R. Vishnupriya,M. Nirmala Devi

DOI: https://doi.org/10.1007/978-981-15-7234-0_30

2020-10-18

Abstract:Due to the outsourcing of integrated circuit manufacturing to third party vendors. The chances of malicious hardware insertion also got increased. Untrusted foundries can always add Hardware Trojan circuits, which can alter the behavior or working of the integrated circuits. Since new hardware threats are emerging day by day, a generalized solution for threat detection should be defined. Machine learning based threat detection which is widely popular nowadays, it requires handcrafted features. On the contrary, the Deep Learning (DL) class of ML can choose the relevant features and learn, which has been proposed in this paper. Raw circuit features are extracted and fed to the DL model (Deep Stacked Auto Encoder), which could extract features that can aid in Trojan detection. 95% average TPR and 75% average TNR is obtained and which is higher than previously discussed works.

Fredin Jose,M. Priyatharishini,M. Nirmala Devi

DOI: https://doi.org/10.1007/978-981-16-5655-2_19

2022-01-01

Abstract:The exponential growth in technological development boosted the IC industry in production of IC chips in a span of 12–18 months. It has paved way for increased outsourcing which leads to malicious modification by inserting hardware trojans. It becomes necessary to detect these defects before IC fabrication in pre-silicon production stage to save the production cost. In this paper, we propose a method for HT detection using gate level netlist. Extracted features from the netlist of circuits are used for dataset creation. From the extracted features, designed deep learning neural network model figures out salient trojan features required for HT classification of nets into trojan-free and trojan infected nets. In addition to this, data imbalance problem occurs in dataset is taken care by preprocessing data using generative adversarial network. Deep learning-based hardware trojan classifier is evaluated with performance metrics like confusion matrix, F-measure, accuracy for ISCAS’85,’89 benchmark circuits and Trust-Hub circuits.

Sriram Sankaran,Vamshi Sunku Mohan,A Purushothaman.

DOI: https://doi.org/10.1109/ises52644.2021.00050

2021-12-01

Abstract:Hardware Trojans are modifications made by malicious insiders or third party providers during the design or fabrication phase of the IC (Integrated Circuits) design cycle in a covert manner. These cause catastrophic consequences ranging from manipulating the functionality of individual blocks to disabling the entire chip. Thus, a need for detecting trojans becomes necessary. In this work, we propose a deep learning based approach for detecting trojans in IC chips. In particular, we insert trojans at the circuit-level and generate data by measuring power during normal operation and under attack. Further, we develop deep learning models using Neural networks and Auto-encoders to analyze datasets for outlier detection by profiling the normal behavior and leveraging them to detect anomalies in power consumption. Our approach is generic and non-invasive in that it can be applied to any block without any modifications to the design. Evaluation of the proposed approach shows an accuracy ranging from 92.23% to 99.33% in detecting trojans.

Ameya Kulkarni,Chengying Xu

DOI: https://doi.org/10.3389/fmech.2021.709924

2021-07-27

Frontiers in Mechanical Engineering

Abstract:Deep learning methods have been extensively studied and have been proven to be very useful in multiple fields of technology. This paper presents a deep learning approach to optically detect hidden hardware trojans in the manufacturing and assembly phase of printed circuit boards to secure electronic supply chains. Trojans can serve as backdoors of accessing on chip data, can potentially alter functioning and in some cases may even deny intended service of the chip. Apart from consumer electronics, printed circuit boards are used in mission critical applications like military and space equipment. Security compromise or data theft can have severe impact and thus demand research attention. The advantage of the proposed method is that it can be implemented in a manufacturing environment with limited training data. It can also provide better coverage in detection of hardware trojans over traditional methods. Image recognition algorithms need to have deeper penetration inside the training layers for recognizing physical variations of image patches. However, traditional network architectures often face vanishing gradient problem when the network layers are added. This hampers the overall accuracy of the network. To solve this a Residual network with multiple layers is used in this article. The ResNet34 algorithm can identify manufacturing tolerances and can differentiate between a manufacturing defect and a hardware trojan. The ResNet operates on the fundamental principle of learning from the residual of the output of preceding layer. In the degradation issue, it is observed that, a shallower network performs better than deeper network. However, this is with the downside of lower accuracy. Thus, a skip connection is made to provide an alternative path for the gradient to skip forward the training of few layers and add in multiple repeating blocks to achieve higher accuracy and lower training times. Implementation of this method can bolster automated optical inspection setup used to detect manufacturing variances on a printed circuit board. The results show a 98.5% accuracy in optically detecting trojans by this method and can help cut down redundancy of physically testing each board. The research results also provide a new consideration of hardware trojan benchmarking and its effect on optical detection.

