CN111177713A - XGboost-based hardware Trojan detection method and device - Google Patents
XGboost-based hardware Trojan detection method and device Download PDFInfo
- Publication number
- CN111177713A CN111177713A CN201911296352.5A CN201911296352A CN111177713A CN 111177713 A CN111177713 A CN 111177713A CN 201911296352 A CN201911296352 A CN 201911296352A CN 111177713 A CN111177713 A CN 111177713A
- Authority
- CN
- China
- Prior art keywords
- node
- trigger
- detection
- nodes
- detection model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 140
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 title claims abstract description 48
- 238000012549 training Methods 0.000 claims abstract description 43
- 238000000034 method Methods 0.000 claims abstract description 33
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 11
- 238000011156 evaluation Methods 0.000 claims abstract description 11
- 238000012163 sequencing technique Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 16
- 239000003550 marker Substances 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 3
- 230000008030 elimination Effects 0.000 claims description 3
- 238000003379 elimination reaction Methods 0.000 claims description 3
- 230000008707 rearrangement Effects 0.000 claims 1
- 230000008901 benefit Effects 0.000 abstract description 3
- 238000013461 design Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 238000012360 testing method Methods 0.000 description 6
- 238000004458 analytical method Methods 0.000 description 3
- 241000283086 Equidae Species 0.000 description 2
- 238000002474 experimental method Methods 0.000 description 2
- 238000003780 insertion Methods 0.000 description 2
- 230000037431 insertion Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 description 1
- 239000010931 gold Substances 0.000 description 1
- 229910052737 gold Inorganic materials 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 230000000087 stabilizing effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a hardware Trojan horse detection method and a device based on XGboost, wherein the method comprises the following steps: s1: selecting an optimal feature set of the trigger node from the feature set of the trigger node by taking F-score as an evaluation standard; s2: the method comprises the steps of constructing and training a first detection model and a second detection model based on an XGboost algorithm, extracting an optimal feature set of a trigger node of each node in an unknown netlist, inputting the optimal feature set into the first detection model and the second detection model respectively, correspondingly obtaining 2 groups of detection results, wherein each group of detection results comprises all suspicious trigger nodes in the unknown netlist and corresponding suspicious values, and selecting 1 group of detection results with high average values of the suspicious values from the 2 groups of detection results as final detection results. Compared with the prior art, the invention has the advantages of wide application range, high detection precision and the like.
Description
Technical Field
The invention relates to the technical field of electronic hardware security, in particular to a hardware Trojan horse detection method and device based on XGboost.
Background
Due to the globalization of chip design and manufacturing, some behaviors that outsource design and manufacturing for economic benefit make it difficult to guarantee the security of the circuit and the reliability of the integrated circuit system is reduced. A hardware trojan is defined as any intentional modification of a design that changes the original characteristics of the design, is covert, and is capable of changing the design functionality under certain conditions. A typical hardware trojan consists of a trigger circuit and a payload. When the internal signal satisfies the trigger condition, the trigger circuit will inform the payload circuit of it through the trigger node in the hardware trojan. The payload circuit includes a multi-function. The potential threat of the hardware trojan horse is huge because the high-performance hardware device contains various functions, such as information leakage, system failure and large power consumption, the inside of the hardware device is usually a black box, and a user can only trust the supplier of the hardware device. With the continuous development of semiconductor technology, the circuit has gradually high integration level, a hardware trojan implanted in a chip can be activated only under a specific condition, and the original circuit function is not influenced in the rest of time, so that the difficulty of detecting the hardware trojan is very high. The hardware Trojan horse is a kind of entity circuit, once implanted in the original circuit, the hardware Trojan horse can exist for a long time, the risk can be minimized only by carrying out Trojan horse detection on the circuit through a reasonable detection means, and an effective hardware Trojan horse detection method and a precautionary strategy are very important for ensuring the safety of a chip and stabilizing the normal operation of a circuit system.
The hardware trojans are various in types and different in functions, and the implantation mode and the triggering mode of the hardware trojans are not completely the same, so that a universal hardware trojan detection method does not exist, the detection method during chip testing is the most common method at present, the circuit structure of an original chip cannot be damaged, the original circuit design cannot be modified, and the detection method based on logic testing and the detection method based on bypass analysis is the most mainstream. However, the logic test has the problem of low Trojan activation probability, and the electronic equipment has more I/O interfaces, so that the time cost for traversing all input interfaces is high; a common problem with the bypass analysis method is that system noise and device-specific signal deviations exist in the system, and de-noising the bypass signal weakens the original signal.
The prior art also provides a solution, and Chinese patent CN109684834A provides a gate-level hardware Trojan horse recognition method based on XGboost, which collects characteristic data sets of each net in different gate-level netlists, and divides the gate-level netlist characteristic data sets into a training data set and a testing data set; the method comprises the steps of constructing a hardware Trojan detection model of a level netlist based on XGboost, training and testing the model by adopting a leave-one-out method, counting 4 indexes including Retall, F-measure, Precision and Accuracy according to a detection result, adjusting and optimizing parameters of the model according to the indexes, and detecting the hardware Trojan of the gate level netlist by using the trained and optimized model.
The XGboost is used for effectively detecting the hardware trojan of the gate-level netlist, the hardware trojan can be well detected in the design stage of the gate-level netlist of the integrated circuit, gold sheets are not used as reference objects, the cost is low, special detection equipment is not needed, the influence of noise is avoided, and the efficiency and the accuracy are high;
however, the patent has the following problems in the application:
firstly, up to 51 Trojan characteristics are adopted to analyze a known gate-level netlist, a characteristic data set is extracted, too many types of characteristic quantity cause too many parameters of an XGboost model, too complex, too many low-weight characteristic quantities interfering with correct judgment of Trojan net, and not only is the detection speed slow, but also the detection precision is low;
secondly, the Trojan horse detection process of the patent does not distinguish the types of Trojan horses, so that the detection process of the detection model has no pertinence, and the detection effect on different types of Trojan horses is unstable.
Disclosure of Invention
The invention aims to overcome the defects in the prior art, and provides a hardware Trojan horse detection method and device based on a limit gradient lifting tree, which are used for extracting an optimal feature set of a trigger node, and have the advantages of wide application range and high detection precision.
The purpose of the invention can be realized by the following technical scheme:
a hardware Trojan detection method based on XGboost comprises the following steps:
s1: selecting an optimal feature set of a trigger node from a feature set of the trigger node by taking F-score as an evaluation standard, wherein the trigger node refers to a direct connection point between a trigger circuit and an effective load;
s2: constructing a first detection model and a second detection model based on an XGboost algorithm, extracting an optimal feature set of a trigger node of each node in an unknown netlist, inputting the optimal feature set into the first detection model and the second detection model respectively, correspondingly obtaining 2 groups of detection results, wherein each group of detection results comprises suspicious trigger nodes in the unknown netlist, each group of detection results comprises all suspicious trigger nodes in the unknown netlist and corresponding suspicious values, and selecting 1 group of detection results with high average value of the suspicious values from the 2 groups of detection results as final detection results;
the first detection model and the second detection model are trained models, and the training process is as follows:
the method comprises the steps of dividing a plurality of known netlists into a combinational circuit and a sequential circuit, extracting the optimal feature set of trigger nodes of all nodes in the known netlists, obtaining respective training sets of the combinational circuit and the sequential circuit, carrying out duplication elimination and expansion processing, correspondingly training a first detection model and a second detection model by utilizing the training sets of the combinational circuit and the sequential circuit, wherein the training sets further comprise node types of all the nodes, and the node types comprise normal nodes and trigger nodes.
Furthermore, the XGboost, namely the extreme gradient lifting tree algorithm, trains a plurality of weak classifiers and combines the weak classifiers to obtain strong classifiers, each strong classifier is generated along the negative gradient direction of the loss function based on the weak classifier, and the XGboost has the characteristics of high speed and support of custom loss functions in processing node type classification with various trigger node characteristics.
Further, the trigger node feature set includes LGFix, Δ LGFi, FFox, Δ FFo, min (FFo), PI, and PO, 0< x <5, LGFix representing the number of logic gate fans in from the trigger node x level, Δ LGFi representing the difference in number between LGFi1 and LGFi5, FFox representing the number of flip-flops from the output side of the trigger node to x level, Δ FFo representing the difference in number between FFo1 and FFo5, min (FFo) representing the closest flip-flop level to the output side of the trigger node, PI representing the minimum number of logic gates from any main input to the trigger node, and PO representing the minimum number of logic gates from the trigger node to any main output.
