This work addresses the vulnerability of the AXI protocol in modern SoCs to protocol-violation-based denial-of-service (DoS) attacks, a threat inadequately mitigated by existing defenses due to their lack of real-time semantic analysis. To bridge this gap, the authors propose and implement an Intelligent Monitoring System (IMS) based on a quantized neural network, which— for the first time—integrates a lightweight neural network directly into the AXI bus monitor for high-accuracy, low-overhead compliance checking. Deployed as a memory-mapped IP core within a RISC-V SoC and validated on the ZCU104 platform, the IMS achieves 98.7% detection accuracy with minimal latency overhead (≤3%), throughput exceeding 2.5 million transactions per second, and extremely low hardware resource utilization (9.04% LUTs, 0.23% DSPs, and 0.70% flip-flops), making it well-suited for resource-constrained edge devices.

In the modern Systems-on-Chip (SoC), the Advanced eXtensible Interface (AXI) protocol exhibits security vulnerabilities, enabling partial or complete denial-of-service (DoS) through protocol-violation attacks. The recent countermeasures lack a dedicated real-time protocol semantic analysis and evade protocol compliance checks. This paper tackles this AXI vulnerability issue and presents an intelligent hardware monitoring system (IMS) for real-time detection of AXI protocol violations. IMS is a hardware module leveraging neural networks to achieve high detection accuracy. For model training, we perform DoS attacks through header-field manipulation and systematic malicious operations, while recording AXI transactions to build a training dataset. We then deploy a quantization-optimized neural network, achieving 98.7% detection accuracy with<=3% latency overhead, and throughput of>2.5 million inferences/s. We subsequently integrate this IMS into a RISC-V SoC as a memory-mapped IP core to monitor its AXI bus. For demonstration and initial assessment for later ASIC integration, we implemented this IMS on an AMD Zynq UltraScale+ MPSoC ZCU104 board, showing an overall small hardware footprint (9.04% look-up-tables (LUTs), 0.23% DSP slices, and 0.70% flip-flops) and negligible impact on the overall design's achievable frequency. This demonstrates the feasibility of lightweight, security monitoring for resource-constrained edge environments.