Figure 2 shows the proposed Trojan-detection framework, which consists of four main stages: netlist modeling, node filtering, machine learning, and load expansion. The netlist is integrated, mapped, and modeled as a directed graph structure in the netlist modeling stage. In the node-filtering stage, which is the pre-processing of the machine learning stage, subgraphs are divided from the directed graph and matched with templates, and the dangerous nodes are filtered in order to balance the dataset. In the machine-learning stage, the nodes are classified by an ML-based HT-detection method. The features and learning models can be configured by the user flexibly. Finally, the identified Trojan nodes are expanded to obtain a complete Trojan structure in the load expansion stage, which is the post-processing of the machine learning stage. Note that the proposed framework aims to enhance the performance of existing ML methods through the pre-processing and post-processing stages, and the specific ML method is not the focus of this paper.
3.1. Netlist Modeling
In IC design, cells with the same logical function usually have different descriptions because they vary in timing, area, and power, which makes it more difficult to analyze the netlist. In hardware Trojan detection, we only focus on circuit structure and logic gate function. Therefore, in order to reduce the complexity of the algorithm, we first learn the existing technology libraries such as SMIC and TSMC, and build a technology-independent cell model. Then, the cells in the original netlist are replaced by cells in the technology-independent cell model with the same function to obtain the technology-independent netlist.
The netlist is a description of the circuit connection relationship, including gates, wires, and the relationships between them, which is consistent with the directed graph structure. A gate-level netlist can be represented as a graph structure by translating the elements of the circuit into nodes and the wires into edges. The mapped technology-independent netlist is modeled as a directed graph , where V is the set of vertices in the directed graph and E is the set of edges in the directed graph. We define , where denotes a logic gate description such as XOR2, AND2, or OR2. We define , where equals 1 if logic gate is a fan-in of logic gate , and 0 otherwise.
3.2. Node Filtering
Since the Trojan circuit always accounts for less than one-thousandth of the whole circuit, the dataset is severely imbalanced and the accuracy of the model is degraded in ML-based detection methods. Oversampling and undersampling are typically used to address data imbalance. However, the new samples synthesized by oversampling are highly correlated with the original samples and tend to overfit during training. In undersampling, it is difficult to select removed samples, and random removal tends to introduce uncertainty. In our framework, considering the inherent characteristics of logic gates and the low trigger probability of Trojan circuits, undersampling is used to filter data. Firstly, according to expert experience and characteristics of HT trigger circuits, a structure template is proposed. Then, subgraphs are extracted from the directed graph modeled by the gate-level netlist. Lastly, all the subgraphs are matched with the structure template, and dangerous nodes are extracted to form a balanced dataset.
Structure template. Trojan circuits are difficult to activate and are triggered only when the input is a specific combination. To illustrate this, the HT structure of the s35932-T100 circuit in the Trust_Hub benchmark is shown in
Figure 3. It can be seen that the trigger circuit of the Trojan contains many cascade structures composed of AND and NOR, which makes the probability of the Trojan being driven by random excitation extremely low.
To better analyze the structure in the circuit, we calculated the output probabilities
and
of each logic gate separately, assuming they have the same probability of input 0 and 1. For example, for a three-input AND gate, the output is 1 only if the input sequence is ‘111’, so
is 0.125 and
is 0.875. Logic gates are classified according to their output probabilities. Trojan trigger circuits usually consist of multiple low-probability logic gates of the same type. The structure template is proposed based on the above characteristics, as shown in
Table 1, where m and n are integers greater than 1, indicating the number of input ports of the logic gate, and p is a natural number.
Subgraph matching. For large-scale netlists, it is difficult to find Trojan-triggered structures by directly analyzing the entire structure. In order to reduce the complexity of structure template matching, the backward breadth first search (BBFS) algorithm is used to divide the netlist graph structure into subgraphs. All subgraphs are matched with the structure template proposed in
Table 1. It is observed that the number of matched structures of Trojan-triggered circuits is much larger than that of normal circuits. Therefore, we propose a subgraph classification algorithm as shown in Algorithm 1. The algorithm counts the number of structures that match the template, and if greater than the classification threshold
, the subgraph will be identified as suspicious and all its nodes will be marked as suspicious Trojan nodes.
Algorithm 1: Subgraph matching |
|
3.3. Machine Learning
After the node-filtering stage, suspicious Trojan nodes are extracted. Features are extracted from these suspicious nodes to form the dataset used by the machine-learning stage. Different machine-learning algorithms can be applied in this stage to detect HT nodes in the dataset. We now discuss how the features are defined and how different learning models are trained based on the features.
Feature Library. Given the set of suspicious nodes, features are extracted to train the machine-learning model. Note that different models may use different features. On the basis of previous work and our analysis of existing HT, we create a HT feature library to support different ML models, which consists of static, statistical, and structural features.
Static features are extracted from the netlist based on fan-in, adjacent circuit elements, and minimum distance to a specific circuit element. We count the number of various logic gates near the target node and calculate the distance from the node to the input and output ports. All the static features are shown in
Table 2, where x is a positive integer in the range 1 to 5.
Statistical features are proposed in SCOAP and utilized for evaluating the testability of a circuit. There has been research to prove that the SCOAP values are reasonable for HT detection, which include combinational controllability-0 (CC0), combinational controllability-1 (CC1), combinational observability (CO), sequential controllability-0 (SC0), sequential controllability-1 (SC1), and sequential observability (SO).
The structural feature is obtained by extracting netlist structural information near the target node, such as that on node types and connection relationships. In this paper, a depth-first search method with a maximum depth of 2 is used to sample each gate to obtain the connection relationship, and the co-occurrence matrices (
) are constructed to abstract cascade structural information, where
D is the number of gate types.
indicates the forward and reverse connection relationship of various gates in the subgraph extended with a node as the starting point.
Figure 4 is an example of the co-occurrence matrix where the right part is the
constructed for the AND gate in the center of the left part.
Learning Model. Our framework is not limited to a specific machine-learning algorithm. Generally, three categories of learning models are supported, namely support vector machine (SVM), multilayer perceptron (MLP), and recurrent neural network (RNN).
SVM aims to solve the problem of determining the parameters of the optimal classification hyperplane. In essence, the process of determining the parameters is a quadratic optimization problem, whose geometric meaning is to find the maximum classification interval under the constraints. For nonlinear problems in the input space, kernel functions are used to transform them into a linear classification problems of the feature space.
An MLP consists of an input layer, one or more hidden layers and an output layer, as shown in
Figure 5. The multi-dimensional feature vector enters the model from the input layer. Linear operations and nonlinear activation are performed at the neurons in each hidden layer. Finally a one-dimensional result is generated by the output layer. The numbers of neurons in the input layer and output layer are equal to the dimension of the feature vector and 1, respectively. The number of hidden layers and neurons in each hidden layer can be dynamically adjusted.
An RNN model is typically used for time-series processing and predicting problems. GramsDet [
28] demonstrated the feasibility of using a long short-term memory (LSTM) network in HT detection, and proposed a stacked LSTM network, as shown in
Figure 6. The row vectors of each gate in
are sent to different LSTMs for training, and the output of the last layer of LSTMs is a single vector, which is converted to a probability value through the Sigmoid function.
Given the learning model, proper features should be selected from the feature library to train the model. Specifically, for SVM and MLP, the features can be selected from the static and statistical features; for RNN, only the structural feature can be used.
3.4. Load Expansion
After the machine-learning stage, the nodes extracted in the node-filtering stage are labeled as either HT or normal nodes. However, the node-filtering stage may have excluded some HT payload nodes, and the machine-learning stage may misclassify some HT nodes as normal nodes. In order to further identify such HT nodes, we proposed the load expansion mechanism. Before discussing the proposed algorithm, we first inspect the HT load structure.
The load structure of Trojans with different functions varies greatly, which poses challenge for the identification of hardware Trojans. Via analysis of the Trojan load circuits in gate-level netlists, we found that the HTs can be divided into two categories: (1) The load circuit is similar to the normal circuit, as shown in
Figure 7a. Such Trojans can be classified into two categories according to their functions: leaking information and violating functions. If the function of the HT is to leak information, its load is close to the netlist output. If the function of the HT is to violate the function of the circuit, its load is generally located in a critical position in the circuit. For these HTs, the size of the load circuit is small, i.e., the fanout of the Trojan trigger circuit is small. When applying machine-learning algorithms to identify Trojan nodes, such HT nodes are usually regarded as normal nodes, resulting in low recognition accuracy. (2) The load circuit contains a ring oscillator, as shown in
Figure 7b. Since this structure rarely appears in both normal circuits and Trojan circuits, it is hard for a machine-learning algorithm to identify all such HT nodes.
Through the above analysis, it can be seen that compared with normal circuits, HT load circuits have lower fanout. This is because Trojan designers prefer to use Trojans to attack a small number of key components in the circuit. This can lead to poor detection ability of machine-learning-based algorithms. Based on the above observations, we propose a load expansion algorithm to expand the HT nodes identified in the machine-learning stage, as shown in Algorithm 2. To cope with situations where the HT load contains rare circuits such as ring oscillators, a fanout threshold
for each node. Only when the number of fanouts of the node is less than
, the node is expanded. In addition, considering the small scale of the Trojan load circuits, a total fanout threshold
is set. When the fanout of all expanded nodes reaches
, the expansion terminates.
Algorithm 2: Load expansion |
|