CN109784096B - Hardware Trojan horse detection and elimination method based on clustering algorithm - Google Patents
Hardware Trojan horse detection and elimination method based on clustering algorithm Download PDFInfo
- Publication number
- CN109784096B CN109784096B CN201910049643.8A CN201910049643A CN109784096B CN 109784096 B CN109784096 B CN 109784096B CN 201910049643 A CN201910049643 A CN 201910049643A CN 109784096 B CN109784096 B CN 109784096B
- Authority
- CN
- China
- Prior art keywords
- hardware trojan
- nodes
- circuit
- clustering algorithm
- points
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention belongs to a hardware Trojan detection technology, and aims to provide a hardware Trojan detection and elimination method based on a gate-level netlist file. The method comprises the following steps: extracting a gate-level netlist and performing functional verification to obtain timing signals of all nodes of the circuit; regarding the correlation coefficient of the signal as the weight of edges between nodes, and constructing a connected graph; clustering analysis is carried out on the nodes by using a clustering algorithm, and abnormal value points in the circuit are found; and analyzing the abnormal value points to further confirm whether the circuit is implanted with the hardware Trojan horse or not and eliminate the existing hardware Trojan horse. According to the method, suspicious nodes in the circuit are found and directly judged by using a clustering algorithm, so that the defect of time cost for detecting the hardware trojans by using a functional analysis method is overcome, and the detection efficiency of the hardware trojans is improved; meanwhile, the invention also eliminates the wooden horse structure.
Description
Technical Field
The invention relates to the field of chip security detection, in particular to a hardware Trojan horse detection and elimination method based on a clustering algorithm.
Background
The separation of each link of chip production makes the reliability of the chip face a threat. The hardware Trojan horse is a malicious circuit structure implanted in an original circuit, and can realize a specific attack effect. In order to ensure the security of the chip, a hardware Trojan detection technology is generated. Common detection methods include side channel analysis techniques and logical detection. With the increasing scale of integrated circuits, the difficulty of hardware trojan detection is also increasing, and higher requirements are put forward on the effectiveness of the detection method.
The side channel analysis method is to collect and analyze the bypass information (power consumption, time delay, electromagnetic radiation and the like) of the original circuit and the circuit implanted with the Trojan horse structure, and judge whether the Trojan horse is implanted or not by comparing the difference. The disadvantage of side channel analysis is that when the Trojan horse structure is small in scale, the resulting differences may be covered by noise and difficult to detect. The logic detection is to carry out extensive covering and testing on the input of the circuit, activate the Trojan horse structure to the maximum extent, and compare the difference between the output of the Trojan horse circuit and the original circuit. The deficiency of logic detection is that the input vector space increases exponentially with the increase of the circuit scale, and traversal is difficult to realize; if the input vector fails to activate the hardware trojan, the method is not effective. The literature (review of hardware trojans) details the course and deficiencies of these two detection methods.
Both of the above methods require a trojan-free circuit for comparison, which is rarely encountered in practice. A hardware trojan detection method without reference by a trojan-free circuit is a more practical method. The document (Golden IC free method for hard ware Trojan detection using systematic path delay) realizes hardware Trojan detection without Trojan circuit; the document (Hardware Trojans classification for gate-level networks using multi-layer neural networks) finds the structure of the Hardware Trojan horse by using a neural network algorithm for detection; the document (Hardware Trojan Detection for Gate-level ICs Using Signal correction Based Clustering) utilizes a Clustering algorithm OPTICS (Ordering points to identify the Clustering structure) to detect the Hardware Trojan horse, and the Detection effect is sensitive to the selection of an initial point.
The Density-based clustering algorithm DBSCAN (Density-based spatial clustering of applications with noise) can divide sample points into three types and perform clustering. The algorithm includes two parameters: the scan radius Eps and the minimum inclusion point number MinPts. For a sample point, if the number of sample points in the neighborhood whose radius is Eps is greater than or equal to MinPts, the point is a core point. For a certain non-core point, a point is a boundary point if it is within a neighborhood of the radius Eps of the certain core point. The remaining points in the sample space are noise points. Fig. 1 is a schematic diagram of a clustering algorithm, the clustering result showing that the sample space is divided into 2 clusters. The black sample points are core points, the gray sample points are boundary points, and the white sample points are noise points.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a hardware Trojan horse detection method based on a gate-level netlist, which utilizes a clustering algorithm to find abnormal value points in the gate-level netlist and further confirms whether the abnormal value points are a part of the hardware Trojan horse or not through simulation. And if the circuit has the hardware Trojan, continuing to operate to eliminate the Trojan.
The technical scheme adopted by the invention is as follows:
1) Based on the gate-level netlist, the design is functionally verified to obtain an input vector matrix R and a corresponding output matrix X, and signal waveforms S of all nodes are collected simultaneously 1 、S 2 、S 3 、…、S n ;
2) Each node is regarded as a point, an input signal and an output signal which are connected through the same logic gate are connected to form an edge between the two points, the circuit structure is converted into a connected graph structure, and the weight of the edge is determined by a correlation coefficient r of the signal;
3) Clustering targets by using a density-based clustering algorithm DBSCAN, programming values of parameters Eps and MinPts to obtain clustering results of different scales, wherein the different scales refer to the number of different clusters;
4) Storing noise points existing in each clustering result;
5) Regarding all noise points in corresponding nodes in the netlist or corresponding connected nodes among different clusters in the netlist as abnormal value points, and performing 'deletion' or 'replacement' operation on the abnormal value points to obtain a new netlist file;
6) And sequentially carrying out function verification on the obtained new netlist file to obtain an output matrix X ', if X' ≠ X, then the node corresponding to the file is not a hardware Trojan structure, otherwise, the circuit has the hardware Trojan, and the Trojan structure is eliminated.
The advantages of the invention mainly include:
1. the method can effectively detect various hardware trojans.
2. The detection method of the present invention is superior to the logical detection method in speed.
3. The invention can eliminate the hardware Trojan horse structure.
Drawings
FIG. 1 is a schematic diagram of DBSCAN algorithm
FIG. 2 is a flow chart of the implementation of the technical scheme of the invention
Detailed Description
In order to embody the feasibility and the superiority of the invention, the specific implementation steps are described as follows by combining the attached figure 2:
1) Performing function simulation on a gate-level netlist file to be tested to obtain an output vector matrix X, and simultaneously acquiring signal output waveforms of all nodes in a circuit;
2) Regarding each node as a 'point', calculating the cross-correlation coefficient w of the input-output signals of all the basic logic units as the weight of the edge between the two points, and considering the signal length of the test stage to be fixed as a discrete binary signal for processing, wherein the weight w of the edge is obtained by the formula (1).
w=R(0)=(A-D)/(A+D) (1)
In the formula (1), A, D is the same number of symbols and different numbers of symbols between two signals;
3) Based on the calculation result of 2), further obtaining the local communication density between the two points and adjusting the weight of the edge;
4) Programming using the python language. Clustering the targets by using a Density-based clustering algorithm DBSCAN (Density-based spatial clustering of applications with noise), wherein the initial value of a parameter MinPts is slightly smaller than the total number of nodes, the minimum value of the parameter MinPts is preset, the initial value of a parameter Eps is determined by the initial value of MinPts, and the initial value can enable fewer noise points to exist in the graph and store all the noise points;
5) Mapping the clustering result to the netlist, finding out the signal position corresponding to the noise point and the position of the connected node between different clusters, and carrying out the following operations on each noise point and the connected node: executing 'deleting' operation on the signal, placing the input of the signal in a high-impedance state, placing the output in a high-impedance state, obtaining a new netlist, performing function simulation to obtain an output vector matrix X ', executing' replacing 'operation on the signal, placing the input of the signal in a high-impedance state, placing the output in a high level or a low level, obtaining a new netlist, performing function simulation to obtain an output vector matrix X', if the result in the three times of simulation is X '≠ X, the node belongs to an original circuit, otherwise, the node belongs to a hardware Trojan structure, the circuit has a hardware Trojan, and the hardware Trojan is eliminated at the moment, and if all noise points and connected nodes are traversed, X' ≠ X, executing 6);
6) Let 4) parameter MinPts decay once in exponential form, parameter Eps follows MinPts to decay proportionally, in order to guarantee that new noise point appears, keep all noise points and communicating nodes to carry out 5 again), this cyclic process lasts until detecting the hardware Trojan horse structure or MinPts shrinks to the default;
7) When MinPts is reduced to a preset value, if X' = X is not found yet, it is judged that the circuit has no hardware trojan implant.
The foregoing is a detailed description of the invention only, and any feature disclosed herein may be replaced by alternative features serving equivalent or specific purposes unless expressly stated otherwise; all of the disclosed features, or all of the method or process steps, may be combined in any combination, except mutually exclusive features and/or steps.
Claims (3)
1. The hardware Trojan horse detection and elimination method based on the clustering algorithm is characterized by comprising the following steps:
1) Performing function simulation on a gate-level netlist file to be tested to obtain an input vector matrix R and a corresponding output matrix X, and simultaneously acquiring signal output waveforms S of all nodes in a circuit 1 、S 2 、S 3 、…、S n ;
2) Regarding each node as a point, connecting an input signal and an output signal which are connected through the same logic gate to form an edge between the two points, converting a circuit structure into a connected graph structure, and determining the weight of the edge by an input-output signal cross correlation coefficient w;
3) Clustering targets by using a density-based clustering algorithm DBSCAN, programming and selecting a parameter scanning radius Eps and a value of a minimum contained point MinPts to obtain clustering results of different scales, wherein the different scales refer to the number of different clusters;
4) Storing noise points existing in each clustering result;
5) Regarding all noise points in corresponding nodes in the netlist or corresponding connected nodes among different clusters in the netlist as abnormal value points, and performing 'deletion' or 'replacement' operation on the abnormal value points to obtain a new netlist file;
6) And sequentially carrying out function verification on the obtained new netlist file to obtain an output matrix X ', if the result in the third simulation is X' ≠ X, determining that the node corresponding to the file is not a hardware Trojan structure, otherwise, determining that the circuit has the hardware Trojan and finishing the elimination of the Trojan structure.
2. The hardware Trojan horse detection and elimination method based on the clustering algorithm as claimed in claim 1, characterized in that a density-based clustering algorithm DBSCAN is used to cluster the gate-level netlist of the circuit, suspicious nodes are marked, and the hardware Trojan horse detection is realized through functional simulation.
3. A hardware Trojan horse detection and elimination method based on a clustering algorithm as claimed in claim 1, characterized in that said method further comprises: if all the noise points and the communication nodes are traversed and have X' ≠ X, the parameter MinPts in the step 3) is attenuated once in an exponential mode, the parameter Eps is attenuated in the same proportion along with the MinPts to ensure that new noise points appear, all the noise points and the communication nodes are stored and the step 5 is executed again), and the circulation process is continued until the hardware Trojan structure is detected or the MinPts is reduced to the preset value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910049643.8A CN109784096B (en) | 2019-01-18 | 2019-01-18 | Hardware Trojan horse detection and elimination method based on clustering algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910049643.8A CN109784096B (en) | 2019-01-18 | 2019-01-18 | Hardware Trojan horse detection and elimination method based on clustering algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109784096A CN109784096A (en) | 2019-05-21 |
| CN109784096B true CN109784096B (en) | 2023-04-18 |
Family
ID=66501083
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910049643.8A Active CN109784096B (en) | 2019-01-18 | 2019-01-18 | Hardware Trojan horse detection and elimination method based on clustering algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109784096B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110287735B (en) * | 2019-07-04 | 2021-05-04 | 电子科技大学 | Trojan horse infected circuit identification method based on chip netlist characteristics |
| CN111414622B (en) * | 2020-03-26 | 2023-03-28 | 电子科技大学 | Hardware back-gate removal method for IP (Internet protocol) fixed core netlist |
| CN112968761B (en) * | 2021-03-15 | 2022-04-19 | 北京理工大学 | Artificial intelligence side channel analysis method for cryptographic algorithm |
| CN114692227B (en) * | 2022-03-29 | 2023-05-09 | 电子科技大学 | Large-scale chip netlist-level hardware Trojan detection method |
| CN116628689B (en) * | 2023-05-16 | 2023-11-07 | 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) | Model construction method for hardware Trojan attack and detection method for hardware Trojan attack |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101882102A (en) * | 2003-08-11 | 2010-11-10 | 纯安姆芬特有限公司 | Be used for the system that automated computer is supported |
| CN104316861A (en) * | 2014-10-16 | 2015-01-28 | 工业和信息化部电子第五研究所 | Integrated circuit hardware Trojan detection method and system |
| CN104764992A (en) * | 2015-04-14 | 2015-07-08 | 江西科技学院 | Hardware Trojan detection method based on bypass analysis |
| CN105791236A (en) * | 2014-12-23 | 2016-07-20 | 北京网御星云信息技术有限公司 | Trojan communication channel detection method and system |
| CN107707538A (en) * | 2017-09-27 | 2018-02-16 | 广东欧珀移动通信有限公司 | Data transmission method, device, mobile terminal and computer-readable recording medium |
| CN107783877A (en) * | 2017-09-20 | 2018-03-09 | 天津大学 | The test vector generating method that hardware Trojan horse based on analysis of variance effectively activates |
| CN107851047A (en) * | 2015-05-22 | 2018-03-27 | 动力指纹股份有限公司 | System, the method and apparatus for performing intrusion detection and analyzing using the power feature of such as side channel information |
| CN107886012A (en) * | 2017-10-28 | 2018-04-06 | 天津大学 | One shot hardware Trojan horse detection method based on gate leve architectural feature |
| CN108090565A (en) * | 2018-01-16 | 2018-05-29 | 电子科技大学 | Accelerated method is trained in a kind of convolutional neural networks parallelization |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012122994A1 (en) * | 2011-03-11 | 2012-09-20 | Kreft Heinz | Off-line transfer of electronic tokens between peer-devices |
| US10395032B2 (en) * | 2014-10-03 | 2019-08-27 | Nokomis, Inc. | Detection of malicious software, firmware, IP cores and circuitry via unintended emissions |
-
2019
- 2019-01-18 CN CN201910049643.8A patent/CN109784096B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101882102A (en) * | 2003-08-11 | 2010-11-10 | 纯安姆芬特有限公司 | Be used for the system that automated computer is supported |
| CN104316861A (en) * | 2014-10-16 | 2015-01-28 | 工业和信息化部电子第五研究所 | Integrated circuit hardware Trojan detection method and system |
| CN105791236A (en) * | 2014-12-23 | 2016-07-20 | 北京网御星云信息技术有限公司 | Trojan communication channel detection method and system |
| CN104764992A (en) * | 2015-04-14 | 2015-07-08 | 江西科技学院 | Hardware Trojan detection method based on bypass analysis |
| CN107851047A (en) * | 2015-05-22 | 2018-03-27 | 动力指纹股份有限公司 | System, the method and apparatus for performing intrusion detection and analyzing using the power feature of such as side channel information |
| CN107783877A (en) * | 2017-09-20 | 2018-03-09 | 天津大学 | The test vector generating method that hardware Trojan horse based on analysis of variance effectively activates |
| CN107707538A (en) * | 2017-09-27 | 2018-02-16 | 广东欧珀移动通信有限公司 | Data transmission method, device, mobile terminal and computer-readable recording medium |
| CN107886012A (en) * | 2017-10-28 | 2018-04-06 | 天津大学 | One shot hardware Trojan horse detection method based on gate leve architectural feature |
| CN108090565A (en) * | 2018-01-16 | 2018-05-29 | 电子科技大学 | Accelerated method is trained in a kind of convolutional neural networks parallelization |
Non-Patent Citations (5)
| Title |
|---|
| Burcşin Cşakır.Hardware Trojan Detection for Gate-level ICs Using Signal Correlation Based Clustering.《IEEE Xplore》.2015, * |
| Hardware Trojan Detection Based on Cluster Analysis of Mahalanobis Distance;Qi Cui;《百度学术》;20161215;全文 * |
| Hardware Trojan Identification based on Netlist Features using SVM;O Masaru;《百度学术》;20151203;全文 * |
| 基于可疑电路结构分析的硬件木马检测技术研究;张加林;《CNKI中国知网》;20160315;全文 * |
| 基于门级网表的硬件木马检测技术研究;房磊;《CNKI中国知网》;20170215;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109784096A (en) | 2019-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109784096B (en) | Hardware Trojan horse detection and elimination method based on clustering algorithm | |
| WO2019233189A1 (en) | Method for detecting sensor network abnormal data | |
| US7844873B2 (en) | Fault location estimation system, fault location estimation method, and fault location estimation program for multiple faults in logic circuit | |
| CN110414277B (en) | Gate-level hardware Trojan horse detection method based on multi-feature parameters | |
| CN112866023B (en) | Network detection method, model training method, device, equipment and storage medium | |
| CN108510004B (en) | Cell classification method and system based on deep residual error network | |
| CN112949387B (en) | Intelligent anti-interference target detection method based on transfer learning | |
| CN109684834A (en) | A kind of gate leve hardware Trojan horse recognition method based on XGBoost | |
| CN104316861B (en) | integrated circuit hardware Trojan detection method and system | |
| CN113608916B (en) | Fault diagnosis method and device, electronic equipment and storage medium | |
| CN108022146A (en) | Characteristic item processing method, device, the computer equipment of collage-credit data | |
| CN110287735A (en) | Wooden horse based on chip netlist feature infects circuit identification method | |
| CN109241485A (en) | Relation establishing method and device are jumped between a kind of page | |
| CN111929548A (en) | Method for generating discharge and interference signal samples, computer device and storage medium | |
| CN110008853A (en) | Pedestrian detection network and model training method, detection method, medium, equipment | |
| CN111950645A (en) | Method for improving class imbalance classification performance by improving random forest | |
| CN112419306A (en) | Lung nodule detection method based on NAS-FPN | |
| Kosarevych et al. | Detection of pixels corrupted by impulse noise using random point patterns | |
| CN113962900A (en) | Method, device, equipment and medium for detecting infrared dim target under complex background | |
| CN112231775A (en) | Hardware Trojan horse detection method based on Adaboost algorithm | |
| CN105989095B (en) | Take the correlation rule significance test method and device of data uncertainty into account | |
| CN116597197A (en) | Long-tail target detection method capable of adaptively eliminating negative gradient of classification | |
| CN116383815A (en) | Automatic hardware Trojan detection method based on graphic neural network | |
| CN113537253B (en) | Infrared image target detection method, device, computing equipment and storage medium | |
| CN114185785A (en) | Natural language processing model test case reduction method for deep neural network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |