The security of cloud field-programmable gate arrays (FPGAs) faces challenges from untrusted users attempting fault and side-channel attacks through malicious circuit configurations. Fault injection attacks can result in denial of service, disrupting functionality or leaking secret information. This threat is further amplified in multi-tenancy scenarios. Detecting such threats before loading onto the FPGA is crucial, but existing methods face difficulty identifying sophisticated attacks. We present MaliGNNoma, a machine learning-based solution that accurately identifies malicious FPGA configurations. Serving as a netlist scanning mechanism, it can be employed by cloud service providers as an initial security layer within a necessary multi-tiered security system. By leveraging the inherent graph representation of FPGA netlists, MaliGNNoma employs a graph neural network (GNN) to learn distinctive malicious features, surpassing current approaches. To enhance transparency, MaliGNNoma utilizes a parameterized explainer for the GNN, labeling the FPGA configuration and pinpointing the sub-circuit responsible for the malicious classification. Through extensive experimentation on the ZCU102 board with a Xilinx UltraScale+ FPGA, we validate the effectiveness of MaliGNNoma in detecting malicious configurations, including sophisticated attacks, such as those based on benign modules, like cryptography accelerators. MaliGNNoma achieves a classification accuracy and precision of 98.24% and 97.88%, respectively, surpassing state-of-the-art. We compare MaliGNNoma with five state-of-the-art scanning methods, revealing that not all attack vectors detected by MaliGNNoma are recognized by existing solutions, further emphasizing its effectiveness. Additionally, we make MaliGNNoma and its associated dataset publicly available.

翻译：云现场可编程门阵列（FPGA）面临来自不可信用户通过恶意电路配置发起故障和侧信道攻击的安全挑战。故障注入攻击可能导致拒绝服务，破坏功能或泄露秘密信息。在多租户场景中，这种威胁进一步加剧。在加载到FPGA之前检测此类威胁至关重要，但现有方法难以识别复杂攻击。我们提出MaliGNNoma，一种基于机器学习的解决方案，能够准确识别恶意FPGA配置。作为网表扫描机制，它可作为必要多层安全系统的基础安全层，供云服务提供商部署。通过利用FPGA网表固有的图表示，MaliGNNoma采用图神经网络（GNN）学习独特的恶意特征，性能超越现有方法。为增强可解释性，MaliGNNoma使用参数化解释器解释GNN决策，标记FPGA配置并定位导致恶意分类的子电路。通过在配备Xilinx UltraScale+ FPGA的ZCU102开发板上进行大量实验，我们验证了MaliGNNoma在检测恶意配置（包括基于密码加速器等良性模块的复杂攻击）方面的有效性。MaliGNNoma的分类准确率和精确度分别达到98.24%和97.88%，优于现有技术。我们将MaliGNNoma与五种最先进的扫描方法进行对比，发现并非所有MaliGNNoma检测到的攻击向量都能被现有解决方案识别，进一步证实其有效性。此外，我们公开了MaliGNNoma及其相关数据集。