Abstract
Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the threat of injecting a malicious circuit, called a hardware Trojan, by third party has been increasing. Machine learning has been known to produce a powerful model to detect hardware Trojans. But it is recently reported that such a machine learning based detection is weak against adversarial examples (AEs), which cause misclassification by adding perturbation in input data. Referring to the existing studies on adversarial examples, most of which are discussed in the field of image processing, this paper first proposes a framework generating adversarial examples for hardware-Trojan detection for gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent circuits, and makes it difficult to detect them. Second, we define Trojan-net concealment degree (TCD) as a possibility of misclassification, and modification evaluating value (MEV) as a measure of the amount of modifications. Third, judging from MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases true positive rate (TPR) by at most 30.15 points.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The number of Trojan nets identified as Trojan nets is called as true positive (TP). The number of Trojan nets identified as normal nets is called as false negative (FN). The true positive rate is obtained from TP / (TP + FN).
- 2.
The number of normal nets identified as normal nets is called as true negative (TN). The number of normal nets identified as Trojan nets is called as false positive (FP). The true negative rate is obtained from TN/(TN + FP).
References
Akhtar, N., Mian, A.: Threat of adversarial attacks on deep learning in computer vision: a survey. IEEE Access 6, 14410–14430 (2018)
Bhunia, S., Hsiao, M.S., Banga, M., Narasimhan, S.: Hardware Trojan attacks: threat analysis and countermeasures. Proc. IEEE 102(8), 1229–1247 (2014)
Carlini, N., Wagner, D.: Audio adversarial examples: targeted attacks on speech-to-text. In: 2018 IEEE Security and Privacy Workshops (SPW) (2018)
Chakraborty, R.S., Narasimhan, S., Bhunia, S.: Hardware Trojan: threats and emerging solutions. In: Proceedings of International High-Level Design Validation and Test Workshop (HLDVT), pp. 166–171 (2009)
Dai, H., et al.: Adversarial attack on graph structured data. In: Proceedings of International Conference on Machine Learning (ICML) (2018)
Dong, C., He, G., Liu, X., Yang, Y., Guo, W.: A multi-layer hardware trojan protection framework for IoT chips. IEEE Access 7, 23628–23639 (2019)
Eykholt, K., et al.: Physical adversarial examples for object detectors. CoRR (2018)
Eykholt, K., et al.: Robust physical-world attacks on deep learning models. CoRR (2017)
Francq, J., Frick, F.: Introduction to hardware Trojan detection methods. In: 2015 Design, Automation and Test in Europe Conference and Exhibition (DATE), pp. 770–775. EDAA (2015)
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: Proceedings of 2015 International Conference on Learning Representations (ICLR) (2015)
Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 62–79. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_4
Hasegawa, K., Yanagisawa, M., Togawa, N.: Hardware Trojans classification for gate-level netlists using multi-layer neural networks. In: Proceedings of 2017 IEEE 23rd International Symposium on On-Line Testing and Robust System Design (IOLTS), pp. 227–232 (2017)
Inoue, T., Hasegawa, K., Yanagisawa, M., Togawa, N.: Designing hardware Trojans and their detection based on a SVM-based approach. In: Proceedings of International Conference on ASIC, pp. 811–814 (2018)
Inoue, T., Hasegawa, K., Yanagisawa, M., Togawa, N.: Designing subspecies of hardware Trojans and their detection using neural network approach. In: Proceedings 2018 IEEE 8th International Conference on Consumer Electronics in Berlin (ICCE-Berlin) (2018)
Iyyer, M., Wieting, J., Gimpel, K., Zettlemoyer, L.: Adversarial example generation with syntactically controlled paraphrase networks. In: Proceedings of the 2018 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long Papers), pp. 1875–1885. Association for Computational Linguistics (2018)
Jia, R., Liang, P.: Adversarial examples for evaluating reading comprehension systems. In: Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing, pp. 2021–2031. Association for Computational Linguistics (2017)
Jin, Y., Makris, Y.: Hardware Trojan detection using path delay fingerprint. In: Proceedings of IEEE International Workshop on Hardware-Oriented Security and Trust (HOST), pp. 51–57 (2008)
Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. In: Proceedings of 2017 International Conference on Learning Representations (ICLR) (2017)
Lamech, C., Plusquellic, J.: Trojan detection based on delay variations measured using a high-precision, low-overhead embedded test structure. In: 2012 IEEE International Symposium on Hardware-Oriented Security and Trust, pp. 75–82, June 2012
Liu, B., Qu, G.: VLSI supply chain security risks and mitigation techniques: a survey. Integr. VLSI J. 55, 438–448 (2016)
Liu, D.C., Nocedal, J.: On the limited memory bfgs method for large scale optimization. Math. Program. 45(1), 503–528 (1989)
Moosavi-Dezfooli, S.M., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: IEEE Conference on Computer Vision and Pattern Recognition, pp. 2574–2582 (2016)
Oya, M., Shi, Y., Yanagisawa, M., Togawa, N.: A score-based classification method for identifying hardware-Trojans at gate-level netlists. In: Proceedings of 2015 Design, Automation and Test in Europe Conference and Exhibition, pp. 465–470 (2015)
Rostami, M., Koushanfar, F., Rajendran, J., Karri, R.: Hardware security: threat models and metrics. In: Proceedings of International Conference on Computer-Aided Design (ICCAD), pp. 819–823 (2013)
Salmani, H., Tehranipoor, M., Karri, R.: On design vulnerability analysis and trust benchmarks development. In: 2013 IEEE 31st International Conference on Computer Design (ICCD), pp. 471–474 (2013)
Shakya, B., He, T., Salmani, H., Forte, D., Bhunia, S., Tehranipoor, M.: Benchmarking of hardware trojans and maliciously affected circuits. J. Hardware Syst. Secur. 1(1), 85–102 (2017)
Szegedy, C., et al.: Intriguing properties of neural networks. CoRR (2013)
Trust-HUB. http://trust-hub.org/benchmarks/trojan
Xiao, K., Forte, D., Jin, Y., Karri, R., Bhunia, S., Tehranipoor, M.: Hardware trojans: lessons learned after one decade of research. ACM Trans. Design Autom. Electron. Syst. (TODAES) 22(1), 1–23 (2016)
Zügner, D., Akbarnejad, A., Günnemann, S.: Adversarial attacks on neural networks for graph data. In: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining - KDD 2018, pp. 2847–2856. ACM Press (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Nozawa, K., Hasegawa, K., Hidano, S., Kiyomoto, S., Hashimoto, K., Togawa, N. (2020). Adversarial Examples for Hardware-Trojan Detection at Gate-Level Netlists. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE SPOSE ADIoT 2019 2019 2019 2019. Lecture Notes in Computer Science(), vol 11980. Springer, Cham. https://doi.org/10.1007/978-3-030-42048-2_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-42048-2_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42047-5
Online ISBN: 978-3-030-42048-2
eBook Packages: Computer ScienceComputer Science (R0)