nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

Adversarial Examples for Hardware-Trojan Detection at Gate-Level Netlists

verfasst von : Kohei Nozawa, Kento Hasegawa, Seira Hidano, Shinsaku Kiyomoto, Kazuo Hashimoto, Nozomu Togawa

Erschienen in: Computer Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the threat of injecting a malicious circuit, called a hardware Trojan, by third party has been increasing. Machine learning has been known to produce a powerful model to detect hardware Trojans. But it is recently reported that such a machine learning based detection is weak against adversarial examples (AEs), which cause misclassification by adding perturbation in input data. Referring to the existing studies on adversarial examples, most of which are discussed in the field of image processing, this paper first proposes a framework generating adversarial examples for hardware-Trojan detection for gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent circuits, and makes it difficult to detect them. Second, we define Trojan-net concealment degree (TCD) as a possibility of misclassification, and modification evaluating value (MEV) as a measure of the amount of modifications. Third, judging from MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases true positive rate (TPR) by at most 30.15 points.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Basic Theory of Lightweight Hierarchical Key Predistribution Scheme

Nächstes Kapitel Selective Forwarding Attack on IoT Home Security Kits

The number of Trojan nets identified as Trojan nets is called as true positive (TP). The number of Trojan nets identified as normal nets is called as false negative (FN). The true positive rate is obtained from TP / (TP + FN).

The number of normal nets identified as normal nets is called as true negative (TN). The number of normal nets identified as Trojan nets is called as false positive (FP). The true negative rate is obtained from TN/(TN + FP).

Akhtar, N., Mian, A.: Threat of adversarial attacks on deep learning in computer vision: a survey. IEEE Access 6, 14410–14430 (2018)CrossRef

Bhunia, S., Hsiao, M.S., Banga, M., Narasimhan, S.: Hardware Trojan attacks: threat analysis and countermeasures. Proc. IEEE 102(8), 1229–1247 (2014)CrossRef

Carlini, N., Wagner, D.: Audio adversarial examples: targeted attacks on speech-to-text. In: 2018 IEEE Security and Privacy Workshops (SPW) (2018)

Chakraborty, R.S., Narasimhan, S., Bhunia, S.: Hardware Trojan: threats and emerging solutions. In: Proceedings of International High-Level Design Validation and Test Workshop (HLDVT), pp. 166–171 (2009)

Dai, H., et al.: Adversarial attack on graph structured data. In: Proceedings of International Conference on Machine Learning (ICML) (2018)

Dong, C., He, G., Liu, X., Yang, Y., Guo, W.: A multi-layer hardware trojan protection framework for IoT chips. IEEE Access 7, 23628–23639 (2019)CrossRef

Eykholt, K., et al.: Physical adversarial examples for object detectors. CoRR (2018)

Eykholt, K., et al.: Robust physical-world attacks on deep learning models. CoRR (2017)

Francq, J., Frick, F.: Introduction to hardware Trojan detection methods. In: 2015 Design, Automation and Test in Europe Conference and Exhibition (DATE), pp. 770–775. EDAA (2015)

10.

Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: Proceedings of 2015 International Conference on Learning Representations (ICLR) (2015)

11.

Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 62–79. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_4CrossRef

12.

Hasegawa, K., Yanagisawa, M., Togawa, N.: Hardware Trojans classification for gate-level netlists using multi-layer neural networks. In: Proceedings of 2017 IEEE 23rd International Symposium on On-Line Testing and Robust System Design (IOLTS), pp. 227–232 (2017)

13.

Inoue, T., Hasegawa, K., Yanagisawa, M., Togawa, N.: Designing hardware Trojans and their detection based on a SVM-based approach. In: Proceedings of International Conference on ASIC, pp. 811–814 (2018)

14.

Inoue, T., Hasegawa, K., Yanagisawa, M., Togawa, N.: Designing subspecies of hardware Trojans and their detection using neural network approach. In: Proceedings 2018 IEEE 8th International Conference on Consumer Electronics in Berlin (ICCE-Berlin) (2018)

15.

Iyyer, M., Wieting, J., Gimpel, K., Zettlemoyer, L.: Adversarial example generation with syntactically controlled paraphrase networks. In: Proceedings of the 2018 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long Papers), pp. 1875–1885. Association for Computational Linguistics (2018)

16.

Jia, R., Liang, P.: Adversarial examples for evaluating reading comprehension systems. In: Proceedings of the 2017 Conference on Empirical Methods in Natural Language Processing, pp. 2021–2031. Association for Computational Linguistics (2017)

17.

Jin, Y., Makris, Y.: Hardware Trojan detection using path delay fingerprint. In: Proceedings of IEEE International Workshop on Hardware-Oriented Security and Trust (HOST), pp. 51–57 (2008)

18.

Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. In: Proceedings of 2017 International Conference on Learning Representations (ICLR) (2017)

19.

Lamech, C., Plusquellic, J.: Trojan detection based on delay variations measured using a high-precision, low-overhead embedded test structure. In: 2012 IEEE International Symposium on Hardware-Oriented Security and Trust, pp. 75–82, June 2012

20.

Liu, B., Qu, G.: VLSI supply chain security risks and mitigation techniques: a survey. Integr. VLSI J. 55, 438–448 (2016)CrossRef

21.

Liu, D.C., Nocedal, J.: On the limited memory bfgs method for large scale optimization. Math. Program. 45(1), 503–528 (1989)MathSciNetCrossRef

22.

Moosavi-Dezfooli, S.M., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: IEEE Conference on Computer Vision and Pattern Recognition, pp. 2574–2582 (2016)

23.

Oya, M., Shi, Y., Yanagisawa, M., Togawa, N.: A score-based classification method for identifying hardware-Trojans at gate-level netlists. In: Proceedings of 2015 Design, Automation and Test in Europe Conference and Exhibition, pp. 465–470 (2015)

24.

Rostami, M., Koushanfar, F., Rajendran, J., Karri, R.: Hardware security: threat models and metrics. In: Proceedings of International Conference on Computer-Aided Design (ICCAD), pp. 819–823 (2013)

25.

Salmani, H., Tehranipoor, M., Karri, R.: On design vulnerability analysis and trust benchmarks development. In: 2013 IEEE 31st International Conference on Computer Design (ICCD), pp. 471–474 (2013)

26.

Shakya, B., He, T., Salmani, H., Forte, D., Bhunia, S., Tehranipoor, M.: Benchmarking of hardware trojans and maliciously affected circuits. J. Hardware Syst. Secur. 1(1), 85–102 (2017)CrossRef

27.

Szegedy, C., et al.: Intriguing properties of neural networks. CoRR (2013)

28.

Trust-HUB. http://trust-hub.org/benchmarks/trojan

29.

Xiao, K., Forte, D., Jin, Y., Karri, R., Bhunia, S., Tehranipoor, M.: Hardware trojans: lessons learned after one decade of research. ACM Trans. Design Autom. Electron. Syst. (TODAES) 22(1), 1–23 (2016)CrossRef

30.

Zügner, D., Akbarnejad, A., Günnemann, S.: Adversarial attacks on neural networks for graph data. In: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining - KDD 2018, pp. 2847–2856. ACM Press (2018)

Titel: Adversarial Examples for Hardware-Trojan Detection at Gate-Level Netlists
verfasst von: Kohei Nozawa
Kento Hasegawa
Seira Hidano
Shinsaku Kiyomoto
Kazuo Hashimoto
Nozomu Togawa
Verlag: Springer International Publishing
Buch: Computer Security
Print ISBN: 978-3-030-42047-5

Electronic ISBN: 978-3-030-42048-2

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-42048-2_22

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"