CN109815705B - Hardware Trojan horse detection method based on scan chain feature analysis - Google Patents

Abstract

The invention relates to a hardware Trojan detection method based on scan chain feature analysis, which is provided in a chip design stage starting from a gate-level netlist of an integrated circuit, converts the gate-level netlist of the integrated circuit into the scan chain netlist, combines the advantages of a traditional circuit feature analysis method, provides two new Trojan features, and classifies a Trojan net and a normal net by using a LightGBM algorithm. Meanwhile, the invention combines the machine learning algorithm and the circuit characteristic analysis method to be applied to the hardware Trojan horse detection method and has the characteristics of real time, accuracy, low cost and the like. Aiming at the defects that the time complexity is high and the individual Trojan detection efficiency is low in the traditional hardware Trojan circuit characteristic analysis method, the scan chain netlist characteristic analysis method provided by the invention can improve the detection effect of the hardware Trojan and the detection efficiency of the method can be improved by machine learning of the LightGBM algorithm.

Description

Hardware Trojan horse detection method based on scan chain feature analysis

Technical Field

The invention relates to the field of integrated circuit Trojan horse detection, in particular to a hardware Trojan horse detection method based on scan chain feature analysis.

Background

With the development of wireless communication, sensor technology, embedded systems and microelectronic technology, the security problem of integrated circuits is widely regarded by academic and industrial circles.

At present, hardware Trojan horse detection technologies can be roughly divided into two types: the two modes of formal verification and circuit characteristic analysis have respective advantages and disadvantages.

Formal verification is an algorithm-based logic verification method that can exhaustively demonstrate a set of predefined security attribute rules that an IC design should satisfy. As with the untrusted circuit identification technique proposed by Hicks et al, the suspected net of circuits is determined by looking for RTL code lines that have not been executed during the test; rajendran et al propose various constrained designs for third party IP cores to prevent and isolate portions of circuits infected with hardware trojans. These techniques, however, result in higher area and power costs and do not prevent gate level hardware trojan implants.

And the circuit characteristic analysis technology utilizes the characteristic information of the circuit to reflect the health state of the chip. For example, Hasegawa et al propose using a machine learning algorithm to classify a Trojan netlist from a normal netlist. The method has high detection efficiency and low cost, but the detection precision and efficiency of the method depend on the selection of Trojan horse characteristics, and the stability is lacked; in addition, a hardware Trojan detection method based on side channel analysis is also provided, the method searches for the hardware Trojan by comparing side channel information of a standard circuit and a Trojan circuit, unfortunately, a 'standard' chip sample is difficult to obtain in reality, and the detection effect of a side channel depends on the accuracy of an instrument seriously, so that the method is not suitable for a super-large-scale integrated circuit. And the side channel method has weak interference processing capability on process noise, and the denoising processing of the bypass noise may affect the original signal again.

Disclosure of Invention

In view of this, the present invention provides a hardware Trojan horse detection method based on scan chain feature analysis, which can improve the detection effect of the hardware Trojan horse.

The invention is realized by adopting the following scheme: a hardware Trojan horse detection method based on scan chain feature analysis specifically comprises the following steps:

step S1: analyzing the logic structure of the gate-level netlist, and extracting the characteristics of the standard netlist; the main characteristics include: the number of circuit fan-in pins, the number of circuit fan-out pins, the number of multiplexers, the number of circuit loops and circuit constant information (such as grounding or constant signals);

step S2: converting the logically synthesized gate-level circuit netlist into a scan chain gate-level netlist through testability design;

step S3: extracting circuit characteristics according to the scan chain gate-level netlist circuit information, wherein the extracted circuit characteristics comprise: a suspicious Trojan trigger module, suspicious observation nodes;

step S4: dividing the circuit characteristic sample extracted in the step S3 into a training data set and a testing data set, and training a two-classification LightGBM algorithm by adopting the training data set to obtain a LightGBM-based hardware Trojan classifier;

step S5: and inputting the test data set into a trained LightGBM hardware Trojan classifier through a cross-validation method to obtain a hardware Trojan prediction result based on the model. And comparing the prediction result of each group of samples with the real result, and calculating the accuracy, precision and recall of the LightGBM hardware Trojan classifier.

Starting from a gate-level netlist of an integrated circuit, the invention provides a hardware Trojan detection method based on scan chain feature analysis in a chip design stage, the gate-level netlist of the integrated circuit is firstly converted into the scan chain netlist, and then two new Trojan features are provided by combining the advantages of the traditional circuit feature analysis method, and a LightGBM algorithm is used for classifying a Trojan net and a normal net. Meanwhile, the invention combines the machine learning algorithm and the circuit characteristic analysis method to be applied to the hardware Trojan horse detection method and has the characteristics of real time, accuracy, low cost and the like. Aiming at the defects that the time complexity is high and the individual Trojan detection efficiency is low in the traditional hardware Trojan circuit characteristic analysis method, the scan chain netlist characteristic analysis method provided by the invention can improve the detection effect of the hardware Trojan and the detection efficiency of the method can be improved by machine learning of the LightGBM algorithm.

Further, step S3 specifically includes the following steps:

step S31: initializing a Trojan trigger module STRiModle and a Trojan observation point SObsPoint;

step S32: analyzing the combination elements in the scan chain netlist, if a module which is not converted exists in the scan chain netlist, the module is regarded as a Trojan horse trigger module, and making STRiModule be STRiModule + 1;

step S33: if some special nets exist in the scan chain netlist, the special nets are nets which destroy the chain structure of the scan chain net, the special nets are regarded as suspicious observation nodes, and sobsPoint is equal to sobsPoint + 1.

Preferably, the present invention provides the above two new Trojan horse characteristics, and adds the two characteristics into the conventional circuit analysis technology, so as to improve the detection accuracy of the hardware Trojan horse.

With respect to the suspicious trigger module: the trigger part of the hardware trojan can be characterized, since in the scan chain technique, every normal sequence element (D flip-flop) will be replaced by a scan sequence element (scan D flip-flop). And in order to ensure the concealment of the hardware Trojan horse, a Trojan horse manufacturer can prevent a trigger module of the Trojan horse from being converted into a scan chain element. Therefore, by comparing the standard netlist with the scan chain netlist, the suspected Trojan trigger module can be found.

Regarding suspicious observation points: to ensure that Trojan nets are not missed, it is also necessary to identify Trojan nets that are hidden in the normal netlist, and if an attacker wants to steal important private information, the signal must pass through the final output. The scan chain may convert sequential circuits into combinational circuits that will maintain a shifted chain structure. Thus, the injection of a hardware trojan will in part affect the linear relationship of the chain structure. Thus breaking a wire mesh of a chain structure can be defined as a suspicious observation point.

Further, in step S4, the training process specifically includes the following steps:

step S41: pre-sorting all the characteristics according to numerical values;

step S42: calculating the splitting gain of each characteristic, and selecting the optimal dividing point of the sample characteristic;

step S43: and according to the characteristics and the optimal segmentation points, adding the submodels one by one, optimizing the objective function and ensuring that the loss function is continuously reduced.

Further, step S42 specifically includes the following steps:

step S421: let the total objective function l of the t-th iteration^(t)The following were used:

in the formula (I), the compound is shown in the specification,

to representA predicted value of the model;

is a squared error function; f. of_t(x_i) A value representing a prediction of the newly added base tree, corresponding to an argument increment of the loss function; omega (f)_t) The regular penalty term representing the target function is mainly used for limiting the number of leaf nodes and preventing overfitting;

step S422: the splitting Gain is obtained by performing taylor expansion on the loss function, and the formula is as follows:

wherein i represents a sample index, g_iRepresents the first derivative of the loss function at t-1, h_iRepresenting the second derivative of the loss function, λ represents the expanded redundancy term, γ represents the complexity cost of the new leaf node added, I represents the samples obtained without splitting the tree, I represents_RRepresenting the right subtree sample, I_LRepresenting a left subtree sample;

step S423: let the right subtree Gain value be:

let the left subtree Gain value be:

let the Gain value of the undivided tree be:

further, the gate-level circuit netlist is a circuit netlist before tape-out. Aiming at the problem that the side channel analysis method is susceptible to process noise, the invention adopts the circuit netlist before the tape-out to analyze possible Trojan threats, the detection method has lower cost, and the implantation position of the Trojan can be further positioned by analyzing the hardware Trojan from the circuit logic structure so as to improve the safety design of the chip.

Compared with the prior art, the invention has the following beneficial effects:

1. the method can effectively realize the positioning of the hardware trojan in the netlist, has more flexible operation, does not change the original architecture of the circuit, and is suitable for the safety detection of large-scale integrated circuits.

2. The invention adopts the scan chain characteristic analysis technology, can more obviously reflect the structural characteristics of the hardware Trojan horse, is suitable for the protection of various types of malicious circuits, and is beneficial to improving the detection precision of the traditional hardware Trojan horse defense technology.

3. The invention also adopts a LightGBM gradient lifting algorithm, applies a machine learning algorithm to the detection and analysis of the hardware Trojan horse, has the advantages of strong model expression capability, capability of processing high-dimensional sparse characteristic data, capability of realizing an end-to-end learning mode by an intelligent technology frame, application of the priori knowledge of the hardware Trojan horse method developed to date and the existing Trojan horse characteristic library, self-adaptive updating of the detection method, contribution to improving the Trojan horse detection efficiency, reduction of the expenditure of time and cost, and suitability for the ultra-large scale integrated circuit.

Drawings

FIG. 1 is a schematic flow chart of a method according to an embodiment of the present invention.

Fig. 2 shows the detection effect of the LightGBM algorithm in 15 gate-level hardware trojan samples according to the embodiment of the present invention.

Fig. 3 shows the detection effect of the method according to the embodiment of the present invention for different types of hardware trojans.

FIG. 4 is a structural diagram of a scan chain gate-level netlist according to an embodiment of the present invention.

Detailed Description

The invention is further explained by the following embodiments in conjunction with the drawings.

It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.

It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present application. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.

As shown in fig. 1, the present embodiment provides a hardware trojan detection method based on scan chain feature analysis, which specifically includes the following steps:

step S1: analyzing the logic structure of the gate-level netlist, and extracting the characteristics of the standard netlist; the main characteristics include: the number of circuit fan-in pins, the number of circuit fan-out pins, the number of multiplexers, the number of circuit loops and circuit constant information (such as grounding or constant signals);

step S2: converting the logically synthesized gate-level circuit netlist into a scan chain gate-level netlist through testability design;

step S3: extracting circuit characteristics according to the scan chain gate-level netlist circuit information, wherein the extracted circuit characteristics comprise: a suspicious Trojan trigger module, suspicious observation nodes;

step S4: dividing the circuit characteristic sample extracted in the step S3 into a training data set and a testing data set, and training a two-classification LightGBM algorithm by adopting the training data set to obtain a LightGBM-based hardware Trojan classifier;

step S5: and inputting the test data set into a trained LightGBM hardware Trojan classifier through a cross-validation method to obtain a hardware Trojan prediction result based on the model. And comparing the prediction result of each group of samples with the real result, and calculating the accuracy, precision and recall of the LightGBM hardware Trojan classifier.

Starting from the gate-level netlist of the integrated circuit, the embodiment provides a hardware Trojan detection method based on scan chain feature analysis in the chip design stage, the gate-level netlist of the integrated circuit is firstly converted into the scan chain netlist, then two new Trojan features are provided by combining the advantages of the traditional circuit feature analysis method, and a LightGBM algorithm is used for classifying a Trojan net and a normal net. Meanwhile, the invention combines the machine learning algorithm and the circuit characteristic analysis method to be applied to the hardware Trojan horse detection method and has the characteristics of real time, accuracy, low cost and the like. Aiming at the defects that the time complexity is high and the individual Trojan detection efficiency is low in the traditional hardware Trojan circuit characteristic analysis method, the scan chain netlist characteristic analysis method provided by the invention can improve the detection effect of the hardware Trojan and the detection efficiency of the method can be improved by machine learning of the LightGBM algorithm.

In this embodiment, step S3 specifically includes the following steps:

step S31: initializing a Trojan trigger module STRiModle and a Trojan observation point SObsPoint;

step S32: analyzing the combination elements in the scan chain netlist, if a module which is not converted exists in the scan chain netlist, the module is regarded as a Trojan horse trigger module, and making STRiModule be STRiModule + 1;

step S33: if some special nets exist in the scan chain netlist, the special nets are nets which destroy the chain structure of the scan chain net, the special nets are regarded as suspicious observation nodes, and sobsPoint is equal to sobsPoint + 1.

Preferably, the present embodiment provides the above two new trojan features, and adds the two features into the conventional circuit analysis technology, so as to improve the detection accuracy of the hardware trojan.

With respect to the suspicious trigger module: the trigger part of the hardware trojan can be characterized, since in the scan chain technique, every normal sequence element (D flip-flop) will be replaced by a scan sequence element (scan D flip-flop). And in order to ensure the concealment of the hardware Trojan horse, a Trojan horse manufacturer can prevent a trigger module of the Trojan horse from being converted into a scan chain element. Therefore, by comparing the standard netlist with the scan chain netlist, the suspected Trojan trigger module can be found.

Regarding suspicious observation points: to ensure that Trojan nets are not missed, it is also necessary to identify Trojan nets that are hidden in the normal netlist, and if an attacker wants to steal important private information, the signal must pass through the final output. The scan chain may convert sequential circuits into combinational circuits that will maintain a shifted chain structure. Thus, the injection of a hardware trojan will in part affect the linear relationship of the chain structure. Thus breaking a wire mesh of a chain structure can be defined as a suspicious observation point.

In this embodiment, in step S4, the training process specifically includes the following steps:

step S41: pre-sorting all the characteristics according to numerical values;

step S42: calculating the splitting gain of each characteristic, and selecting the optimal dividing point of the sample characteristic;

step S43: and according to the characteristics and the optimal segmentation points, the submodels are added one by one, the objective function is optimized, and the loss function is ensured to be continuously reduced.

In this embodiment, step S42 specifically includes the following steps:

step S421: let the total objective function l of the t-th iteration^(t)The following were used:

in the formula (I), the compound is shown in the specification,

representing a predicted value of the model;

is a squared error function; f. of_t(x_i) A value representing a prediction of the newly added base tree, corresponding to an argument increment of the loss function; omega (f)_t) The regular penalty term representing the target function is mainly used for limiting the number of leaf nodes and preventing overfitting;

step S422: the splitting Gain is obtained by performing taylor expansion on the loss function, and the formula is as follows:

wherein i represents a sample index, g_iRepresents the first derivative of the loss function at t-1, h_iRepresenting the second derivative of the loss function, λ represents the expanded redundancy term, γ represents the complexity cost of the new leaf node added, I represents the samples obtained without splitting the tree, I represents_RRepresenting the right subtree sample, I_LRepresenting a left subtree sample;

step S423: let the right subtree Gain value be:

let the left subtree Gain value be:

let the Gain value of the undivided tree be:

in this embodiment, the gate-level circuit netlist is a circuit netlist before tape-out. Aiming at the problem that the side channel analysis method is susceptible to process noise, the invention adopts the circuit netlist before the tape-out to analyze possible Trojan threats, the detection method has lower cost, and the implantation position of the Trojan can be further positioned by analyzing the hardware Trojan from the circuit logic structure so as to improve the safety design of the chip.

Specifically, fig. 2 shows the detection effect of the LightGBM algorithm according to the embodiment of the present invention on 15 gate-level hardware trojan samples. Fig. 3 shows the detection effect of the method according to the embodiment of the present invention for different types of hardware trojans. Fig. 4 is a schematic structural diagram of a scan chain gate-level netlist according to an embodiment of the present invention.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The foregoing is directed to preferred embodiments of the present invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof, and the scope thereof is determined by the claims that follow. However, any simple modification, equivalent change and modification of the above embodiments according to the technical essence of the present invention are within the protection scope of the technical solution of the present invention.

Claims (2)

1. A hardware Trojan horse detection method based on scan chain feature analysis is characterized in that: the method comprises the following steps:

step S1: analyzing the logic structure of the gate-level netlist, and extracting the characteristics of the standard netlist;

step S2: converting the logically synthesized gate-level circuit netlist into a scan chain gate-level netlist through testability design;

step S3: extracting circuit characteristics according to the scan chain gate-level netlist circuit information, wherein the extracted circuit characteristics comprise: a suspicious Trojan trigger module, suspicious observation nodes;

step S4: dividing the circuit characteristic sample extracted in the step S3 into a training data set and a testing data set, and training a two-classification LightGBM algorithm by adopting the training data set to obtain a LightGBM-based hardware Trojan classifier;

step S5: inputting the test data set into a trained LightGBM hardware Trojan horse classifier through a cross-validation method to obtain a LightGBM-based hardware Trojan horse prediction result of the LightGBM hardware Trojan horse classifier;

step S3 specifically includes the following steps:

step S31: initializing a Trojan trigger module STRiModule and a Trojan observation point SObsPoint;

step S32: analyzing the combination elements in the scan chain netlist, if a module which is not converted exists in the scan chain netlist, the module is regarded as a Trojan horse trigger module, and making STRiModule be STRiModule + 1;

step S33: if some special nets exist in the scan chain netlist, wherein the special nets are nets with broken chain structures of the scan chain net, the special nets are regarded as suspicious observation nodes, and sobsPoint is equal to sobsPoint + 1;

in step S4, the training process specifically includes the following steps:

step S41: pre-sorting all the characteristics according to numerical values;

step S42: calculating the splitting gain of each feature, and selecting the optimal splitting point of the sample feature;

step S43: according to the characteristics and the optimal segmentation points, the submodels are added one by one, the objective function is optimized, and the loss function is ensured to be continuously reduced;

step S42 specifically includes the following steps:

step S421: setting the total objective function of the t-th iteration

The following were used:

in the formula (I), the compound is shown in the specification,

representing a predicted value of the model;

is a squared error function; f. of_t(x_i) A value representing a prediction of the newly added base tree, corresponding to an argument increment of the loss function; omega (f)_t) A regular penalty term representing an objective function;

step S422: the splitting Gain is obtained by performing taylor expansion on the loss function, and the formula is as follows:

wherein i represents a sample index, g_iRepresents the first derivative of the loss function at t-1, h_iRepresenting the second derivative of the loss function, λ represents the expanded redundancy term, γ represents the complexity cost of the new leaf node added, I represents the samples obtained without splitting the tree, I represents_RRepresenting the right subtree sample, I_LRepresenting a left subtree sample;

step S423: let the right subtree Gain value be:

let the left subtree Gain value be:

let the Gain value of the undivided tree be:

2. the hardware Trojan horse detection method based on scan chain feature analysis according to claim 1, characterized in that: and the gate-level circuit netlist is a circuit netlist before tape-out.

Images