Adversarial examples for hardware-trojan detection at gate-level netlists

Kohei Nozawa; Kento Hasegawa; Seira Hidano; Shinsaku Kiyomoto; Kazuo Hashimoto; Nozomu Togawa

doi:10.1007/978-3-030-42048-2_22

Adversarial examples for hardware-trojan detection at gate-level netlists

Kohei Nozawa^*, Kento Hasegawa, Seira Hidano, Shinsaku Kiyomoto, Kazuo Hashimoto, Nozomu Togawa

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the threat of injecting a malicious circuit, called a hardware Trojan, by third party has been increasing. Machine learning has been known to produce a powerful model to detect hardware Trojans. But it is recently reported that such a machine learning based detection is weak against adversarial examples (AEs), which cause misclassification by adding perturbation in input data. Referring to the existing studies on adversarial examples, most of which are discussed in the field of image processing, this paper first proposes a framework generating adversarial examples for hardware-Trojan detection for gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent circuits, and makes it difficult to detect them. Second, we define Trojan-net concealment degree (TCD) as a possibility of misclassification, and modification evaluating value (MEV) as a measure of the amount of modifications. Third, judging from MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases true positive rate (TPR) by at most 30.15 points.

Original language	English
Title of host publication	Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers
Editors	Sokratis Katsikas, Sokratis Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Stefanos Gritzalis, Christos Kalloniatis, John Mylopoulos, Annie Antón, Frank Pallas, Jörg Pohle, Angela Sasse, Weizhi Meng, Steven Furnell, Joaquin Garcia-Alfaro
Publisher	Springer
Pages	341-359
Number of pages	19
ISBN (Print)	9783030420475
DOIs	https://doi.org/10.1007/978-3-030-42048-2_22
Publication status	Published - 2020
Event	5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the 3rd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the 1st International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the 2nd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019 - Luxembourg City, Luxembourg Duration: 2019 Sept 26 → 2019 Sept 27

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11980 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the 3rd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the 1st International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the 2nd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019
Country/Territory	Luxembourg
City	Luxembourg City
Period	19/9/26 → 19/9/27

Keywords

Adversarial example
Hardware trojan
Logic gate
Machine learning
Netlist

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-42048-2_22

Cite this

Nozawa, K., Hasegawa, K., Hidano, S., Kiyomoto, S., Hashimoto, K., & Togawa, N. (2020). Adversarial examples for hardware-trojan detection at gate-level netlists. In S. Katsikas, S. Katsikas, F. Cuppens, N. Cuppens, C. Lambrinoudakis, S. Gritzalis, C. Kalloniatis, J. Mylopoulos, A. Antón, F. Pallas, J. Pohle, A. Sasse, W. Meng, S. Furnell, & J. Garcia-Alfaro (Eds.), Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers (pp. 341-359). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11980 LNCS). Springer. https://doi.org/10.1007/978-3-030-42048-2_22

Adversarial examples for hardware-trojan detection at gate-level netlists. / Nozawa, Kohei; Hasegawa, Kento; Hidano, Seira et al.

Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers. ed. / Sokratis Katsikas; Sokratis Katsikas; Frédéric Cuppens; Nora Cuppens; Costas Lambrinoudakis; Stefanos Gritzalis; Christos Kalloniatis; John Mylopoulos; Annie Antón; Frank Pallas; Jörg Pohle; Angela Sasse; Weizhi Meng; Steven Furnell; Joaquin Garcia-Alfaro. Springer, 2020. p. 341-359 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11980 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Nozawa, K, Hasegawa, K, Hidano, S, Kiyomoto, S, Hashimoto, K & Togawa, N 2020, Adversarial examples for hardware-trojan detection at gate-level netlists. in S Katsikas, S Katsikas, F Cuppens, N Cuppens, C Lambrinoudakis, S Gritzalis, C Kalloniatis, J Mylopoulos, A Antón, F Pallas, J Pohle, A Sasse, W Meng, S Furnell & J Garcia-Alfaro (eds), Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11980 LNCS, Springer, pp. 341-359, 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the 3rd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the 1st International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the 2nd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019, Luxembourg City, Luxembourg, 19/9/26. https://doi.org/10.1007/978-3-030-42048-2_22

Nozawa K, Hasegawa K, Hidano S, Kiyomoto S, Hashimoto K , Togawa N. Adversarial examples for hardware-trojan detection at gate-level netlists. In Katsikas S, Katsikas S, Cuppens F, Cuppens N, Lambrinoudakis C, Gritzalis S, Kalloniatis C, Mylopoulos J, Antón A, Pallas F, Pohle J, Sasse A, Meng W, Furnell S, Garcia-Alfaro J, editors, Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers. Springer. 2020. p. 341-359. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-42048-2_22

Nozawa, Kohei ; Hasegawa, Kento ; Hidano, Seira et al. / Adversarial examples for hardware-trojan detection at gate-level netlists. Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers. editor / Sokratis Katsikas ; Sokratis Katsikas ; Frédéric Cuppens ; Nora Cuppens ; Costas Lambrinoudakis ; Stefanos Gritzalis ; Christos Kalloniatis ; John Mylopoulos ; Annie Antón ; Frank Pallas ; Jörg Pohle ; Angela Sasse ; Weizhi Meng ; Steven Furnell ; Joaquin Garcia-Alfaro. Springer, 2020. pp. 341-359 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{1b00eca6d6b1417b9360554a1bc95155,

title = "Adversarial examples for hardware-trojan detection at gate-level netlists",

abstract = "Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the threat of injecting a malicious circuit, called a hardware Trojan, by third party has been increasing. Machine learning has been known to produce a powerful model to detect hardware Trojans. But it is recently reported that such a machine learning based detection is weak against adversarial examples (AEs), which cause misclassification by adding perturbation in input data. Referring to the existing studies on adversarial examples, most of which are discussed in the field of image processing, this paper first proposes a framework generating adversarial examples for hardware-Trojan detection for gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent circuits, and makes it difficult to detect them. Second, we define Trojan-net concealment degree (TCD) as a possibility of misclassification, and modification evaluating value (MEV) as a measure of the amount of modifications. Third, judging from MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases true positive rate (TPR) by at most 30.15 points.",

keywords = "Adversarial example, Hardware trojan, Logic gate, Machine learning, Netlist",

author = "Kohei Nozawa and Kento Hasegawa and Seira Hidano and Shinsaku Kiyomoto and Kazuo Hashimoto and Nozomu Togawa",

note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2020.; 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the 3rd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the 1st International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the 2nd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019 ; Conference date: 26-09-2019 Through 27-09-2019",

year = "2020",

doi = "10.1007/978-3-030-42048-2_22",

language = "English",

isbn = "9783030420475",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "341--359",

editor = "Sokratis Katsikas and Sokratis Katsikas and Fr{\'e}d{\'e}ric Cuppens and Nora Cuppens and Costas Lambrinoudakis and Stefanos Gritzalis and Christos Kalloniatis and John Mylopoulos and Annie Ant{\'o}n and Frank Pallas and J{\"o}rg Pohle and Angela Sasse and Weizhi Meng and Steven Furnell and Joaquin Garcia-Alfaro",

booktitle = "Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers",

}

TY - GEN

T1 - Adversarial examples for hardware-trojan detection at gate-level netlists

AU - Nozawa, Kohei

AU - Hasegawa, Kento

AU - Hidano, Seira

AU - Kiyomoto, Shinsaku

AU - Hashimoto, Kazuo

AU - Togawa, Nozomu

N1 - Publisher Copyright: © Springer Nature Switzerland AG 2020.

PY - 2020

Y1 - 2020

N2 - Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the threat of injecting a malicious circuit, called a hardware Trojan, by third party has been increasing. Machine learning has been known to produce a powerful model to detect hardware Trojans. But it is recently reported that such a machine learning based detection is weak against adversarial examples (AEs), which cause misclassification by adding perturbation in input data. Referring to the existing studies on adversarial examples, most of which are discussed in the field of image processing, this paper first proposes a framework generating adversarial examples for hardware-Trojan detection for gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent circuits, and makes it difficult to detect them. Second, we define Trojan-net concealment degree (TCD) as a possibility of misclassification, and modification evaluating value (MEV) as a measure of the amount of modifications. Third, judging from MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases true positive rate (TPR) by at most 30.15 points.

AB - Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the threat of injecting a malicious circuit, called a hardware Trojan, by third party has been increasing. Machine learning has been known to produce a powerful model to detect hardware Trojans. But it is recently reported that such a machine learning based detection is weak against adversarial examples (AEs), which cause misclassification by adding perturbation in input data. Referring to the existing studies on adversarial examples, most of which are discussed in the field of image processing, this paper first proposes a framework generating adversarial examples for hardware-Trojan detection for gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent circuits, and makes it difficult to detect them. Second, we define Trojan-net concealment degree (TCD) as a possibility of misclassification, and modification evaluating value (MEV) as a measure of the amount of modifications. Third, judging from MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases true positive rate (TPR) by at most 30.15 points.

KW - Adversarial example

KW - Hardware trojan

KW - Logic gate

KW - Machine learning

KW - Netlist

UR - http://www.scopus.com/inward/record.url?scp=85081542853&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85081542853&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-42048-2_22

DO - 10.1007/978-3-030-42048-2_22

M3 - Conference contribution

AN - SCOPUS:85081542853

SN - 9783030420475

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 341

EP - 359

BT - Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers

A2 - Katsikas, Sokratis

A2 - Cuppens, Frédéric

A2 - Cuppens, Nora

A2 - Lambrinoudakis, Costas

A2 - Gritzalis, Stefanos

A2 - Kalloniatis, Christos

A2 - Mylopoulos, John

A2 - Antón, Annie

A2 - Pallas, Frank

A2 - Pohle, Jörg

A2 - Sasse, Angela

A2 - Meng, Weizhi

A2 - Furnell, Steven

A2 - Garcia-Alfaro, Joaquin

PB - Springer

T2 - 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the 3rd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the 1st International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the 2nd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019

Y2 - 26 September 2019 through 27 September 2019

ER -

Adversarial examples for hardware-trojan detection at gate-level netlists

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this