IEEE 1149.1, commonly known as the joint test action group (JTAG), is the standard for the test access port and the boundary-scan architecture. The JTAG is primarily utilized at the time of the integrated circuit (IC) manufacture but also in the field, giving access to internal sub-systems of the IC, or for failure analysis and debugging. Because the JTAG needs to be left intact and operational for use, it inevitably provides a “backdoor” that can be exploited to undermine the security of the chip. Potential attackers can then use the JTAG to dump critical data or reverse engineer IP cores, for example. Since an attacker will use the JTAG differently from a legitimate user, it is possible to detect the difference using machine-learning algorithms. A JTAG protection scheme, SLIC-J, is proposed to monitor user behavior and detect illegitimate accesses to the JTAG. Specifically, JTAG access is characterized using a set of specifically-defined features, and then an on-chip classifier is used to predict whether the user is legitimate or not. To validate the effectiveness of the approach, both legitimate and illegitimate JTAG accesses are simulated using the OpenSPARC T2 benchmark. The results show that the detection accuracy is 99.2%, and the escape rate is 0.8%.