This paper presents a hardware Trojan classification method that performs a static analysis in gate-level netlist. Based on the controllability and observability characteristics extracted in a circuit, the nets are clustered into two groups with the k-means method. Then inter-cluster distance is measured and taken as the major feature for Trojan identification. By combined with three other features in terms of circuit scale statistic number, a complementary representation of Trojan circuits is constructed. Finally, a support vector machine classifier is trained to distinguish the Trojan circuits from genuine circuits. Experimental results on Trust-HUB benchmarks demonstrate that our method can achieve up to 100% true positive rate.
It has been reported that malicious third-party IC vendors often insert hardware Trojans into their IC products. How to detect them is a critical concern in IC design process. Machine-learning-based hardware-Trojan detection gives a strong solution to tackle this problem. Hardware-Trojan infected nets (or Trojan nets) in ICs must have particular Trojan-net features, which differ from those of normal nets. In order to classify all the nets in a netlist designed by third-party vendors into Trojan nets and normal ones by machine learning, we have to extract effective Trojan-net features from Trojan nets. In this paper, we first propose 51 Trojan-net features which describe well Trojan nets. After that, we pick up random forest as one of the best candidates for machine learning and optimize it to apply to hardware-Trojan detection. Based on the importance values obtained from the optimized random forest classifier, we extract the best set of 11 Trojan-net features out of the 51 features which can effectively classify the nets into Trojan ones and normal ones, maximizing the F-measures. By using the 11 Trojan-net features extracted, our optimized random forest classifier has achieved at most 100% true positive rate as well as 100% true negative rate in several Trust-HUB benchmarks and obtained the average F-measure of 79.3% and the accuracy of 99.2%, which realize the best values among existing machine-learning-based hardware-Trojan detection methods.
Due to the increase of outsourcing by IC vendors, we face a serious risk that malicious third-party vendors insert hardware Trojans very easily into their IC products. However, detecting hardware Trojans is very difficult because today's ICs are huge and complex. In this paper, we propose a hardware-Trojan classification method for gate-level netlists to identify hardware-Trojan infected nets (or Trojan nets) using a support vector machine (SVM) or a neural network (NN). At first, we extract the five hardware-Trojan features from each net in a netlist. These feature values are complicated so that we cannot give the simple and fixed threshold values to them. Hence we secondly represent them to be a five-dimensional vector and learn them by using SVM or NN. Finally, we can successfully classify all the nets in an unknown netlist into Trojan ones and normal ones based on the learned classifiers. We have applied our machine-learning-based hardware-Trojan classification method to Trust-HUB benchmarks. The results demonstrate that our method increases the true positive rate compared to the existing state-of-the-art results in most of the cases. In some cases, our method can achieve the true positive rate of 100%, which shows that all the Trojan nets in an unknown netlist are completely detected by our method.