Chen Dong,Yinan Yao,Yi Xu,Ximeng Liu,Yan Wang,Hao Zhang,Li Xu

DOI: https://doi.org/10.3390/s23125503

2023-06-11

Abstract:The Cyber-Physical System and even the Metaverse will become the second space in which human beings live. While bringing convenience to human beings, it also brings many security threats. These threats may come from software or hardware. There has been a lot of research on managing malware, and there are many mature commercial products, such as antivirus software, firewalls, etc. In stark contrast, the research community on governing malicious hardware is still in its infancy. Chips are the core component of hardware, and hardware Trojans are the primary and complex security issue faced by chips. Detection of hardware Trojans is the first step for dealing with malicious circuits. Due to the limitation of the golden chip and the computational consumption, the existing traditional detection methods are not applicable to very large-scale integration. The performances of traditional machine-learning-based methods depend on the accuracy of the multi-feature representation, and most of the methods may lead to instability because of the difficulty of extracting features manually. In this paper, employing deep learning, a multiscale detection model for automatic feature extraction is proposed. The model is called MHTtext and provides two strategies to balance the accuracy and computational consumption. After selecting a strategy according to the actual situations and requirements, the MHTtext generates the corresponding path sentences from the netlist and employs TextCNN for identification. Further, it can also obtain non-repeated hardware Trojan component information to improve its stability performance. Moreover, a new evaluation metric is established to intuitively measure the model's effectiveness and balance: the stabilization efficiency index (SEI). In the experimental results for the benchmark netlists, the average accuracy (ACC) in the TextCNN of the global strategy is as high as 99.26%, and one of its stabilization efficiency index values ranks first with a score of 71.21 in all comparison classifiers. The local strategy also achieved an excellent effect, according to the SEI. The results show that the proposed MHTtext model has high stability, flexibility, and accuracy, in general.

Priyatharishini Murugesan,Nirmala Manickam,,

DOI: https://doi.org/10.22266/ijies2020.1231.28

2020-12-31

International Journal of Intelligent Engineering and Systems

Abstract:In modern electronic design, hardware Trojan has emerged as a major threat in the hardware security. To detect the hardware Trojan is a major problem in testing process because of their inherent concealed nature. In this work, we propose a deep learning-based Trojan classification approach, which extracts the optimal feature to indicate the nets affected by the Trojan module. In this approach, a handcrafted algorithm along with the structural report is also analyzed for extracting further features of the gate level netlist, which stamp out the requirement of golden chip. This detection technique is also validated using game theoretical approach, which is modelled as zero-sum game between the attacker and the defender. The Simulation is employed on ISCAS’85, ISCAS’89 and Trust-HUB circuits and the deep learning algorithm performs the best in detection and classification of Trojan type with an average True positive rate of 96.69% and an accuracy of 96.25%.

Ghulam Muhammad,M. Shamim Hossain,Sahil Garg

DOI: https://doi.org/10.1109/jiot.2020.3041184

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:With the rapid progress of wireless communication technologies along with their digital revolutions, the quantity of the Internet of Things (IoT) has been increased by manifolds, resulting in a huge increase in data volume and network traffic. It became easier for an intruder to pretend as a valid service provider, and generate different types of network attacks. This becomes even more severe when the service involves digital financial transactions for possible urbanization. This article proposes an intrusion detection system (IDS) based on a stacked autoencoder (AE) and a deep neural network (DNN). The stacked AE learns the features of the input network record in an unsupervised manner to decrease the feature width. Then, the DNN is trained in a supervised manner to extract deep-learned features for the classifier. In the proposed system, the stacked AE has two latent layers and the DNN has two or three layers, where each layer has a fully connected layer, a batch normalization, and a dropout. The system was evaluated on three publicly available data sets: 1) KDDCup99; 2) NSL-KDD; and 3) aegean Wi-Fi intrusion data sets. Experimental results exhibited that the proposed IDS achieved 94.2%, 99.7%, and 99.9% accuracy, respectively, for multiclass classification.

computer science, information systems,telecommunications,engineering, electrical & electronic

Pravin Gaikwad,Jonathan Cruz,Prabuddha Chakraborty,Swarup Bhunia,Tamzidul Hoque

DOI: https://doi.org/10.1145/3592795

IF: 2.013

2023-04-18

ACM Journal on Emerging Technologies in Computing Systems

Abstract:System-on-chip (SoC) developers increasingly rely on pre-verified hardware intellectual property (IP) blocks often acquired from untrusted third-party vendors. These IPs might contain hidden malicious functionalities or hardware Trojans that may compromise the security of the fabricated SoCs. Lack of golden or reference models and vast possible Trojan attack space form some of the major barriers in detecting hardware Trojans in these third-party IP (3PIP) blocks. Recently, supervised machine learning (ML) techniques have shown promising capability in identifying nets of potential Trojans in 3PIPs without the need of golden models. However, they bring several major challenges. First, they do not guide us to an optimal choice of features that reliably covers diverse classes of Trojans. Second, they require multiple Trojan-free/trusted designs to insert known Trojans and generate a trained model. Even if a set of trusted designs are available for training, the suspect IP can have inherently very different structure from the set of trusted designs, which may negatively impact the verification outcome. Third, these techniques only identify a set of suspect Trojan nets that require manual intervention to understand the potential threat. In this paper, we present VIPR, a systematic machine learning (ML) based trust verification solution for 3PIPs that eliminates the need for trusted designs for training. We present a comprehensive framework, associated algorithms, and a tool flow for obtaining an optimal set of features, training a targeted machine learning model, detecting suspect nets, and identifying Trojan circuitry from the suspect nets. We evaluate the framework on several Trust-Hub Trojan benchmarks and provide a comparative analysis of detection performance across different trained models, selection of features, and post-processing techniques. We demonstrate promising Trojan detection accuracy for VIPR with up to 92.85% reduction in false positives by the proposed post-processing algorithm.

engineering, electrical & electronic,computer science, hardware & architecture,nanoscience & nanotechnology

D. Santhadevi,B. Janet

DOI: https://doi.org/10.1007/s11227-023-05153-y

IF: 3.3

2023-03-17

The Journal of Supercomputing

Abstract:Cyber-attacks on Internet of Things (IoT) devices are becoming increasingly common due to the rapidly growing number of connected devices and the lack of security measures in many of these devices. Attackers can exploit these flaws using the internet and remote access. The Edge Service is a critical component of NetFlow-based malware detection systems, responsible for several key functions. Firstly, it receives raw network traffic data from the Edge Gateway installed at the network perimeter. Secondly, it processes the raw data to make it suitable for deep learning models by converting it into an appropriate format, normalizing it and extracting relevant features. The Edge Service also develops the deep learning network for malware detection and classification using Vectorized Convolutional Neural Networks (VCNN), multi Long Short-Term Memory (LSTM) models, and mayfly optimization techniques, and trains it on benchmark datasets (NBaIoT-balanced, UNSW-NB15 and UNSW_BOT_IoT-imbalanced) of benign and malicious network traffic to learn the patterns and characteristics of each type of traffic. Once the deep learning network is developed, the Edge Service uses it to detect and classify malware in real time by analyzing network traffic data to identify patterns and anomalies that may indicate the presence of malware. The Edge Service includes a Master Edge Node (MEN) responsible for all these functions. Edge Service plays a crucial role in detecting and preventing malware attacks by providing real-time protection and alerting potential threats.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Taifeng Hu,Liji Wu,Xiangmin Zhang,Yanzhao Yin,Yijun Yang

DOI: https://doi.org/10.1109/icasid.2019.8924992

2019-01-01

Abstract:With the application of integrated circuits (ICs) appears in all aspects of life, whether an IC is security and reliable has caused increasing worry which is of significant necessity. An attacker can achieve the malicious purpose by adding or removing some modules, so called hardware Trojans (HTs). In this paper, we use side-channel analysis (SCA) and support vector machine (SVM) classifier to determine whether there is a Trojan in the circuit. We use SAKURA-G circuit board with Xilinx SPARTAN-6 to complete our experiment. Results show that the Trojan detection rate is up to 93% and the classification accuracy is up to 91.8475%.

Shashwat Khandelwal,Eashan Wadhwa,Shreejith Shanker

DOI: https://doi.org/10.1109/ASAP54787.2022.00023

2024-01-19

Abstract:Rising complexity of in-vehicle electronics is enabling new capabilities like autonomous driving and active safety. However, rising automation also increases risk of security threats which is compounded by lack of in-built security measures in legacy networks like CAN, allowing attackers to observe, tamper and modify information shared over such broadcast networks. Various intrusion detection approaches have been proposed to detect and tackle such threats, with machine learning models proving highly effective. However, deploying machine learning models will require high processing power through high-end processors or GPUs to perform them close to line rate. In this paper, we propose a hybrid FPGA-based ECU approach that can transparently integrate IDS functionality through a dedicated off-the-shelf hardware accelerator that implements a deep-CNN intrusion detection model. Our results show that the proposed approach provides an average accuracy of over 99% across multiple attack datasets with 0.64% false detection rates while consuming 94% less energy and achieving 51.8% reduction in per-message processing latency when compared to IDS implementations on GPUs.

Cryptography and Security,Machine Learning

S. Nagarajan,S. Kayalvizhi,R. Subhashini,V. Anitha

DOI: https://doi.org/10.1016/j.cie.2023.109166

2023-04-23

Abstract:The security analysis has become the hotspot concern in Industrial Control Systems (ICSs) that grabs the research attention in today's era. Owing to the rapid admittance of the Industrial Internet of Things (IIoT), the superimposition of fog and cloud computing plays a pivotal role for rectifying such issues as fewer computation resources and more latency in the network. In addition to this, security issue comes first while developing the ICS in the sector of IIoT. In general, ICS is applied for various processes, such as electric utilization and water supply management, that are related to every individual's life. Though it is interlinked with the Internet, it can easily expose to different threats. To defend the model, Intrusion Detection Systems (IDS) are employed. In signature-based detection, anomaly detection is used to find out the unknown attacks in the network. Yet, the ICS is structured with many software and hardware tools. It also seems in the openness nature of the industrial environment that, it becomes vulnerable to various attacks. Hence, detecting unknown attacks is a complex task in the openness nature of the industrial environment. It causes failure to protect such systems from malicious entities that could result in more complications for humans. Hence, the detection of malicious activities is essential. In order to provide an efficient model, a new hybrid deep learning is proposed in ICS. Initially, the original data is to be collected based on the ICS industry. Secondly, the gathered data is preprocessed to clean the artifacts and clean the data. Thirdly, the optimal features are chosen directly from the gathered data with the help of a hybrid algorithm called the Hybrid Honey Badger-World Cup Algorithm (HHB-WCA). The chosen optimal features are fed to the hybrid deep learning termed as Autoencoder-Bi-directional Long Short-Term Memory (A-Bi-LSTM), where the encoded features from Autoencoder are extracted and encoded features are subjected to the Bi-LSTM classifier. Finally, the simulation outcome has shown that the developed method is compared with the other traditional algorithms to detect the unknown classes in the network.

computer science, interdisciplinary applications,engineering, industrial

Adel Binbusayyis,Thavavel Vaiyapuri

DOI: https://doi.org/10.1007/s10489-021-02205-9

IF: 5.3

2021-02-24

Applied Intelligence

Abstract:With the rapid advancement in network technologies, the need for cybersecurity has gained increasing momentum in recent years. As a primary defense mechanism, an intrusion detection system (IDS) is expected to adapt and secure the computing infrastructures from the ever-changing sophisticated threat landscape. Many deep learning approaches have recently been proposed; however, these techniques face significant challenges in identifying all types of attacks, especially rare attacks due to network traffic imbalances and the lack of a sufficient number of abnormal traffic samples for model training. To overcome these shortcomings and improve detection performance, this paper presents an unsupervised deep learning approach for intrusion detection. Unlike the existing IDS model that extracts features and trains a classifier in two separate stages, a single-stage IDS approach that integrates a one-dimensional convolutional autoencoder (1D CAE) and a one-class support vector machine (OCSVM) as a classifier into a joint optimization framework is introduced in this paper for the first time. Using only the normal traffic samples, the approach simultaneously optimizes the 1D CAE for compact feature representation and the OCSVM for classification by defining a unified objective function combining reconstruction error with classification error. Thus, the generated compact feature representation has not only reconstruction ability but also discriminative ability for classification. An in-depth ablation analysis validates the design decisions and provides further insight of the proposed approach. An extensive set of experiments on two benchmark intrusion datasets, NSL-KDD and UNSW-NB15, demonstrates the generalization ability of the proposed model for unseen attacks and confirms it as a competitive approach over the recent state-of-the-art intrusion detection baselines. Overall, the obtained results emphasize that the proposed approach has potential to serve as a baseline for building an effective IDS.

computer science, artificial intelligence

Abdurrahman Nasr,Khalil Mohamed,Ayman Elshenawy,Mohamed Zaki

DOI: https://doi.org/10.1038/s41598-024-62744-2

IF: 4.6

2024-06-08

Scientific Reports

Abstract:Hardware Trojans (HTs) are hidden threats embedded in the circuitry of integrated circuits (ICs), enabling unauthorized access, data theft, operational disruptions, or even physical harm. Detecting Hardware Trojans (HTD) is paramount for ensuring IC security. This paper introduces a novel Siamese neural network (SNN) framework for non-destructive HTD. The proposed framework can detect HTs by processing power side-channel signals without the need for a golden model of the IC. To obtain the best results, different neural network models such as Convolutional Neural Network (CNN), Gated Recurrent Unit (GRU), and Long Short-Term Memory (LSTM) are integrated individually with SNN. These models are trained on the extracted features from the Trojan Power & EM Side-Channel dataset. The results show that the Siamese LSTM model achieved the highest accuracy of 86.78%, followed by the Siamese GRU model with 83.59% accuracy and the Siamese CNN model with 73.54% accuracy. The comparison shows that of the proposed Siamese LSTM is a promising new approach for HTD and outperform the state-of-the-art methods.

multidisciplinary sciences

Raja Maheswari,Marudhamuthu Krishnamurthy

DOI: https://doi.org/10.1002/ett.4975

IF: 3.6

2024-04-17

Transactions on Emerging Telecommunications Technologies

Abstract:Abstract Side‐channel analysis (SCA) is a type of cryptanalytic attack that uses unintended ‘side‐channel’ leakage through the real‐world execution of the cryptographic algorithm to crack a secret key of an embedded system. These side‐channel errors can be discovered through tracking the energy usage of the device performing the technique, electromagnetic radiations while the encryption process, execution time, cache hits/misses, and others. Nowadays, deep learning‐based detection techniques are considered as emerging techniques that have been proposed for attack detection. Deep learning architectures have the ability to learn autonomously and concentrate on difficult features, in contrast to machine learning models. In light of these factors, the work's motive is thought to be the proposal of a deep learning‐based attack detection method. Many methods are used to decrease these assaults, however, the majority of them are inefficient and time‐demanding. In order to address these challenges, this study employs a novel deep learning‐based methodology. Pre‐processing, feature extraction, and SCA classification are the three stages of the approach proposed in this work. First, pre‐processing is used to remove unnecessary information and improve the quality of the input using data cleaning and min‐max normalization. The previously processed data are then fed as input into the proposed hybrid deep learning architecture. A Deep Residual Capsule Auto‐Encoder (DR_CAE) model is introduced in the proposed study. The deep residual neural network‐50 (DRNN‐50) is utilized to extract relevant features in this case, while the side channel analysis is done by using capsule auto‐encoder (CAE). The parameters of the proposed model are adjusted using the modified white shark optimization (MWSO) technique to improve its performance. In the results section, the proposed model is compared to various existing models in terms of accuracy, precision, recall, F‐measures, time, and so on. The proposed framework has an accuracy of 98.802%, F‐measures of 98.801%, kappa coefficient of 97.6%, the precision value of 98.81%, and recall value of 98.80%.

telecommunications

Haripriya Harikumar,Vuong Le,Santu Rana,Sourangshu Bhattacharya,Sunil Gupta,Svetha Venkatesh

DOI: https://doi.org/10.48550/arXiv.2006.05646

2020-06-10

Abstract:Recently, it has been shown that deep learning models are vulnerable to Trojan attacks, where an attacker can install a backdoor during training time to make the resultant model misidentify samples contaminated with a small trigger patch. Current backdoor detection methods fail to achieve good detection performance and are computationally expensive. In this paper, we propose a novel trigger reverse-engineering based approach whose computational complexity does not scale with the number of labels, and is based on a measure that is both interpretable and universal across different network and patch types. In experiments, we observe that our method achieves a perfect score in separating Trojaned models from pure models, which is an improvement over the current state-of-the art method.

Computer Vision and Pattern Recognition

Mathew Ashik,A. Jyothish,S. Anandaram,P. Vinod,Francesco Mercaldo,Fabio Martinelli,Antonella Santone

DOI: https://doi.org/10.3390/electronics10141694

IF: 2.9

2021-07-15

Electronics

Abstract:Malware is one of the most significant threats in today’s computing world since the number of websites distributing malware is increasing at a rapid rate. Malware analysis and prevention methods are increasingly becoming necessary for computer systems connected to the Internet. This software exploits the system’s vulnerabilities to steal valuable information without the user’s knowledge, and stealthily send it to remote servers controlled by attackers. Traditionally, anti-malware products use signatures for detecting known malware. However, the signature-based method does not scale in detecting obfuscated and packed malware. Considering that the cause of a problem is often best understood by studying the structural aspects of a program like the mnemonics, instruction opcode, API Call, etc. In this paper, we investigate the relevance of the features of unpacked malicious and benign executables like mnemonics, instruction opcodes, and API to identify a feature that classifies the executable. Prominent features are extracted using Minimum Redundancy and Maximum Relevance (mRMR) and Analysis of Variance (ANOVA). Experiments were conducted on four datasets using machine learning and deep learning approaches such as Support Vector Machine (SVM), Naïve Bayes, J48, Random Forest (RF), and XGBoost. In addition, we also evaluate the performance of the collection of deep neural networks like Deep Dense network, One-Dimensional Convolutional Neural Network (1D-CNN), and CNN-LSTM in classifying unknown samples, and we observed promising results using APIs and system calls. On combining APIs/system calls with static features, a marginal performance improvement was attained comparing models trained only on dynamic features. Moreover, to improve accuracy, we implemented our solution using distinct deep learning methods and demonstrated a fine-tuned deep neural network that resulted in an F1-score of 99.1% and 98.48% on Dataset-2 and Dataset-3, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Kevin Immanuel Gubbi,Banafsheh Saber Latibari,Anirudh Srikanth,Tyler Sheaves,Sayed Arash Beheshti-Shirazi,Sai Manoj PD,Satareh Rafatirad,Avesta Sasan,Houman Homayoun,Soheil Salehi

DOI: https://doi.org/10.1145/3579823

2023-04-21

ACM Transactions on Embedded Computing Systems

Abstract:With the growth and globalization of IC design and development, there is an increase in the number of Designers and Design houses. As setting up a fabrication facility may easily cost upwards of $20 billion, costs for advanced nodes may be even greater. IC design houses that cannot produce their chips in-house have no option but to use external foundries that are often in other countries. Establishing trust with these external foundries can be a challenge, and these foundries are assumed to be untrusted. The use of these untrusted foundries in the global semiconductor supply chain has raised concerns about the security of the fabricated ICs targeted for sensitive applications. One of these security threats is the adversarial infestation of fabricated ICs with a Hardware Trojan (HT) . An HT can be broadly described as a malicious modification to a circuit to control, modify, disable, or monitor its logic. Conventional VLSI manufacturing tests and verification methods fail to detect HT due to the different and un-modeled nature of these malicious modifications. Current state-of-the-art HT detection methods utilize statistical analysis of various side-channel information collected from ICs, such as power analysis, power supply transient analysis, regional supply current analysis, temperature analysis, wireless transmission power analysis, and delay analysis. To detect HTs, most methods require a Trojan-free reference golden IC. A signature from these golden ICs is extracted and used to detect ICs with HTs. However, access to a golden IC is not always feasible. Thus, a mechanism for HT detection is sought that does not require the golden IC. Machine Learning (ML) approaches have emerged to be extremely useful in helping eliminate the need for a golden IC. Recent works on utilizing ML for HT detection have been shown to be promising in achieving this goal. Thus, in this tutorial, we will explain utilizing ML as a solution to the challenge of HT detection. Additionally, we will describe the Electronic Design Automation (EDA) tool flow for automating ML-assisted HT detection. Moreover, to further discuss the benefits of ML-assisted HT detection solutions, we will demonstrate a Neural Network (NN) -assisted timing profiling method for HT detection. Finally, we will discuss the shortcomings and open challenges of ML-assisted HT detection methods.

computer science, software engineering, hardware & architecture

Pravin Gaikwad,Jonathan Cruz,Prabuddha Chakraborty,Swarup Bhunia,Tamzidul Hoque

DOI: https://doi.org/10.48550/arXiv.2111.14956

2021-11-30

Abstract:System-on-chip (SoC) developers increasingly rely on pre-verified hardware intellectual property (IP) blocks acquired from untrusted third-party vendors. These IPs might contain hidden malicious functionalities or hardware Trojans to compromise the security of the fabricated SoCs. Recently, supervised machine learning (ML) techniques have shown promising capability in identifying nets of potential Trojans in third party IPs (3PIPs). However, they bring several major challenges. First, they do not guide us to an optimal choice of features that reliably covers diverse classes of Trojans. Second, they require multiple Trojan-free/trusted designs to insert known Trojans and generate a trained model. Even if a set of trusted designs are available for training, the suspect IP could be inherently very different from the set of trusted designs, which may negatively impact the verification outcome. Third, these techniques only identify a set of suspect Trojan nets that require manual intervention to understand the potential threat. In this paper, we present VIPR, a systematic machine learning (ML) based trust verification solution for 3PIPs that eliminates the need for trusted designs for training. We present a comprehensive framework, associated algorithms, and a tool flow for obtaining an optimal set of features, training a targeted machine learning model, detecting suspect nets, and identifying Trojan circuitry from the suspect nets. We evaluate the framework on several Trust-Hub Trojan benchmarks and provide a comparative analysis of detection performance across different trained models, selection of features, and post-processing techniques. The proposed post-processing algorithms reduce false positives by up to 92.85%.

Cryptography and Security,Machine Learning

Dmitry Utyamishev,Inna Partin-Vaisband

DOI: https://doi.org/10.1109/tcad.2024.3383348

IF: 2.9

2024-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Hardware Trojans (HTs) are malicious circuits that can be inserted into integrated circuits (ICs) during the design, manufacturing, or packaging phases. HTs can cause a variety of security and safety problems, such as data theft, denial-of-service attacks, and physical damage. A scalable reference-free framework is introduced in this paper for netwise gate-level detection of existing and unknown HTs. The proposed framework consists of embedding-based automated netlist graph analysis and a supervised convolution-based classification of the individual IC net embeddings. A novel convolution algorithm for learning embedded IC graphs has been developed to overcome fundamental scalability limitation of existing graph convolutional neural networks. The performance of the proposed framework is experimentally demonstrated based on the TrustHub TRIT-TC benchmark suite, yielding a high recall of 96% and a precision of 86% for the netwise detection. The individual HT-compromised nets are highlighted within less than 0.1 seconds in >17,000-gate ICs. The proposed framework provides a scalable way to detect existing and unknown HTs without relying on HT-free reference ICs and can be effectively applied to large complex modern ICs. The unique combination of these characteristics makes the proposed framework more practical for real-world hardware cybersecurity applications as compared with prior art.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture