# **Machine Learning-Based Detection of Simulated Malware in FPGA Bitstreams**
### *Copyright (c) 2025, Rye Stahle-Smith* 
---
#### ***Description:***
This project explores the application of machine learning techniques to detect malicious modifications in FPGA bitstreams, specifically targeting the *PYNQ-Z1 FPGA Development Board* by Xilinx and Digilent. Rather than relying on custom-generated data, the project now leverages state-of-the-art (SOTA) benchmarks from **Trust-Hub**, a resource sponsored by the **National Science Foundation (NSF)**. Although these benchmarks have not been updated since 2013, they represent realistic chip-level attack scenarios. The original designs were re-engineered and adapted to work with the PYNQ-Z1 platform. As of the latest update, the dataset consists of ***one-hundred and twenty-two samples*** — ***twenty-five benign AES-128, twenty-one benign RS232, twenty-five benign AES-128, twenty-one benign RS232, and thirty empty bitstreams***.

#### ***Objectives:***
**Objective 1: Integrate and adapt industry-standard benchmarks for modern FPGA platforms.** <br>
Task 1.1: Reconfigure Trust-Hub HDL benchmarks to compile and synthesize successfully using Xilinx Vivado for compatibility with PYNQ-Z1. <br>
Task 1.2: Synthesize and implement modules on the PYNQ-Z1 board to verify functional correctness and hardware compatibility. <br>
Task 1.3: Organize, label, and curate the bitstream dataset across multiple classes (benign, malicious, empty) for use in supervised learning. <br>

**Objective 2: Design an ML-based detection pipeline for hardware Trojans in FPGA bitstreams.** <br>
Task 2.1: Convert raw .bit files into sparse byte-frequency representations and apply dimensionality reduction using Truncated Singular Value Decomposition (TSVD). <br>
Task 2.2: Apply SMOTE (Synthetic Minority Oversampling Technique) to balance class distributions in the training set and mitigate bias. <br>
Task 2.3: Train and compare multiple classifiers (Random Forest, Decision Tree, SVM, Gradient Boosting, etc.) using k-fold cross-validation to identify the most effective model. <br>

**Objective 3: Evaluate model performance and ensure robustness across Trojan variants.** <br>
Task 3.1: Analyze performance using metrics such as accuracy, precision, recall, F1-score, and class-wise true/false positive rates. <br>
Task 3.2: Generate confusion matrices and perform error analysis to assess model weaknesses and edge cases. <br>
Task 3.3: Assess model robustness by deploying the trained model on the PYNQ-Z1 platform to validate real-time prediction performance and resource efficiency in a target embedded environment. <br>

#### ***Sources:***
Hayashi, V. T., & Vicente Ruggiero, W. (2025). Hardware Trojan Detection in Open-Source Hardware Designs Using Machine Learning. *IEEE Access*. https://ieeexplore.ieee.org/document/10904479 <br>
Elnaggar, R., Chaudhuri, J., Karri, R., & Chakrabarty, K. (2023). Learning Malicious Circuits in FPGA Bitstreams. *IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems*, 42(3), 726–739. https://ieeexplore.ieee.org/document/9828544<br>
Pedregosa, F., et al. (2011). scikit-learn: Machine Learning in Python. *Journal of Machine Learning Research*, 12, 2825–2830. https://dl.acm.org/doi/10.5555/1953048.2078195<br>

In [1]:
# --------------------------
# Step 1: Deploy Trained Model on PYNQ-Z1
# This step loads the serialized ML model and uses it to make predictions on the PYNQ-Z1 board.
# --------------------------
from rf_predictor import predict_bitstream
from collections import Counter
import numpy as np
import random
import platform
import psutil
import os
import time

base_path = "trusthub_bitstreams"
categories = ["Empty", "Benign", "Malicious"]
total_time_ms = 0
num_trials = 100
num_failed = 0

bitstream_files = []
for category in categories:
    folder_path = os.path.join(base_path, category)
    for file in os.listdir(folder_path):
        if file.endswith(".bit"):
            bitstream_files.append(os.path.join(folder_path, file))

label_map = {
    0: "Empty (Class 0)",
    1: "Benign (Class 1)",
    2: "Malicious (Class 2)",
}

for trial in range(num_trials):
    bitstream_path = random.choice(bitstream_files)
    filename = os.path.basename(bitstream_path)
    folder = os.path.basename(os.path.dirname(bitstream_path))

    print(f"*** Trial {trial + 1}: Processing {filename}... ***")

    if folder == "Empty":
        actual_class = "Empty (Class 0)"
    elif folder == "Benign":
        actual_class = "Benign (Class 1)"
    elif folder == "Malicious":
        actual_class = "Malicious (Class 2)"
    else:
        actual_class = "Unknown"

    # Measure Load Time
    start_load = time.time()
    with open(bitstream_path, 'rb') as f:
        data = f.read()
    end_load = time.time()

    # Measure Feature Extraction Time
    start_feat = time.time()
    size = len(data)
    if size == 0:
        features = np.zeros(256)
    else:
        counts = Counter(data)
        dense_vec = np.zeros(256)
        for byte_val, count in counts.items():
            dense_vec[byte_val] = count / size
        features = dense_vec
    end_feat = time.time()

    # Measure Prediction Time
    start_pred = time.time()
    prediction = predict_bitstream(features)
    end_pred = time.time()

    predicted_class = label_map.get(prediction, "Unknown")
    
    print(f"Actual Class:    {actual_class}")
    print(f"Predicted Class: {predicted_class}")

    num_failed += 1 if (actual_class != predicted_class) else 0

    load_time_ms = (end_load - start_load) * 1000
    feat_time_ms = (end_feat - start_feat) * 1000
    pred_time_ms = (end_pred - start_pred) * 1000

    print(f"\n=== Latency Summary ===")
    print(f"Load Bitstream:      {load_time_ms:.2f} ms")
    print(f"Feature Extraction:  {feat_time_ms:.2f} ms")
    print(f"Prediction:          {pred_time_ms:.2f} ms\n")
    
    total_time_ms += load_time_ms + feat_time_ms + pred_time_ms
    
print(f"\nAverage Latency: {total_time_ms / num_trials / 1000:.2f} s")
print(f"\nTrials Failed: {num_failed} trials")

*** Trial 1: Processing AES_T1000_Trojan.bit... ***
Actual Class:    Malicious (Class 2)
Predicted Class: Malicious (Class 2)

=== Latency Summary ===
Load Bitstream:      2.53 ms
Feature Extraction:  167.65 ms
Prediction:          0.76 ms

*** Trial 2: Processing RS232_T700.bit... ***
Actual Class:    Benign (Class 1)
Predicted Class: Benign (Class 1)

=== Latency Summary ===
Load Bitstream:      2.72 ms
Feature Extraction:  158.42 ms
Prediction:          0.91 ms

*** Trial 3: Processing RS232_T1800_Trojan.bit... ***
Actual Class:    Malicious (Class 2)
Predicted Class: Malicious (Class 2)

=== Latency Summary ===
Load Bitstream:      12.49 ms
Feature Extraction:  160.16 ms
Prediction:          0.34 ms

*** Trial 4: Processing empty6.bit... ***
Actual Class:    Empty (Class 0)
Predicted Class: Empty (Class 0)

=== Latency Summary ===
Load Bitstream:      2.86 ms
Feature Extraction:  166.72 ms
Prediction:          0.77 ms

*** Trial 5: Processing AES_T500.bit... ***
Actual Class:    Be

In [2]:
# --------------------------
# Step 2: List Device and CPU Information
# This step gathers and prints system and processor information from the PYNQ-Z1 to help verify the hardware environment.
# --------------------------
print("=== System Information: ===")
print("System:", platform.system())
print("Node Name:", platform.node())
print("Release:", platform.release())
print("Version:", platform.version())
print("Machine:", platform.machine())
print("Processor:", platform.processor())

print("\n=== CPU Information: ===")
print("CPU Cores:", psutil.cpu_count(logical=False))
print("Logical Processors:", psutil.cpu_count(logical=True))
print("CPU Usage per Core:", psutil.cpu_percent(percpu=True))
print("Total RAM:", psutil.virtual_memory().total / 1024**2, "MB")

=== System Information: ===
System: Darwin
Node Name: ryebread
Release: 23.2.0
Version: Darwin Kernel Version 23.2.0: Wed Nov 15 21:53:34 PST 2023; root:xnu-10002.61.3~2/RELEASE_ARM64_T8103
Machine: arm64
Processor: arm

=== CPU Information: ===
CPU Cores: 8
Logical Processors: 8
CPU Usage per Core: [88.6, 88.4, 88.0, 87.8, 87.8, 88.4, 87.5, 87.4]
Total RAM: 8192.0 MB