Further, step S1 is specifically:
s101: selecting different quantities of trigger node characteristics from the trigger node characteristic set to form a plurality of trigger node characteristic subsets;
s102: constructing a third detection model based on an XGboost algorithm, inputting 1 trigger node feature subset of each node in all known netlists into the third detection model each time to obtain 1 group of detection results, and repeating the steps to obtain a plurality of groups of detection results, wherein the trigger node feature quantity of the trigger node feature subset selected by the optimal 1 group of detection results of the F-score is the optimal quantity;
s103: and inputting the trigger node feature sets of each node in all the known netlists into a third detection model, obtaining the feature weights of all the trigger node features in the third detection model, sequencing, and selecting the trigger node features with the optimal number according to the sequence from high to low in ranking to form the trigger node optimal feature set, so that the trigger node features with small influence in multiple influences can be eliminated, and the trigger node features closely related to the trigger nodes are selected.
Further, the specific process of removing the weight is as follows:
and one node in a plurality of nodes with the same optimal feature set of the trigger nodes in the training set is reserved, and the rest nodes are deleted.
Further, the specific process of the expansion is as follows:
the total number of the normal nodes and the trigger nodes is respectively recorded as m1And m2Copying the trigger node's optimal feature set m1/m2Second, because there is only one trigger node in each known netlist, there are many fewer trigger nodes than normal nodes, and the optimal feature set for the trigger nodes of the trigger nodes is replicated to balance the training set.
Further, the specific process of training the first detection model and the second detection model is as follows:
s201: inputting the training set of the combined circuit into a first detection model for training, obtaining the suspicious value of each node in the combined circuit as a trigger node, sequencing the suspicious values from high to low, and sequencing the n before sequencing1% of the nodes are marked as suspicious trigger nodes; inputting the training set of the time sequence circuit into a second detection model for training, obtaining the suspicious value of each node in the time sequence circuit as a trigger node, sequencing the suspicious values from high to low, and sequencing the n before sequencing2% of the nodes are marked as suspicious trigger nodes;
s202: acquiring n by using TPR (True Positive Rate), TNR (False Positive Rate), Precision and F-score as evaluation result indexes1% and n2Optimal value of% >.
Further, the calculation formulas of TPR, TNR, Precision and F-score are as follows:
the TP, the FP, the FN, and the TN are statistical data of detection results, the TP, i.e., the marker node, is a normal node, and is also a normal node in reality, the FP, i.e., the marker node, is a normal node, and is a trigger node in reality, the FN marker node is a trigger node, and is a normal node in reality, and the TN, i.e., the marker node, is a trigger node, and is also a trigger node in reality.
An XGboost-based hardware Trojan detection device comprises a memory and a processor, wherein the memory stores a computer program, and the processor calls the program instruction to execute the method.
Compared with the prior art, the invention has the following beneficial effects:
(1) the invention takes F-score as an evaluation standard to select part of the trigger node characteristics in the trigger node characteristic set to form the optimal characteristic set of the trigger node, eliminates the trigger node characteristics with smaller influence in multiple influences, has more accurate detection result, simultaneously divides the known netlist into a combinational circuit and a sequential circuit, has more pertinence and accuracy compared with undifferentiated detection, constructs a first detection model and a second detection model based on XGboost algorithm, can obtain 2 groups of detection results, selects the optimal result as a final result, has high accuracy, takes the trigger node as a detection object, comprehensively judges suspicious trigger nodes in the unknown netlist, has more accurate detection result based on the trigger node characteristics of the node, does not need to simulate the operation state of a circuit, does not depend on the simulation result in the detection result, has wide application range and strong anti-interference capability, the result is more reliable;
(2) the method comprises the steps of carrying out duplicate removal and expansion processing on a training set for training a model, reserving one node of a plurality of nodes with the same optimal feature set of trigger nodes in the training set, deleting other nodes, and copying the optimal feature set of the trigger nodes, so that the optimal feature sets of the trigger nodes are the same as those of normal nodes, the number of the trigger nodes and the number of the normal nodes are balanced, the detection precision of the trained detection model is higher, and the result is more accurate;
(3) the invention inputs the corresponding training set into the first detection model and the second detection model, obtains the suspicious value of each node as the trigger node and sorts the suspicious value from high to low, and respectively takes the previous n1% and n2% of the nodes are marked as suspicious trigger nodes, and n is obtained after comprehensive evaluation by taking TPR, TNR, Precision and F-score as evaluation result indexes1% and n2% optimal value can provide a plurality of suspicious trigger nodes, the coverage range is wide, and only 1 trigger node exists in one type of Trojan horse circuit, so that the possibility that the trigger node is judged as a normal node by mistake is extremely low, and the judgment accuracy of the node type is further improved.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments. The present embodiment is implemented on the premise of the technical solution of the present invention, and a detailed implementation manner and a specific operation process are given, but the scope of the present invention is not limited to the following embodiments.
Example one
A hardware Trojan detection method based on XGboost comprises the following steps:
s1: selecting an optimal feature set of the trigger node from the feature set of the trigger node by taking F-score as an evaluation standard;
s2: constructing a first detection model and a second detection model based on an XGboost algorithm, extracting an optimal feature set of a trigger node of each node in an unknown netlist, inputting the optimal feature set into the first detection model and the second detection model respectively, correspondingly obtaining 2 groups of detection results, wherein each group of detection results comprises suspicious trigger nodes in the unknown netlist, each group of detection results comprises all suspicious trigger nodes in the unknown netlist and corresponding suspicious values, and selecting 1 group of detection results with high average value of the suspicious values from the 2 groups of detection results as final detection results;
wherein, first detection model and second detection model are the model after the training, and the training process is:
the method comprises the steps of dividing a plurality of known netlists into a combinational circuit and a sequential circuit, extracting the optimal feature set of trigger nodes of all nodes in the known netlists, obtaining respective training sets of the combinational circuit and the sequential circuit, carrying out duplication elimination and expansion processing, correspondingly training a first detection model and a second detection model by utilizing the training sets of the combinational circuit and the sequential circuit, wherein the training sets further comprise node types of each node, and the node types comprise normal nodes and trigger nodes.
The Trust-HUB is a hardware reference circuit platform, which comprises various types of typical circuits such as size, insertion stage, abstract level, insertion position and the like, has perfect coverage of a trigger mechanism and a realization function, has good universality and is widely applied to hardware Trojan horse detection and design experiments.
The combined trojan horse is a combined circuit which is activated when a special condition occurs in a certain internal signal or node of the circuit, and the sequential trojan horse is a sequential circuit which is activated when a finite state machine FMS detects that a special sequence occurs in a certain internal circuit signal state.
The XGboost trains a plurality of weak classifiers and combines the weak classifiers to obtain strong classifiers, each strong classifier is generated along the negative gradient direction of the loss function based on the weak classifiers, and the XGboost algorithm is as follows:
step S1 specifically includes:
s101: selecting different quantities of trigger node characteristics from the trigger node characteristic set to form a plurality of trigger node characteristic subsets;
s102: constructing a third detection model based on an XGboost algorithm, inputting 1 trigger node feature subset of each node in all known netlists into the third detection model each time to obtain 1 group of detection results, and repeating the steps to obtain a plurality of groups of detection results, wherein the trigger node feature quantity of the trigger node feature subset selected by the optimal 1 group of detection results of the F-score is the optimal quantity;
s103: the method comprises the steps of obtaining a plurality of known netlists Verilog-HDL from Trust-HUB, inputting a trigger node feature set of each node in all the known netlists into a third detection model, obtaining feature weights of all trigger node features in the third detection model, sequencing the feature weights, selecting the trigger node features with the optimal number according to the sequence from high to low in ranking to form an optimal feature set of the trigger node, eliminating the trigger node features with small influence in multiple influences, and selecting the trigger node features closely related to the trigger node.
The specific process of weight removal is as follows: and one node in a plurality of nodes with the same optimal feature set of the trigger nodes in the training set is reserved, and the rest nodes are deleted.
The specific process of the expansion is as follows: the total number of the normal nodes and the trigger nodes is respectively recorded as m1And m2Copying the trigger node's optimal feature set m1/m2Second, because there are only 1 trigger node in each known netlist, there are many fewer trigger nodes than normal nodes, duplicated to balance the training set.
The specific process of training the first detection model and the second detection model comprises the following steps:
s201: inputting the training set of the combined circuit into a first detection model for training to obtain the combined circuitEach node is a suspicious value of a trigger node and is sorted from high to low, and n before the sorting is performed1% of the nodes are marked as suspicious trigger nodes; inputting the training set of the time sequence circuit into a second detection model for training, obtaining the suspicious value of each node in the time sequence circuit as a trigger node, sequencing the suspicious values from high to low, and sequencing the n before sequencing2% of the nodes are marked as suspicious trigger nodes;
s202: acquiring n by using TPR (True Positive Rate), TNR (False Positive Rate), Precision and F-score as evaluation result indexes1% and n2Optimal value of% >.
The calculation formulas for TPR, TNR, Precision and F-score are as follows:
wherein TP, FP, FN and TN are statistical data of detection results, TP (True Positive) is a mark node which is a normal node, and actually the node is also a normal node, FP (False Positive) is a mark node which is a normal node, and actually the node is a trigger node, FN (False negative) is a trigger node, and actually the node is a normal node, TN (True negative) is a mark node which is a trigger node, and actually the node is a trigger node;
the trigger node feature set of the gate-level reference circuit extracted in step S1 is shown in table 1, and the optimal features and corresponding feature weights of the 9 trigger nodes in the optimal feature set of trigger nodes determined in step S1 are shown in table 2:
TABLE 1 trigger node characterization and description thereof
| Triggering node features | Description of the characteristics (0)<x<5) |
| LGFix | Representing the number of logical gate sectors in level X from the trigger node |
| ΔLGFi | Indicating the difference in quantity between LGFi1 and LGFi5 |
| FFox | Indicating the number of flip-flops from the output side of the trigger node to the X level |
| ΔFFo | Indicating the quantitative difference between FFo1 and FFo5 |
| min(FFo) | Indicating the closest trigger level to the output side of the trigger node |
| PI | Representing the minimum number of logic gates from any master input to the trigger node |
| PO | Representing the minimum number of logic gates from the trigger node to any of the main outputs |
Table 2 trigger node optimal feature set
| Triggering node features | Feature weights | |
| 1 | LGFi4 | 0.063 |
| 2 | LGFi5 | 0.086 |
| 3 | ΔLGFi | 0.105 |
| 4 | FFo3 | 0.135 |
| 5 | FFo4 | 0.074 |
| 6 | min(FFo) | 0.167 |
| 7 | ΔFFo | 0.053 |
| 8 | PI | 0.103 |
| 9 | PO | 0.213 |
The known netlist Verilog-HDL obtained from Trust-HUB and the classification results are shown in Table 3:
TABLE 3Trust-HUB reference Circuit types and node counts
Example two
The embodiment provides a hardware trojan detection device based on XGboost, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor calls the program instruction to execute the method according to any one of the embodiments.
The first embodiment and the second embodiment provide a hardware Trojan detection method and a device based on XGboost, the method checks whether unknown netlists contain hardware Trojan or not according to the characteristics of trigger nodes of nodes through a detection model based on XGboost, does not simulate a circuit or an actual operation state, does not need to generate an input test mode, has wide application range, can detect even if newly developed hardware Trojan by using the related information of the existing hardware Trojan, selects part of the trigger node characteristics in the trigger node characteristics set by taking F-score as an evaluation standard to form the optimal characteristic set of the trigger nodes, eliminates the trigger node characteristics with small influence in multiple influences, constructs a first detection model and a second detection model based on an XGboost algorithm, can finally obtain 2 groups of detection results, comprehensively judges suspicious trigger nodes in the unknown netlists, and simultaneously has only one trigger node in each netlist, the value of FP can only be 1 or 0, and a plurality of suspicious trigger nodes are output by the first detection model and the second detection model, so that the possibility of the misjudgment of the real trigger nodes is extremely low, and compared with the adoption of a plurality of Trojan nets in the netlist, the method has higher detection precision.
The foregoing detailed description of the preferred embodiments of the invention has been presented. It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concepts. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning and limited experiments based on the prior art according to the concept of the present invention should be within the scope of protection defined by the claims.
Claims (8)
1. A hardware Trojan detection method based on XGboost is characterized by comprising the following steps:
s1: selecting an optimal feature set of the trigger node from the feature set of the trigger node by taking F-score as an evaluation standard;
s2: constructing and training a first detection model and a second detection model based on an XGboost algorithm, extracting an optimal feature set of a trigger node of each node in an unknown netlist, inputting the optimal feature set into the first detection model and the second detection model respectively, correspondingly obtaining 2 groups of detection results, wherein each group of detection results comprises all suspicious trigger nodes and corresponding suspicious values in the unknown netlist, and selecting 1 group of detection results with a high average value of the suspicious values from the 2 groups of detection results as a final detection result;
wherein, the training process is as follows:
the method comprises the steps of dividing a plurality of known netlists into a combinational circuit and a sequential circuit, extracting the optimal feature set of trigger nodes of all nodes in the known netlists, obtaining respective training sets of the combinational circuit and the sequential circuit, carrying out repetition elimination and expansion processing, and correspondingly training a first detection model and a second detection model by utilizing the training sets of the combinational circuit and the sequential circuit.
2. The XGboost-based hardware Trojan detection method according to claim 1, wherein the step S1 specifically comprises:
s101: selecting different quantities of trigger node characteristics from the trigger node characteristic set to form a plurality of trigger node characteristic subsets;
s102: constructing a third detection model based on an XGboost algorithm, inputting 1 trigger node feature subset of each node in all known netlists into the third detection model each time to obtain 1 group of detection results, and repeating the steps to obtain a plurality of groups of detection results, wherein the trigger node feature quantity of the trigger node feature subset selected by the optimal 1 group of detection results of the F-score is the optimal quantity;
s103: and inputting the trigger node feature set of each node in all the known netlists into a third detection model, obtaining the feature weights of all the trigger node features in the third detection model, sequencing, and selecting the trigger node features with the optimal number according to the sequence of ranking from high to low to form the optimal feature set of the trigger nodes.
3. An XGboost-based hardware Trojan detection method according to claim 1, wherein the trigger node feature set comprises LGFix, Δ LGFi, FFox, Δ FFo, min (FFo), PI and PO.
4. The XGboost-based hardware Trojan detection method according to claim 1, wherein the specific process of the rearrangement comprises the following steps: and one of a plurality of nodes with completely identical trigger node characteristic values in the training set is reserved, and the rest of nodes are deleted.
5. The XGboost-based hardware Trojan detection method according to claim 1, wherein the specific process of the expansion is as follows: the total number of the normal nodes and the trigger nodes is respectively recorded as m1And m2Copying the trigger node's optimal feature set m1/m2Next, the process is carried out.
6. The XGboost-based hardware Trojan detection method according to claim 1, wherein the specific process of training the first detection model and the second detection model is as follows:
s201: inputting the training set of the combined circuit into a first detection model for training, obtaining the suspicious value of each node in the combined circuit as a trigger node, sequencing the suspicious values from high to low, and sequencing the n before sequencing1% of the nodes are marked as suspicious trigger nodes; inputting the training set of the time sequence circuit into a second detection model for training, obtaining the suspicious value of each node in the time sequence circuit as a trigger node, sequencing the suspicious values from high to low, and sequencing the n before sequencing2% of the nodes are marked as suspicious trigger nodes;
s202: adopting TPR, TNR, Precision and F-score as evaluation result indexes to obtain n1% and n2Optimal value of% >.
7. The XGboost-based hardware Trojan horse detection method according to claim 6, wherein the calculation formulas of TPR, TNR, Precision and F-score are as follows:
the TP, the FP, the FN, and the TN are statistical data of detection results, the TP, i.e., the marker node, is a normal node, and is also a normal node in reality, the FP, i.e., the marker node, is a normal node, and is a trigger node in reality, the FN marker node is a trigger node, and is a normal node in reality, and the TN, i.e., the marker node, is a trigger node, and is also a trigger node in reality.
8. An XGboost-based hardware Trojan detection apparatus comprising a memory storing a computer program and a processor invoking the program instructions to perform a method as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911296352.5A CN111177713B (en) | 2019-12-16 | 2019-12-16 | XGBoost-based hardware Trojan detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911296352.5A CN111177713B (en) | 2019-12-16 | 2019-12-16 | XGBoost-based hardware Trojan detection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111177713A true CN111177713A (en) | 2020-05-19 |
| CN111177713B CN111177713B (en) | 2023-10-31 |
Family
ID=70650246
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911296352.5A Active CN111177713B (en) | 2019-12-16 | 2019-12-16 | XGBoost-based hardware Trojan detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111177713B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104849648A (en) * | 2015-05-26 | 2015-08-19 | 大连理工大学 | Test vector generation method for improving Trojan activity |
| WO2016080380A1 (en) * | 2014-11-18 | 2016-05-26 | 学校法人早稲田大学 | Method of detecting hardware trojan, program for detecting hardware trojan, and device for detecting hardware trojan |
| CN109684834A (en) * | 2018-12-21 | 2019-04-26 | 福州大学 | A kind of gate leve hardware Trojan horse recognition method based on XGBoost |
-
2019
- 2019-12-16 CN CN201911296352.5A patent/CN111177713B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016080380A1 (en) * | 2014-11-18 | 2016-05-26 | 学校法人早稲田大学 | Method of detecting hardware trojan, program for detecting hardware trojan, and device for detecting hardware trojan |
| CN104849648A (en) * | 2015-05-26 | 2015-08-19 | 大连理工大学 | Test vector generation method for improving Trojan activity |
| CN109684834A (en) * | 2018-12-21 | 2019-04-26 | 福州大学 | A kind of gate leve hardware Trojan horse recognition method based on XGBoost |
Non-Patent Citations (1)
| Title |
|---|
| 高洪波; 李磊; 周婉婷; 向祎尧: "基于XGBoost的硬件木马检测方法" * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111177713B (en) | 2023-10-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hasegawa et al. | Hardware Trojans classification for gate-level netlists based on machine learning | |
| US8875082B1 (en) | System and method for detecting and prescribing physical corrections for timing violations in pruned timing data for electronic circuit design defined by physical implementation data | |
| US11604917B2 (en) | Static voltage drop (SIR) violation prediction systems and methods | |
| Hasegawa et al. | A hardware-Trojan classification method using machine learning at gate-level netlists based on Trojan features | |
| CN110414277B (en) | Gate-level hardware Trojan horse detection method based on multi-feature parameters | |
| CN109684834B (en) | XGboost-based gate-level hardware Trojan horse identification method | |
| CN109784096B (en) | Hardware Trojan horse detection and elimination method based on clustering algorithm | |
| CN112767106B (en) | Automatic auditing method, system, computer readable storage medium and auditing equipment | |
| CN109657461B (en) | RTL hardware Trojan horse detection method based on gradient lifting algorithm | |
| CN109960727A (en) | For the individual privacy information automatic testing method and system of non-structured text | |
| CN111062036A (en) | Malicious software identification model construction method, malicious software identification medium and malicious software identification equipment | |
| CN113608916A (en) | Fault diagnosis method and device, electronic equipment and storage medium | |
| CN111539612B (en) | Training method and system of risk classification model | |
| CN108333501A (en) | The bypass detection method and device of hardware Trojan horse, emulation verification method and device | |
| CN115147092A (en) | Resource approval method and training method and device of random forest model | |
| CN116522334A (en) | RTL-level hardware Trojan detection method based on graph neural network and storage medium | |
| US20150100929A1 (en) | Reverse synthesis of digital netlists | |
| Hasegawa et al. | Empirical evaluation and optimization of hardware-trojan classification for gate-level netlists based on multi-layer neural networks | |
| Li et al. | A XGBoost based hybrid detection scheme for gate-level hardware Trojan | |
| US20230214575A1 (en) | Static voltage drop (sir) violation prediction systems and methods | |
| CN111177713B (en) | XGBoost-based hardware Trojan detection method and device | |
| CN114626106A (en) | Hardware Trojan horse detection method based on cascade structure characteristics | |
| US8181146B1 (en) | Equivalence checker | |
| CN113656354A (en) | Log classification method, system, computer device and readable storage medium | |
| Zhang et al. | Speeding up vlsi layout verification using fuzzy attributed graphs approach |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |