Skip to main content
SpringerLink
Log in

Adversarial Examples for Hardware-Trojan Detection at Gate-Level Netlists

  • Conference paper
  • First Online:
Book cover Computer Security (CyberICPS 2019, SECPRE 2019, SPOSE 2019, ADIoT 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11980))

Abstract

Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the threat of injecting a malicious circuit, called a hardware Trojan, by third party has been increasing. Machine learning has been known to produce a powerful model to detect hardware Trojans. But it is recently reported that such a machine learning based detection is weak against adversarial examples (AEs), which cause misclassification by adding perturbation in input data. Referring to the existing studies on adversarial examples, most of which are discussed in the field of image processing, this paper first proposes a framework generating adversarial examples for hardware-Trojan detection for gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent circuits, and makes it difficult to detect them. Second, we define Trojan-net concealment degree (TCD) as a possibility of misclassification, and modification evaluating value (MEV) as a measure of the amount of modifications. Third, judging from MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases true positive rate (TPR) by at most 30.15 points.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The number of Trojan nets identified as Trojan nets is called as true positive (TP). The number of Trojan nets identified as normal nets is called as false negative (FN). The true positive rate is obtained from TP / (TP + FN).

  2. 2.

    The number of normal nets identified as normal nets is called as true negative (TN). The number of normal nets identified as Trojan nets is called as false positive (FP). The true negative rate is obtained from TN/(TN + FP).

References

  1. Akhtar, N., Mian, A.: Threat of adversarial attacks on deep learning in computer vision: a survey. IEEE Access 6, 14410–14430 (2018)

    Article  Google Scholar 

  2. Bhunia, S., Hsiao, M.S., Banga, M., Narasimhan, S.: Hardware Trojan attacks: threat analysis and countermeasures. Proc. IEEE 102(8), 1229–1247 (2014)

    Article  Google Scholar 

  3. Carlini, N., Wagner, D.: Audio adversarial examples: targeted attacks on speech-to-text. In: 2018 IEEE Security and Privacy Workshops (SPW) (2018)

    Google Scholar 

  4. Chakraborty, R.S., Narasimhan, S., Bhunia, S.: Hardware Trojan: threats and emerging solutions. In: Proceedings of International High-Level Design Validation and Test Workshop (HLDVT), pp. 166–171 (2009)

    Google Scholar 

  5. Dai, H., et al.: Adversarial attack on graph structured data. In: Proceedings of International Conference on Machine Learning (ICML) (2018)

    Google Scholar 

  6. Dong, C., He, G., Liu, X., Yang, Y., Guo, W.: A multi-layer hardware trojan protection framework for IoT chips. IEEE Access 7, 23628–23639 (2019)

    Article  Google Scholar 

  7. Eykholt, K., et al.: Physical adversarial examples for object detectors. CoRR (2018)

    Google Scholar 

  8. Eykholt, K., et al.: Robust physical-world attacks on deep learning models. CoRR (2017)

    Google Scholar 

  9. Francq, J., Frick, F.: Introduction to hardware Trojan detection methods. In: 2015 Design, Automation and Test in Europe Conference and Exhibition (DATE), pp. 770–775. EDAA (2015)

    Google Scholar 

  10. Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: Proceedings of 2015 International Conference on Learning Representations (ICLR) (2015)

    Google Scholar 

  11. Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 62–79. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_4

    Chapter  Google Scholar 

  12. Hasegawa, K., Yanagisawa, M., Togawa, N.: Hardware Trojans classification for gate-level netlists using multi-layer neural networks. In: Proceedings of 2017 IEEE 23rd International Symposium on On-Line Testing and Robust System Design (IOLTS), pp. 227–232 (2017)

    Google Scholar 

  13. Inoue, T., Hasegawa, K., Yanagisawa, M., Togawa, N.: Designing hardware Trojans and their detection based on a SVM-based approach. In: Proceedings of International Conference on ASIC, pp. 811–814 (2018)

    Google Scholar 

  14. Inoue, T., Hasegawa, K., Yanagisawa, M., Togawa, N.: Designing subspecies of hardware Trojans and their detection using neural network approach. In: Proceedings 2018 IEEE 8th International Conference on Consumer Electronics in Berlin (ICCE-Berlin) (2018)

    Google Scholar 

  15. Iyyer, M., Wieting, J., Gimpel, K., Zettlemoyer, L.: Adversarial example generation with syntactically controlled paraphrase networks. In: Proceedings of the 2018 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long Papers), pp. 1875–1885. Association for Computational Linguistics (2018)

    Google Scholar 

  16. Jia, R., Liang, P.: Adversarial examples for evaluating reading comprehension systems. In: Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing, pp. 2021–2031. Association for Computational Linguistics (2017)

    Google Scholar 

  17. Jin, Y., Makris, Y.: Hardware Trojan detection using path delay fingerprint. In: Proceedings of IEEE International Workshop on Hardware-Oriented Security and Trust (HOST), pp. 51–57 (2008)

    Google Scholar 

  18. Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. In: Proceedings of 2017 International Conference on Learning Representations (ICLR) (2017)

    Google Scholar 

  19. Lamech, C., Plusquellic, J.: Trojan detection based on delay variations measured using a high-precision, low-overhead embedded test structure. In: 2012 IEEE International Symposium on Hardware-Oriented Security and Trust, pp. 75–82, June 2012

    Google Scholar 

  20. Liu, B., Qu, G.: VLSI supply chain security risks and mitigation techniques: a survey. Integr. VLSI J. 55, 438–448 (2016)

    Article  Google Scholar 

  21. Liu, D.C., Nocedal, J.: On the limited memory bfgs method for large scale optimization. Math. Program. 45(1), 503–528 (1989)

    Article  MathSciNet  Google Scholar 

  22. Moosavi-Dezfooli, S.M., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: IEEE Conference on Computer Vision and Pattern Recognition, pp. 2574–2582 (2016)

    Google Scholar 

  23. Oya, M., Shi, Y., Yanagisawa, M., Togawa, N.: A score-based classification method for identifying hardware-Trojans at gate-level netlists. In: Proceedings of 2015 Design, Automation and Test in Europe Conference and Exhibition, pp. 465–470 (2015)

    Google Scholar 

  24. Rostami, M., Koushanfar, F., Rajendran, J., Karri, R.: Hardware security: threat models and metrics. In: Proceedings of International Conference on Computer-Aided Design (ICCAD), pp. 819–823 (2013)

    Google Scholar 

  25. Salmani, H., Tehranipoor, M., Karri, R.: On design vulnerability analysis and trust benchmarks development. In: 2013 IEEE 31st International Conference on Computer Design (ICCD), pp. 471–474 (2013)

    Google Scholar 

  26. Shakya, B., He, T., Salmani, H., Forte, D., Bhunia, S., Tehranipoor, M.: Benchmarking of hardware trojans and maliciously affected circuits. J. Hardware Syst. Secur. 1(1), 85–102 (2017)

    Article  Google Scholar 

  27. Szegedy, C., et al.: Intriguing properties of neural networks. CoRR (2013)

    Google Scholar 

  28. Trust-HUB. http://trust-hub.org/benchmarks/trojan

  29. Xiao, K., Forte, D., Jin, Y., Karri, R., Bhunia, S., Tehranipoor, M.: Hardware trojans: lessons learned after one decade of research. ACM Trans. Design Autom. Electron. Syst. (TODAES) 22(1), 1–23 (2016)

    Article  Google Scholar 

  30. Zügner, D., Akbarnejad, A., Günnemann, S.: Adversarial attacks on neural networks for graph data. In: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining - KDD 2018, pp. 2847–2856. ACM Press (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Communications Engineering, Waseda University, Shinjuku, Japan

    Kohei Nozawa, Kento Hasegawa & Nozomu Togawa

  2. KDDI Research, Inc., Fujimino, Japan

    Seira Hidano & Shinsaku Kiyomoto

  3. Center for Research Strategy, Waseda University, Shinjuku, Japan

    Kazuo Hashimoto

Authors
  1. Kohei Nozawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kento Hasegawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seira Hidano
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shinsaku Kiyomoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kazuo Hashimoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Nozomu Togawa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kohei Nozawa .

Editor information

Editors and Affiliations

  1. Open University of Cyprus, Latsia, Cyprus

    Sokratis Katsikas

  2. IMT Atlantique, Brest, France

    Frédéric Cuppens

  3. IMT Atlantique, Brest, France

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  7. Georgia Institute of Technology, Atlanta, GA, USA

    Annie Antón

  8. University of Piraeus, Piraeus, Greece

    Stefanos Gritzalis

  9. Technical University of Berlin, Berlin, Germany

    Frank Pallas

  10. Alexander von Humboldt Institute for Internet and Society, Berlin, Germany

    Jörg Pohle

  11. Ruhr University Bochum, Bochum, Germany

    Angela Sasse

  12. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  13. University of Plymouth, Plymouth, UK

    Steven Furnell

  14. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nozawa, K., Hasegawa, K., Hidano, S., Kiyomoto, S., Hashimoto, K., Togawa, N. (2020). Adversarial Examples for Hardware-Trojan Detection at Gate-Level Netlists. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE SPOSE ADIoT 2019 2019 2019 2019. Lecture Notes in Computer Science(), vol 11980. Springer, Cham. https://doi.org/10.1007/978-3-030-42048-2_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-42048-2_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-42047-5

  • Online ISBN: 978-3-030-42048-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation