There has been a growing trend in recent years to outsource various aspects of the semiconductor design and manufacturing flow to different parties spread across the globe. Such outsourcing increases the risk of adversaries adding malicious logic, referred to as hardware Trojans, to the original design. In this paper, we introduce a run-time hardware Trojan detection method for microprocessor cores. This approach uses Half-space trees to detect the activation of Trojans that introduce abnormal patterns in the data streams obtained from performance counters. It does not require any additional hardware or the monitoring of a large number of internal signals. We evaluate our method by detecting the activation of Trojans that cause denial-of-service, the degradation of system performance, and change in functionality of a microprocessor core. Results obtained using the OpenSPARC T1 core and an FPGA prototyping framework show that Trojan activation is detected with true positive ratio of above 0.9 and a false positive ratio of below 0.1 for most of the implemented Trojans.