the instructions, or may be implemented by a circuit.
Fig. 2 is a flow chart of a hardware attack detection method provided by the embodiment of the present application, and as shown in fig. 2, the embodiment of the present application provides a hardware attack detection method, and the method is described in detail as follows:
s201, collecting power consumption signals of electronic equipment to be tested in real time, and preprocessing the power consumption signals to obtain standard power consumption signal samples.
Specifically, the server collects the power consumption signal of the electronic device to be tested all the time, and uses a high-precision ADC (Analog-to-Digital Converter) on hardware to capture the power consumption signal of the electronic device to be tested on a power supply path, then removes interference components in the power consumption signal, and synchronizes the time sequence. With the sampling rate set to 1MS/s (100 tens of thousands of sampling points per second) to collect the transient current ripple.
Specifically, the process of preprocessing the power consumption signal includes:
Sa1, triggering sampling through the CLKOUT pin of the processor, and marking the time stamp of each sampling point by using a hardware time stamp counter.
And Sa2, eliminating common mode noise in the power consumption signal by adopting a differential amplifying circuit, wherein the common mode noise is that the power supply rejection ratio is more than 80 dB.
And Sa3, removing high-frequency noise in the power consumption signal by adopting a digital filter to obtain a standard power consumption signal sample, wherein the high-frequency noise is more than 100kHz.
And S202, extracting characteristic data from the standard power consumption signal samples.
The feature extraction is to extract key information capable of representing hardware characteristics from an original standard power consumption signal sample.
The characteristic data extracted from the standard power consumption signal sample comprises a time domain characteristic, a frequency domain characteristic and a time-frequency joint characteristic. The time domain features are key information which is extracted from the time domain waveform of the standard power consumption signal sample and can be used for representing hardware characteristics. The frequency domain features are key information which is extracted from the frequency domain features of the standard power consumption signal samples and can be used for representing hardware features.
Specifically, the frequency domain features include frequency components in a preset frequency interval, amplitudes of the frequency components, energy duty ratios of the frequency bands, and harmonic distortion rates of the frequency bands. The process for extracting the frequency domain features comprises the following steps:
and Sb1, sampling the standard power consumption signal sample to obtain a discrete time domain signal.
Sb2, converting the discrete time domain signal into a discrete frequency domain signal by using fast fourier transform, and extracting frequency components in a preset frequency interval.
Wherein the preset frequency interval is 2kHz-100kHz.
Specifically, the formula for extracting the frequency components in the preset frequency interval is:
where N represents the total number of sampling points, k represents the frequency index, k=0, 1, N-1, X (N) represents a discrete frequency domain signal, and X (k) represents each frequency component.
Sb3, calculating the amplitude of each frequency component according to each frequency component.
Specifically, the information of the discrete frequency domain signal at the kth frequency can be calculated through a frequency component calculation formula, and the information is specifically expressed as a complex sequence, and comprises amplitude and phase information. The formula for calculating the amplitude of each frequency component from each frequency component is:
where Re (X (k)) represents the real part of the frequency component X (k), im (X (k)) represents the imaginary part of the frequency component X (k), and |x (k) | represents the amplitude of the frequency component.
And Sb4, calculating the energy duty ratio of each frequency component according to the amplitude of each frequency component.
The energy ratio refers to the proportion of the energy of a certain specific frequency component in the total energy of the whole signal in the frequency domain analysis of the power consumption signal, and the contribution degree of different frequency components to the energy of the whole power consumption signal can be intuitively reflected.
Specifically, by processing a standard power consumption signal sample, the amplitude of each frequency component is obtained, and according to the principle that the signal energy is proportional to the square of the amplitude, the formula for calculating the energy ratio of each frequency component is as follows:
Where P (k) represents the energy ratio of the frequency component, |x (k) | represents the amplitude of the frequency component, and N represents the total number of sampling points.
Sb5 decomposing the discrete time domain signal into a first number of frequency bands using wavelet transform.
The wavelet transformation is a time-frequency analysis method, and compared with the Fourier transformation, the wavelet transformation can better analyze non-stationary signals.
Specifically, an adaptive wavelet basis function is selected according to the power consumption signal characteristics, then wavelet transformation parameters are determined, the number of layers satisfying the decomposition of the discrete time domain signal into 10 frequency bands is calculated, for example, 4-layer wavelet decomposition is selected, and a boundary processing mode is set. And finally, carrying out wavelet transformation on the discrete time domain signals by using the selected wavelet basis functions and parameters, and gradually decomposing the discrete time domain signals by using low-pass and high-pass filters to obtain 10 signals with different frequency bands.
And Sb6, calculating the energy duty ratio of each frequency band according to the discrete time domain signals of each frequency band.
Specifically, for the discrete time domain signal of each frequency band, the value square of each sampling point of the frequency band signal is accumulated according to a signal energy calculation formula, and the signal energy of each frequency band is calculated. And then adding the energy of all the frequency band signals to obtain total energy, dividing the energy of each frequency band by the total energy to obtain the energy ratio of each frequency band.
And Sb7, calculating the harmonic distortion rate of each frequency band according to the discrete time domain signals of each frequency band.
The harmonic distortion rate is used for measuring the degree of harmonic content in the signal.
Specifically, first, a fundamental component is extracted from a discrete time domain signal of each frequency band by means of fourier transform and the like, a frequency domain representation is obtained through discrete fourier transform, then a fundamental frequency corresponding component is determined, and then the fundamental component is obtained through inverse fourier transform. Then subtracting the fundamental wave component from the frequency band signal to obtain a harmonic component, calculating the energy according to a harmonic component energy calculation formula, and calculating the harmonic distortion rate of each frequency band by using the ratio of the harmonic component energy to the fundamental wave component energy.
In particular, the time-frequency joint characteristic comprises a time-frequency variation pattern of the power consumption signal. The process for extracting the time-frequency joint characteristic from the standard power consumption signal sample comprises the following steps:
sc1, sampling the standard power consumption signal sample to obtain a discrete time domain signal.
Sc2 dividing the discrete time domain signal into a plurality of time segments by short time Fourier transform.
Specifically, a window function and a window length of the short-time fourier transform are first determined. Common window functions are hanning windows, hamming windows, etc. Then, starting from the starting point of the discrete time domain signal, the window function slides along the signal at intervals of a selected window length, and the signal part contained in the window is a time segment once sliding, so that the discrete time domain signal is divided into a plurality of time segments.
Wherein the window length determines the length of the time segment.
Sc3, converting the discrete time domain signals into discrete frequency domain signals by short-time Fourier transform aiming at each time segment to obtain time-frequency information corresponding to each time segment.
Specifically, for each divided time slice, a short-time fourier transform is applied again. The discrete time domain signal within the window function is converted from the time domain to the frequency domain by a fourier transform formula. The fourier transform decomposes the signal into different frequency components, resulting in amplitude and phase information for each time segment at different frequencies.
And Sc4, constructing a power consumption spectrogram according to the time-frequency information corresponding to each time segment, wherein the power consumption spectrogram reflects the intensity of the power consumption signal at the corresponding time-frequency position.
Specifically, a coordinate system is established with time as the horizontal axis and frequency as the vertical axis. And for the time-frequency information corresponding to each time segment, taking the amplitude values under different frequencies as signal strength, and marking the corresponding time-frequency positions. And sequentially processing all the time slices, connecting or filling each point, and forming a power consumption spectrogram which intuitively reflects the intensity distribution of the power consumption signal at different times and different frequencies.
And Sc5, analyzing the power consumption spectrogram and determining a time-frequency change mode of the power consumption signal.
Specifically, observing the change of the position of the signal intensity peak in the spectrogram with time may mean that the hardware working frequency is increasing if the peak frequency is gradually increased, and focusing on the change trend of the intensities of different frequency regions, such as suddenly increasing the intensity of a certain high frequency region, may suggest that the hardware is abnormal. Meanwhile, the overall shape, symmetry and other characteristics of the spectrogram are analyzed, the information is synthesized, the change rule of the power consumption signal in time and frequency dimensions is summarized, and the corresponding time-frequency change mode is determined.
Specifically, the time domain features include overall characteristics and transient characteristics, and the process of extracting the time domain features from the standard power consumption signal samples includes:
sd1, obtaining the time domain waveform of the power consumption signal from the standard power consumption signal sample.
Specifically, time domain data are extracted from standard power consumption signal samples obtained after pretreatment such as denoising and filtering, the time domain data are sequentially arranged according to time sequence, and the data points are connected by a data visualization means by taking time as a horizontal axis and the amplitude of the power consumption signal as a vertical axis, so that the time domain waveform of the power consumption signal is intuitively presented.
Sd 2. calculating the mean, variance and peak-peak value of the time domain waveform, wherein the mean, variance and peak-peak value of the time domain waveform are used for reflecting the integral characteristics of the standard power consumption signal sample.
Specifically, the magnitudes of all the data points on the time domain waveform are added and divided by the total number of data points to obtain a result which is an average value representing the average level of the power consumption signal over a period of time. When the variance is calculated, the difference between the amplitude of each data point and the mean value is calculated, the difference is squared and summed, and then divided by the total number of data points, and the variance represents the fluctuation degree of the signal around the mean value. The peak-to-peak value is calculated by finding the maximum value and the minimum value in the time domain waveform, and the difference value obtained by subtracting the maximum value and the minimum value is the peak-to-peak value, which reflects the maximum range of the signal amplitude variation.
Sd 3. calculating the current pulse width, the rising time, the falling time and the duty ratio of the time domain waveform, wherein the current pulse width, the rising time, the falling time and the duty ratio of the time domain waveform are used for reflecting the transient characteristics of the standard power consumption signal sample.
Specifically, for the current pulse width, a threshold value of the pulse signal is first determined, when the signal amplitude exceeds the threshold value, the pulse is considered to be started, when the signal amplitude exceeds the threshold value, the pulse is considered to be ended, and the difference between the two time points is the current pulse width, which reflects the duration of the pulse. The rise time is the time that elapses from when the pulse amplitude reaches 10% to 90% of the threshold value, and is used to measure how fast the pulse rises. The falling time is the time taken for the pulse amplitude to fall from 90% to 10%, representing the speed of the pulse falling. The duty cycle is calculated by the ratio of the current pulse width to the pulse period, and reflects the activity degree of the pulse signal in a period of time.
And S203, performing dimension reduction on the feature data, and performing normalization processing on the feature data after dimension reduction to obtain standard feature data.
Specifically, the main component analysis method is firstly used for reducing the dimension of the high-dimension characteristic data extracted from the power consumption signal, and the high-dimension characteristic data is projected to a low-dimension space formed by 32 main components, so that the dimension reduction operation is completed. And then, carrying out normalization processing on the 32-dimensional characteristic data after dimension reduction, mapping the data of each dimension to a specific interval (such as [0,1 ]) by adopting a Z-score standardization method, and eliminating the difference of the data of different dimensions in dimension and value ranges.
The principal component analysis method can conduct feature decomposition on covariance matrixes of original feature data, and find principal components capable of explaining data variances to the greatest extent.
S204, inputting the standard characteristic data into a reference fingerprint library, and outputting the similarity degree of the standard characteristic data and each power consumption type, wherein the reference fingerprint library is obtained by clustering the power consumption characteristic data generated by the normal electronic equipment under different running conditions by adopting a Gaussian mixture model.
The reference fingerprint library is obtained by clustering power consumption characteristic data generated by normal electronic equipment under different operation conditions by adopting a Gaussian mixture model, and each Gaussian distribution can be regarded as a mode or a subset and describes probability distribution of a specific power consumption mode.
Specifically, for each power consumption type in the reference fingerprint library, a formula for calculating the similarity degree between the standard characteristic data and the type is as follows:
Where d represents a feature dimension, mu k represents a mean vector of a kth power consumption type, Σ k represents a covariance matrix of the kth power consumption type, Σ k -1 represents an inverse matrix of the covariance matrix of the kth power consumption type, x represents input standard feature data, Representing the degree of similarity of the standard characteristic data to the kth power consumption type.
Illustratively, if there are 1000 power consumption features of normal devices, a reference fingerprint library is generated through Gaussian mixture model training. The fingerprint of each normal device is represented as a model parameter set { mu k,∑k,πk }, where mu k represents the mean vector, sigma k represents the covariance matrix, and pi k represents the weight coefficient. And inputting the data of which the dimension is reduced by the time domain features, the frequency domain features and the time-frequency joint features extracted from the standard feature data, and generating a scatter diagram by one power consumption ripple. Fig. 2a is a schematic diagram of power consumption ripple provided in an embodiment of the present application. As shown in fig. 2a, the contour lines in the figure represent the contour of the gaussian distribution, and the surrounding points represent the actual observations of the power consumption ripple, presented as a set of two-dimensional coordinates. The abscissa of each point may be a different power consumption characteristic. Where there is a significant tendency for data to cluster, there may be multiple clusters, each cluster representing a different type of power consumption. For the extracted power consumption ripple data, the closer to the Gaussian distribution contour surface, the more the power consumption ripple data is matched with the reference fingerprint library. Wherein the mean vector is that the center point of each gaussian component will be at the center of the contour. Covariance in the covariance matrix determines the shape of the distribution, with the larger components of the covariance matrix appearing as relatively flat or expanded ellipses and the smaller components of the covariance matrix appearing as more compact ellipses. The gaussian component with higher weight contributes more to the overall distribution of data and the contour will be wider.
And S205, carrying out weighted summation on the similarity degree of the standard characteristic data and each power consumption type to obtain the weighted similarity degree of the standard characteristic data.
Specifically, the weighted sum is performed on the similarity degree of the gaussian distribution of each power consumption type, and the formula for obtaining the weighted similarity degree of the standard characteristic data is as follows:
where pi k denotes a weight coefficient of the kth power consumption type, The degree of similarity of the standard characteristic data to each power consumption type is represented, and K represents the number of power consumption types.
S206, outputting a hardware attack detection result of the electronic equipment to be detected according to the weighted similarity degree.
Specifically, a dynamic threshold such as 3σ is set, if p (x) is greater than the dynamic threshold, the electronic device to be tested is determined to be a normal device, and if p (x) is less than the dynamic threshold, the electronic device to be tested is determined to be an abnormal device.
Wherein σ is the standard deviation of the weighted similarity degree, and represents the dispersion degree between the data points and the mean value, about 68% of the data points fall within the range of + -1 σ of the mean value, about 95% of the data points fall within the range of + -2 σ, and about 99.7% of the data points fall within the range of + -3 σ according to the property of normal distribution, so as to adapt to power consumption fluctuation under different environments.
In summary, the hardware security of the electronic device to be tested can be monitored in real time by collecting the power consumption signal of the electronic device to be tested in real time, the power consumption characteristics are collected from multiple dimensions, various state information of hardware operation can be covered comprehensively, the accuracy and reliability of hardware attack detection are improved, high-dimensional characteristic data are converted into low-dimensional characteristic data, the computational complexity can be reduced, and the distinguishability of different hardware is enhanced.
In addition, the detection accuracy can be improved by capturing fine power consumption characteristics through wavelet transformation. And inputting the standard characteristic data into a reference fingerprint library constructed by clustering the power consumption characteristic data of the normal electronic equipment by using a Gaussian mixture model, calculating the similarity degree with each power consumption type, and outputting a hardware attack detection result through weighted summation, so that an unknown attack mode can be identified, and the false alarm rate is reduced.
In another embodiment provided by the application, there is a strong correlation between power consumption and temperature when the hardware is running, and the increase of power consumption can lead to the increase of temperature, but the relation is not linear, but is influenced by factors such as heat dissipation condition, environmental temperature and the like. If the attack detection result of the electronic device to be detected is abnormal, it needs to be determined whether the abnormality is caused by artificial tampering or hardware aging, which specifically includes:
S301, temperature data and power consumption data of the electronic equipment to be tested in operation are obtained.
Specifically, temperature data of the electronic equipment to be tested during operation is obtained through a high-precision temperature sensor, the sensor monitors the equipment temperature in real time, the temperature signal is converted into an electric signal, and the converted electric signal is transmitted to a data receiving unit of the server through a wired connection or wireless communication module. The data receiving unit analyzes the received signals according to the set communication protocol and extracts temperature data.
Specifically, in a power supply line of an electronic device to be tested, a power consumption sampling circuit is connected in series. When the electronic equipment to be tested operates, the current in the circuit passes through the sampling element to generate a voltage signal proportional to the current, and the real-time power consumption of the electronic equipment to be tested can be calculated by combining the power supply voltage. And the power consumption sampling circuit sends the calculated power consumption data to the data receiving unit through the data transmission interface or the internal data bus. The data receiving unit sorts and stores the received power consumption data according to the corresponding data format and protocol.
S302, filtering processing is carried out on the power consumption data to obtain a power consumption sample with noise removed, wherein the power consumption sample comprises a plurality of power consumption values.
Specifically, a digital filtering algorithm, such as mean filtering, median filtering or kalman filtering, is used to process the raw power consumption data received from the power consumption sampling circuit. Taking mean filtering as an example, a filter window size is set, for example, 5 consecutive power consumption data points are taken, an average value of the 5 data points is calculated, and the average value is taken as a first power consumption value output after filtering. Then sliding a data point backwards by the window, repeating the calculation process, and sequentially obtaining a series of power consumption values after noise removal, wherein the values together form a power consumption sample.
And S303, filtering the temperature data to obtain a temperature sample with noise removed, wherein the temperature sample comprises temperature values corresponding to the power consumption values.
Illustratively, a filter window size is set, for example, 3 consecutive temperature data points are taken, and an average of the 3 data points is calculated as the first temperature value output after filtering. Then sliding a data point backwards in the window, repeating the calculation process, and sequentially obtaining a series of temperature values after noise removal, wherein the values together form a temperature sample.
S304, inputting the power consumption sample into a pre-trained power consumption-temperature dynamic relation model to output a predicted temperature value corresponding to each power consumption value.
The pre-trained power consumption-temperature dynamic relation model is obtained through training of a machine learning algorithm based on a large amount of historical power consumption and temperature data.
Specifically, each power consumption value in the power consumption samples subjected to the filtering processing is sequentially input into the model. And the model calculates the power consumption value of each input according to the learned inherent relation between the power consumption and the temperature, and outputs a corresponding predicted temperature value.
Specifically, for each power consumption value in the power consumption sample, subtracting the temperature value predicted by the power consumption-temperature dynamic relation model from the corresponding actually measured temperature value to obtain a temperature residual corresponding to the power consumption value. And sequentially recording the temperature residual errors corresponding to all the power consumption values to form temperature residual error data.
Specifically, the construction process of the power consumption-temperature dynamic relation model comprises the following steps:
Se1, acquiring a plurality of historical temperature data, wherein the plurality of historical temperature data cover an idle state, a medium load state and a high load state of the hardware equipment.
Specifically, by long-time and multi-working-condition monitoring, a plurality of historical temperature data covering different load states of the hardware equipment are accumulated.
Se2, acquiring a plurality of historical power consumption data, wherein the historical power consumption data cover an idle state, a medium load state and a high load state of the hardware equipment.
In particular, by long-term tracking of different operating states of the device, a plurality of historical power consumption data covering a plurality of load conditions is accumulated.
And Se3, preprocessing the plurality of historical temperature data to obtain a plurality of historical temperature samples for removing noise interference.
Specifically, for a plurality of collected historical temperature data, a plurality of digital filtering techniques are applied to remove noise interference. Firstly, adopting an average value filtering algorithm, setting a proper filtering window, for example, taking an average value of continuous 5 temperature data points as a first temperature value output after filtering, then sliding the window by one data point backwards, repeating calculation, primarily smoothing a temperature curve, and removing high-frequency noise peaks. And then, using a median filtering algorithm to reprocess the data after the mean value filtering, selecting intermediate values in the same window as output, and further eliminating possible abnormal value interference. Through this series of pretreatment steps, a series of continuous, smooth and noise interference-free multiple historical temperature samples are obtained.
And Se4, preprocessing the plurality of historical power consumption data to obtain a plurality of historical power consumption samples for removing noise interference.
Specifically, the size of a filtering window is set according to the characteristics of the power consumption data, for example, 7 continuous power consumption data points are taken to calculate an average value, primary smoothing is carried out on the original power consumption data, then median filtering is applied, intermediate values are selected to replace the original data in the same window, and abnormal power consumption values are further removed.
Se5, segmenting a plurality of historical temperature samples and a plurality of historical power consumption samples according to time sequence to construct a training data set.
And synchronously segmenting the preprocessed plurality of historical temperature samples and the preprocessed plurality of historical power consumption samples according to time sequence. For example, taking 1 minute as a time period, the corresponding temperature sample value and power consumption sample value in the time period are combined into one data pair. In this way, the data over the entire time span is divided into a plurality of data pairs, each of which contains temperature and power consumption information at a particular instant. These pairs of data together form a training dataset.
And Se6, establishing a power consumption-temperature dynamic relation model by adopting a Kalman filtering algorithm according to the training data set.
S306, calculating temperature residual data corresponding to each power consumption value according to the temperature value corresponding to each power consumption value and the predicted temperature value.
Specifically, a state vector of the model and a covariance matrix are initialized, wherein the state vector comprises power consumption and temperature estimated values at the current moment, and the covariance matrix is used for measuring uncertainty of the estimated values. Then, for each data pair in the training data set, the state estimation value and the covariance matrix are continuously adjusted by utilizing the prediction and updating steps of Kalman filtering according to the state estimation value at the last moment and the measured value at the current moment. In the predicting step, the state of the next moment is predicted according to the dynamic model of the system, and in the updating step, the predicted value is corrected by combining the new measured value. Through iterative processing of the whole training data set, the Kalman filtering algorithm gradually learns the dynamic relationship between power consumption and temperature, and a power consumption-temperature dynamic relationship model capable of accurately describing the relationship between the power consumption and the temperature is established.
S307, judging the reason of the abnormality of the electronic equipment to be tested according to the temperature residual error data.
Specifically, if the temperature residual data is large as a whole and exhibits irregular fluctuation, it may mean that the device has a heat dissipation problem, resulting in an actual temperature higher than a predicted temperature corresponding to normal power consumption. If the residual data suddenly increases within a certain period of time, it may be implied that the device is experiencing abnormally high power consumption operation or hardware failure at that time. The specific judging process is as follows:
Sf1, drawing a residual distribution diagram according to the temperature residual data, inputting the residual distribution diagram into a Gaussian model for verification, and judging whether the residual distribution diagram accords with normal distribution.
Specifically, based on the temperature residual data, a residual distribution diagram is drawn by using drawing software with a residual value as an ordinate and a corresponding sample number or time point as an abscissa. Each point in the graph represents a temperature residual corresponding to a power consumption value. After the drawing is completed, the data of the residual distribution diagram is input into a pre-constructed Gaussian model. The Gaussian model is based on a probability density function of normal distribution, theoretical probability distribution of residual data in different value intervals is calculated, comparison analysis is carried out on the theoretical probability distribution and the data distribution in an actual residual distribution map, and whether the residual distribution map accords with the normal distribution is judged by using methods such as fitting goodness test and the like.
And Sf2, if the residual distribution diagram does not accord with the normal distribution, inputting abnormal power consumption data into a pre-trained power consumption-temperature correlation analysis model to output a power consumption-temperature relation curve.
Specifically, if it is determined that the residual distribution diagram does not conform to the normal distribution, firstly determining power consumption data corresponding to the abnormal residual, wherein the abnormal power consumption data is a power consumption value acquired when abnormality occurs in the temperature residual. The abnormal power consumption data are input into a pre-trained power consumption-temperature association analysis model, and the model analyzes potential relation between power consumption and temperature through an internal operation mechanism according to the input abnormal power consumption data and outputs a corresponding power consumption-temperature relation curve.
The power consumption-temperature relation curve intuitively shows the change trend of power consumption and temperature under abnormal conditions.
And Sf3, judging that the hardware is aged if the power consumption-temperature relation curve shows a slow linear drift trend.
In particular, if the curve shows a slow linear rising or falling trend with time or increasing power consumption value, i.e. the temperature changes with power consumption, the rate of increase or decrease is relatively stable and gradually changing, for example, due to long-term use, the internal transistor performance gradually declines, so that the heat generated under the same power consumption gradually increases, and the slow linear drift is reflected on the power consumption-temperature relation curve. Based on this feature, it is determined that the cause of the device abnormality is hardware aging.
And Sf4, if mutation occurs in the power consumption-temperature relation curve, judging that the power consumption-temperature relation curve is tampered.
Specifically, when a significant abrupt point exists in the power consumption-temperature relationship curve, that is, at a certain moment or at a certain power consumption value, the temperature suddenly and greatly rises or drops, and the change does not conform to the relationship rule of power consumption and temperature when the device is in normal operation. By identifying such abrupt change features in the power consumption-temperature relationship curve, in combination with the use environment and the history of operation of the device, it is determined that the abnormality of the device is caused by human tampering.
In summary, the temperature residual error data is calculated by receiving and processing the temperature and power consumption data of the device and predicting the temperature by using a pre-trained power consumption-temperature dynamic relation model so as to judge the cause of the abnormality. And verifying whether the residual distribution diagram accords with normal distribution by means of a Gaussian model, outputting a relation curve by a power consumption-temperature correlation analysis model when abnormal, and distinguishing hardware aging from artificial tampering according to curve characteristics. Meanwhile, the model construction process comprises the steps of comprehensively collecting historical temperature and power consumption data under different load states, constructing a training data set in a segmented mode according to time sequence through preprocessing, and then building a model through a Kalman filtering algorithm. The series of technical means can accurately position the abnormal source of the equipment, effectively distinguish natural aging and artificial tampering of hardware, provide powerful support for guaranteeing hardware safety, greatly improve the detection accuracy and reliability, and timely discover potential hardware attack risks.
In the embodiment provided by the application, when the hardware attack detection result of the electronic equipment to be detected is abnormal, the hierarchical response is correspondingly started, and the specific process comprises the following steps:
s401, calculating the abnormal probability of the hardware attack detection result of the electronic equipment to be detected as abnormal according to the weighted similarity degree.
S402, if the abnormal probability is smaller than 68%, recording an abnormal log and notifying an operation and maintenance person.
Specifically, if the anomaly probability is smaller than 68%, the server records the relevant information that the hardware attack detection result is anomaly in detail in a special log recording module, wherein the relevant information comprises detection time, initial judgment of anomaly type, related hardware components and the like. Meanwhile, the system informs the operation and maintenance personnel of abnormal conditions in time through a preset communication channel such as short message notification, mail pushing or popup window reminding of an operation and maintenance management platform, so that the operation and maintenance personnel can further analyze and check possible slight hardware abnormal problems according to log records, and take corresponding maintenance measures.
S403, if the abnormal probability is more than or equal to 68% and less than 99.7%, isolating the electronic equipment to be tested, and starting the trusted platform module firmware for verification.
Specifically, if the anomaly probability is greater than or equal to 68% and less than 99.7%, the electronic device to be tested is isolated from the current network environment, and the data communication connection between the electronic device to be tested and other devices is disconnected, so that the possible safety risk is prevented from being diffused. At the same time, the TPM firmware (Trusted Platform Module, firmware verification trusted platform module) verification process is automatically triggered. The system sends an instruction to the TPM, the TPM performs integrity check on the firmware stored by the TPM according to a built-in verification algorithm, and whether the firmware is tampered or not is checked by comparing information such as a firmware signature, a hash value and the like so as to determine whether potential safety hazards exist on the firmware layer of the bottom layer of the equipment.
S404, if the abnormal probability is greater than or equal to 99.7%, cutting off the power supply circuit, and rolling back the firmware to the golden image through the elastic mechanism of the platform firmware.
The golden image is a firmware backup of the device in a safe and normal state.
Specifically, when the abnormal probability is greater than or equal to 99.7%, the power supply of the electronic device to be tested is rapidly cut off through the control circuit, so that the electronic device to be tested stops running, a PFR (Platform firmware elastic) mechanism is started, and the mechanism rolls back the device firmware to a known safe version by utilizing a pre-stored gold mirror image. During rollback, the PFR mechanism monitors and validates the firmware recovery process, ensuring that the firmware is successfully recovered and the device can be restarted in a secure state.
In summary, when the hardware attack detection result is abnormal, the hierarchical response mechanism precisely quantifies the abnormal probability by means of a scientific algorithm, so that hierarchical processing of different risk degrees is realized. The method has the advantages that slight abnormality can be timely solved by recording logs and informing operation and maintenance, equipment isolation and TPM firmware verification can effectively inhibit medium risk diffusion and ensure bottom layer safety, power supply and PFR mechanism rollback firmware is cut off, equipment safety state can be rapidly stopped and restored under high risk, protection, coping and restoring capabilities of equipment in the face of attack are comprehensively improved, and safety, stability and data integrity of a hardware system are powerfully ensured.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment.
Fig. 3 is a schematic structural diagram of a hardware attack detection device according to an embodiment of the present application. As shown in fig. 3, the embodiment of the application further provides a hardware attack detection device. The device comprises a signal acquisition module 301, a feature extraction module 302, a feature dimension reduction module 303, a similarity comparison module 304, a similarity degree weighting module 305 and a result output module 306.
The signal acquisition module 301 is configured to acquire a power consumption signal of an electronic device to be tested in real time, and perform preprocessing on the power consumption signal to obtain a standard power consumption signal sample.
A feature extraction module 302, configured to extract feature data from a standard power consumption signal sample;
the feature dimension reduction module 303 is configured to reduce dimensions of feature data, and normalize the feature data after dimension reduction to obtain standard feature data;
the similarity comparison module 304 is configured to input standard feature data into a reference fingerprint library, and output a degree of similarity between the standard feature data and each power consumption type, where the reference fingerprint library is obtained by clustering power consumption feature data generated by a normal electronic device under different operation conditions by using a gaussian mixture model;
the similarity degree weighting module 305 is configured to perform weighted summation on the similarity degree between the standard feature data and each power consumption type, so as to obtain a weighted similarity degree of the standard feature data;
And the result output module 306 is configured to output a hardware attack detection result of the electronic device to be tested according to the weighted similarity degree.
In one possible implementation, the feature extraction module 302 is specifically configured to sample a standard power consumption signal sample to obtain a discrete time domain signal, convert the discrete time domain signal into a discrete frequency domain signal by using a fast fourier transform, extract frequency components in a preset frequency interval, calculate an amplitude of each frequency component according to each frequency component, calculate an energy duty ratio of each frequency component according to the amplitude of each frequency component, decompose the discrete time domain signal into a first number of frequency bands by applying a wavelet transform, calculate an energy duty ratio of each frequency band according to the discrete time domain signal of each frequency band, and calculate a harmonic distortion rate of each frequency band according to the discrete time domain signal of each frequency band.
In one possible implementation manner, the feature extraction module 302 is specifically configured to sample a standard power consumption signal sample to obtain a discrete time domain signal, divide the discrete time domain signal into a plurality of time segments through short-time fourier transform, convert the discrete time domain signal into a discrete frequency domain signal through short-time fourier transform for each time segment to obtain time-frequency information corresponding to each time segment, construct a power consumption spectrogram according to the time-frequency information corresponding to each time segment, wherein the power consumption spectrogram reflects the intensity of the power consumption signal at the corresponding time-frequency position, and analyze the power consumption spectrogram to determine the time-frequency variation mode of the power consumption signal.
In one possible implementation, the feature extraction module 302 is specifically configured to obtain a time domain waveform of the power consumption signal from the standard power consumption signal sample, calculate a mean value, a variance, and a peak-peak value of the time domain waveform, where the mean value, the variance, and the peak-peak value of the time domain waveform are used to reflect an overall characteristic of the standard power consumption signal sample, and calculate a current pulse width, a rise time, a fall time, and a duty cycle of the time domain waveform, where the current pulse width, the rise time, the fall time, and the duty cycle of the time domain waveform are used to reflect a transient characteristic of the standard power consumption signal sample.
In a possible implementation manner, the device further comprises an abnormality cause determining module, wherein the abnormality cause determining module is used for obtaining temperature data and power consumption data of the electronic equipment to be tested when the electronic equipment is in operation, filtering the power consumption data to obtain a noise-removed power consumption sample, wherein the power consumption sample comprises a plurality of power consumption values, filtering the temperature data to obtain the noise-removed temperature sample, wherein the temperature sample comprises temperature values corresponding to the power consumption values, inputting the power consumption sample into a pre-trained power consumption-temperature dynamic relation model to output predicted temperature values corresponding to the power consumption values, calculating temperature residual data corresponding to the power consumption values according to the temperature values corresponding to the power consumption values and the predicted temperature values, and judging the cause of abnormality of the electronic equipment to be tested according to the temperature residual data.
In one possible implementation manner, the abnormality cause determining module is specifically configured to draw a residual distribution diagram according to temperature residual data, input the residual distribution diagram to a gaussian model for verification, determine whether the residual distribution diagram accords with normal distribution, input abnormal power consumption data to a pre-trained power consumption-temperature association analysis model to output a power consumption-temperature relationship curve if the residual distribution diagram does not accord with normal distribution, determine that hardware is aged if the power consumption-temperature relationship curve shows a slow linear drift trend, and determine that human is tampered if a mutation occurs in the power consumption-temperature relationship curve.
In one possible implementation manner, the device further comprises a power consumption temperature dynamic relation model construction module, wherein the power consumption temperature dynamic relation model construction module is used for acquiring a plurality of historical temperature data, the plurality of historical temperature data cover an idle state, a medium load state and a high load state of the hardware device, acquiring a plurality of historical power consumption data, the plurality of historical power consumption data cover the idle state, the medium load state and the high load state of the hardware device, preprocessing the plurality of historical temperature data to obtain a plurality of historical temperature samples for removing noise interference, preprocessing the plurality of historical power consumption data to obtain a plurality of historical power consumption samples for removing noise interference, segmenting the plurality of historical temperature samples and the plurality of historical power consumption samples according to time sequence to construct a training data set, and establishing a power consumption-temperature dynamic relation model by adopting a Kalman filtering algorithm according to the training data set.
In one possible implementation, the formula for extracting the frequency components in the preset frequency interval in the feature extraction module 302 is:
where N represents the total number of sampling points, k represents the frequency index, k=0, 1, N-1, X (N) represents a discrete frequency domain signal, and X (k) represents each frequency component.
In one possible implementation, the formula for calculating the magnitude of each frequency component in the feature extraction module 302 is:
where Re (X (k)) represents the real part of the frequency component X (k), im (X (k)) represents the imaginary part of the frequency component X (k), and |x (k) | represents the amplitude of the frequency component.
In one possible implementation, the formula for calculating the energy duty cycle of each frequency component in the feature extraction module 302 is:
Where P (k) represents the energy ratio of the frequency component, |x (k) | represents the amplitude of the frequency component, and N represents the total number of sampling points.
In one possible implementation, the calculation formula of the similarity between the standard feature data and each power consumption type in the similarity weighting module 305 is:
Where d represents a feature dimension, mu k represents a mean vector of a kth power consumption type, Σ k represents a covariance matrix of the kth power consumption type, Σ k -1 represents an inverse matrix of the covariance matrix of the kth power consumption type, x represents input standard feature data, Representing the degree of similarity of the standard characteristic data to the kth power consumption type.
In one possible implementation, the weighted similarity for the standard feature data in the similarity weighting module 305 is calculated as:
where pi k denotes a weight coefficient of the kth power consumption type, The degree of similarity of the standard characteristic data to each power consumption type is represented, and K represents the number of power consumption types.
The description of the features in the embodiment corresponding to the hardware chain attack detection device may refer to the related description of the embodiment corresponding to the hardware attack detection method, which is not described in detail herein.
Fig. 4 is a schematic structural diagram of a server according to an embodiment of the present application. As shown in fig. 4, the server 40 provided in this embodiment includes at least one processor 401 and a memory 402. Optionally, the server 40 further comprises a communication component 403. Wherein the processor 401, the memory 402 and the communication section 403 are connected by a bus.
In a specific implementation process, at least one processor 401 executes computer-executable instructions stored in a memory 402, so that at least one processor 401 executes the above-described embodiment of the method for detecting a hardware attack.
The specific implementation process of the processor 401 may refer to the above-mentioned method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
In the above embodiment, it should be understood that the Processor may be a central processing unit (Central Processing Unit, abbreviated as CPU), other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor, abbreviated as DSP), application SPECIFIC INTEGRATED Circuit (ASIC), and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution.
The Memory may include high-speed Memory (Random Access Memory, RAM) or may further include Non-volatile Memory (NVM), such as at least one disk Memory.
The bus may be an industry standard architecture (Industry Standard Architecture, ISA) bus, an external device interconnect (PERIPHERAL COMPONENT, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, the buses in the drawings of the present application are not limited to only one bus or to one type of bus.
Embodiments of the present application also provide a computer readable storage medium having a computer program stored therein, wherein the computer program is configured to perform the steps of any of the hardware attack detection method embodiments described above when run.
In an exemplary embodiment, the computer readable storage medium may include, but is not limited to, a U disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a removable hard disk, a magnetic disk, or an optical disk, etc. various media in which a computer program may be stored.
Embodiments of the present application also provide a computer program product comprising a computer program which, when executed by a processor, implements the steps of any of the embodiments of the hardware attack detection method described above.
Embodiments of the present application also provide another computer program product comprising a non-volatile computer readable storage medium storing a computer program which, when executed by a processor, implements the steps of any of the hardware attack detection method embodiments described above.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The method, the device, the storage medium and the product for detecting the hardware attack provided by the application are described in detail. The principles and embodiments of the present application have been described herein with reference to specific examples, the description of which is intended only to facilitate an understanding of the method of the present application and its core ideas. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the application can be made without departing from the principles of the application and these modifications and adaptations are intended to be within the scope of the application as defined in the following claims.
Claims (15)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510378151.9A CN119885169A (en) | 2025-03-28 | 2025-03-28 | Hardware attack detection method, device, storage medium and product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510378151.9A CN119885169A (en) | 2025-03-28 | 2025-03-28 | Hardware attack detection method, device, storage medium and product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN119885169A true CN119885169A (en) | 2025-04-25 |
Family
ID=95439931
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202510378151.9A Pending CN119885169A (en) | 2025-03-28 | 2025-03-28 | Hardware attack detection method, device, storage medium and product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN119885169A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN120068171A (en) * | 2025-04-29 | 2025-05-30 | 山东云海国创云计算装备产业创新中心有限公司 | Integrated circuit for encryption, encryption device and encryption method |
| CN120579720A (en) * | 2025-08-01 | 2025-09-02 | 江苏商贸职业学院 | A method and system for enterprise energy optimization based on cloud computing and the Internet |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112464297A (en) * | 2020-12-17 | 2021-03-09 | 清华大学 | Hardware Trojan horse detection method and device and storage medium |
| CN115906073A (en) * | 2022-09-30 | 2023-04-04 | 深圳市国电科技通信有限公司 | Hardware Trojan horse detection method, device, fusion terminal and medium |
| CN117272101A (en) * | 2023-09-19 | 2023-12-22 | 中国人民解放军国防科技大学 | A fine-grained malicious logic detection method and system based on power consumption feature classification |
| US20240152656A1 (en) * | 2021-03-12 | 2024-05-09 | Battelle Memorial Institute | Systems and Methods for Non-Destructive Detection of Hardware Anomalies |
-
2025
- 2025-03-28 CN CN202510378151.9A patent/CN119885169A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112464297A (en) * | 2020-12-17 | 2021-03-09 | 清华大学 | Hardware Trojan horse detection method and device and storage medium |
| US20240152656A1 (en) * | 2021-03-12 | 2024-05-09 | Battelle Memorial Institute | Systems and Methods for Non-Destructive Detection of Hardware Anomalies |
| CN115906073A (en) * | 2022-09-30 | 2023-04-04 | 深圳市国电科技通信有限公司 | Hardware Trojan horse detection method, device, fusion terminal and medium |
| CN117272101A (en) * | 2023-09-19 | 2023-12-22 | 中国人民解放军国防科技大学 | A fine-grained malicious logic detection method and system based on power consumption feature classification |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN120068171A (en) * | 2025-04-29 | 2025-05-30 | 山东云海国创云计算装备产业创新中心有限公司 | Integrated circuit for encryption, encryption device and encryption method |
| CN120068171B (en) * | 2025-04-29 | 2025-07-29 | 山东云海国创云计算装备产业创新中心有限公司 | Integrated circuit for encryption, encryption device and encryption method |
| CN120579720A (en) * | 2025-08-01 | 2025-09-02 | 江苏商贸职业学院 | A method and system for enterprise energy optimization based on cloud computing and the Internet |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yiakopoulos et al. | Rolling element bearing fault detection in industrial environments based on a K-means clustering approach | |
| CA2401685C (en) | Complex signal decomposition and modeling | |
| Yu et al. | A novel sensor fault diagnosis method based on modified ensemble empirical mode decomposition and probabilistic neural network | |
| CN119885169A (en) | Hardware attack detection method, device, storage medium and product | |
| CN102016607B (en) | Method and apparatus for analyzing waveform signals of a power system | |
| CN113868006B (en) | Time sequence detection method and device, electronic equipment and computer storage medium | |
| US20110191076A1 (en) | Error detection method and system | |
| CN118393351B (en) | Method and device for processing and detecting abnormal information of motor rotor | |
| Zhang et al. | Bearing performance degradation assessment based on time-frequency code features and SOM network | |
| US20190000336A1 (en) | Detecting and predicting an epileptic seizure | |
| CN118410450B (en) | Massage chair remote health monitoring method based on cloud computing | |
| CN117708734A (en) | A structural damage identification method and storage medium based on improved adaptive noise complete integration empirical mode decomposition | |
| CN117633779A (en) | Rapid deployment method and system for element learning detection model of network threat in power network | |
| Chen et al. | Markov modeling of signal condition transitions for bearing diagnostics under external interference conditions | |
| Gong et al. | An integrated health condition detection method for rolling bearings using time-shift multi-scale amplitude-aware permutation entropy and uniform phase empirical mode decomposition | |
| He et al. | Separation and analyzing of harmonics and inter‐harmonics based on single channel independent component analysis | |
| CN118857188A (en) | Online monitoring method and system for bearing deformation of hydro-turbine generator set using acoustic emission technology | |
| Ou et al. | Research on Rolling Bearing Fault Diagnosis Using Improved Majorization‐Minimization‐Based Total Variation and Empirical Wavelet Transform | |
| CN111897851A (en) | Abnormal data determination method and device, electronic equipment and readable storage medium | |
| Xin et al. | An adaptive feature mode decomposition-guided phase space feature extraction method for rolling bearing fault diagnosis | |
| CN114294183B (en) | A method and device for monitoring fan blade faults and a fan | |
| CN119516713A (en) | Adaptive slope disaster early warning method and related device based on multi-source monitoring data | |
| CN119135565A (en) | A communication fault sniffing method and system based on the Internet of Things | |
| CN117370352B (en) | Data monitoring method and system based on big data | |
| CN113822565B (en) | Method for graded and refined analysis of time-frequency characteristics of fan monitoring data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |