CN116956121A - Hardware Trojan detection method and device based on deep neural network and multidimensional features - Google Patents
Hardware Trojan detection method and device based on deep neural network and multidimensional features Download PDFInfo
- Publication number
- CN116956121A CN116956121A CN202310797828.3A CN202310797828A CN116956121A CN 116956121 A CN116956121 A CN 116956121A CN 202310797828 A CN202310797828 A CN 202310797828A CN 116956121 A CN116956121 A CN 116956121A
- Authority
- CN
- China
- Prior art keywords
- signals
- neural network
- deep neural
- hardware trojan
- features
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 title claims abstract description 118
- 238000013528 artificial neural network Methods 0.000 title claims abstract description 79
- 238000001514 detection method Methods 0.000 title claims abstract description 59
- 238000000034 method Methods 0.000 claims abstract description 67
- 238000012549 training Methods 0.000 claims abstract description 35
- 230000003068 static effect Effects 0.000 claims abstract description 31
- 239000013598 vector Substances 0.000 claims abstract description 21
- 238000012360 testing method Methods 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 13
- 238000005070 sampling Methods 0.000 claims description 12
- 238000004422 calculation algorithm Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 11
- 238000004458 analytical method Methods 0.000 claims description 8
- 238000010606 normalization Methods 0.000 claims description 6
- 238000013515 script Methods 0.000 claims description 6
- 238000013461 design Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 9
- 230000015556 catabolic process Effects 0.000 description 7
- 238000006731 degradation reaction Methods 0.000 description 7
- 238000000605 extraction Methods 0.000 description 7
- 230000000694 effects Effects 0.000 description 6
- 238000010801 machine learning Methods 0.000 description 6
- 238000004880 explosion Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000008030 elimination Effects 0.000 description 4
- 238000003379 elimination reaction Methods 0.000 description 4
- 238000011176 pooling Methods 0.000 description 4
- 238000007637 random forest analysis Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 229910052710 silicon Inorganic materials 0.000 description 3
- 239000010703 silicon Substances 0.000 description 3
- XUIMIQQOPSSXEZ-UHFFFAOYSA-N Silicon Chemical compound [Si] XUIMIQQOPSSXEZ-UHFFFAOYSA-N 0.000 description 2
- 230000004913 activation Effects 0.000 description 2
- 238000004140 cleaning Methods 0.000 description 2
- 238000005094 computer simulation Methods 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 230000001965 increasing effect Effects 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 241000283086 Equidae Species 0.000 description 1
- 241000321453 Paranthias colonus Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 238000013527 convolutional neural network Methods 0.000 description 1
- 238000002790 cross-validation Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000005284 excitation Effects 0.000 description 1
- 238000011990 functional testing Methods 0.000 description 1
- 239000007943 implant Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 230000000306 recurrent effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000002194 synthesizing effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/0464—Convolutional networks [CNN, ConvNet]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Evolutionary Computation (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computational Linguistics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Evolutionary Biology (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a hardware Trojan detection method based on a deep neural network and multidimensional features, which relates to the technical field of hardware security and comprises the following steps: obtaining a netlist circuit to be tested; classifying the netlist circuit to be tested by using the trained deep neural network, and judging whether the signals in the netlist circuit to be tested are normal signals or Trojan signals; the trained deep neural network is obtained according to a training data set, the training data set expands a hardware Trojan characteristic vector library by using a data enhancement method, noise sample obtaining is processed, and characteristics in the hardware Trojan characteristic vector library comprise static structural characteristics of signals in a netlist circuit and testability characteristics of the signals in the netlist circuit. The method and the device can accurately and effectively acquire the classification result.
Description
Technical Field
The invention belongs to the technical field of hardware security, and particularly relates to a hardware Trojan horse detection method based on a deep neural network and multidimensional features.
Background
As the design process and manufacturing process of integrated circuits become complex, the industry has gradually transitioned to a global business model; among them, many third-party design companies, factories, and EDA (Electronic Design Automatic, electronic design automation) tools are involved in the complex and decentralized industry chain of integrated circuits, and for the benefit, these third-party personnel may implant unknown functional blocks into the hardware circuits to achieve the purposes of changing the circuit functions, revealing confidential information inside the circuits, assisting the software Trojan horse control system, and physically destroying, these malicious functional blocks are called hardware Trojan horses.
The hardware Trojan horse attack method is various, and can be implanted at any stage of chip design or manufacture, and has the characteristics of high concealment, flexible design, complex action mechanism and the like. Hardware Trojan detection is the most direct and effective way to deal with security threats posed by hardware Trojan. The production chain of modern ICs comprises two parts: the pre-silicon stage and the post-silicon stage, the hardware Trojan detection of the pre-silicon stage can be roughly divided into four types: circuit analysis, functional testing, formal verification, and machine learning. The circuit analysis is used for identifying suspicious sentences or modules by analyzing the behavior or structure codes of the designed IC and marking signals or gate circuits suspected to be hardware Trojan by utilizing quantitative indexes; however, the method is time-consuming, the execution time and the reliability of the method depend on the number of internal circuits and the selected quantitative index, the expansibility is poor, and the method needs to be manually analyzed again for each new circuit or Trojan horse. The functional test has strong adaptability to process variation and noise influence; functional testing requires dynamic simulation and can be time consuming in large scale circuits. The form verification detection does not depend on the hardware Trojan triggering condition, so that the problem that Trojan cannot be detected due to low triggering probability does not occur; however, formal verification detects a hardware Trojan by checking whether the design meets a set of predefined security attributes, so it cannot detect unknown features introduced by the Trojan. In addition, as the circuit scale increases, both functional testing and formal verification present problems of state explosion.
The machine learning-based method is relatively suitable for the scene of feature recognition, has the advantages of no need of a golden reference model, no need of dynamic simulation, high detection speed, high accuracy and the like, and is gradually applied to the field of hardware Trojan detection in recent years. The Trojan horse detection method based on machine learning is divided into two types, namely a characteristic-based type and a structure-based type according to the difference of the detection methods. The feature-based method is simple in principle, high in execution speed and high in efficiency in practical application; however, the existing method only considers part of structural characteristics or behavior characteristics of the hardware Trojan, a perfect hardware Trojan characteristic library cannot be established, most of the used hardware Trojan characteristic library is a traditional machine learning model and a shallow neural network, nonlinear fitting capability is weak, and information of a data set is difficult to fully learn. The method based on the structure converts the circuit into a sequence or a graph, and then constructs a neural network for training, and the method utilizes the characteristic that the nature of the circuit is a directed graph, so that the method has higher accuracy and universality; however, the structure-based method model has poor interpretation and complex model, consumes more memory and time in the process of feature extraction and neural network training, and limits the application of the method in a large-scale circuit.
In the related art, li Sen et al propose a method for detecting a gate level hardware Trojan in a mixed mode multi-level based on machine learning in patent CN 111523116a [ p ].2020. "in which static detection is performed on a circuit to be detected by analyzing the structure and characteristics of the gate level Trojan circuit in a first level using a machine learning algorithm; then, static detection is carried out on the normal circuit separated from the first stage by using a scanning chain detection method at the second level; finally, dynamically detecting the normal circuit separated from the second stage, and synthesizing the detection results of the three stages to obtain a final Trojan horse circuit; according to the method, a static detection method and a dynamic detection method are combined, simulation test and scan chain test are required to be carried out on a circuit to be detected, so that the method is very time-consuming in large-scale design, and test excitation is difficult to traverse all conditions, so that Trojan detection effect with low trigger probability is poor.
Feng Jianhua et al in the patent, "door-level hardware Trojan detection method based on multiple characteristic parameters," CN110414277A [ P ].2019, propose a door-level hardware Trojan detection method based on multiple characteristic parameters, which obtains the jump probability of signals by dynamically simulating a circuit and calculates the correlation of the signals; then using EDA tool to calculate the controllability and observability of the signal; then fusing a plurality of features, and classifying by a design algorithm; the method also needs to dynamically simulate the circuit, consumes long time in a large-scale circuit, depends on EDA tools, has threshold limit on extracted controllability and observability values, and cannot fully characterize the behavior characteristics of the circuit.
The Wangquan et al in the patent 'integrated circuit hardware Trojan detection method based on multi-parameter bypass analysis, CN112231776A [ P ].2021 ]', propose a hardware Trojan detection method based on multi-parameter bypass analysis, the method carries out sector division on a circuit netlist, obtains a side channel feature vector of a circuit through instrument measurement, constructs a Bayesian classifier to detect a circuit to be detected, and can realize the positioning of Trojan; according to the method, the hardware detection is carried out through the side channel information of the measuring circuit, instruments such as an oscilloscope and a current meter are needed, the process is complicated, the influence of process variation and environmental noise is easy to influence, large-scale application is difficult to realize, and the practical value is low.
The prior document "T.Kurihara and N.Togawa," Hardware-Trojan Classification based on the Structure of Trigger Circuits Utilizing Random Forests, "2021IEEE 27th International Symposium on On-Line Testing and Robust System Design (IOLTS)," 2021."proposes a gate-level Hardware Trojan detection method based on static characteristics," C.H.Kok, C.Y.Ooi, M.Moghbel, N.Ismail, H.S.Choo and M.Inoue, "Classification of Trojan Nets Based on SCOAP Values us-ing Supervised Learning,"2019IEEE International Symposium on Circuits and Systems (ISCAS), 2019, pp.1-5, doi: 10.1109/ISCAS.2019.870262, "and a gate-level Hardware Trojan detection method based on testability and observability values, both of which can identify Hardware Trojan, but because the characteristics used by the method only consider part of the characteristics of the Hardware Trojan, the method cannot fully represent the behavior mode of the Hardware Trojan, and the use of a shallow neural network such as a random forest, a multi-layer perceptron and the like, the model detection capability is poor, the characteristic information of the Trojan cannot be fully learned, so that the detection effect is poor, and the highest TPR (True Positive Rate, 4.83% true F-1% of the method is only 82.5%.
Accordingly, there is a need for an improvement over the above-mentioned deficiencies in the prior art.
Disclosure of Invention
Aiming at the technical problems, the invention provides a hardware Trojan horse detection method based on a deep neural network and multidimensional features. The technical problems to be solved by the invention are realized by the following technical scheme:
in a first aspect, the present invention provides a hardware Trojan detection method based on a deep neural network and multidimensional features, including:
obtaining a netlist circuit to be tested;
classifying the netlist circuit to be tested by using the trained deep neural network, and judging whether the signals in the netlist circuit to be tested are normal signals or Trojan signals;
the trained deep neural network is obtained according to a training data set, the training data set expands a hardware Trojan characteristic vector library by using a data enhancement method, noise sample obtaining is processed, and characteristics in the hardware Trojan characteristic vector library comprise static structural characteristics of signals in a netlist circuit and testability characteristics of the signals in the netlist circuit.
In a second aspect, the present invention further provides a hardware Trojan detection device based on a deep neural network and multidimensional features, including:
the data acquisition module is used for acquiring a netlist circuit to be tested;
the data processing module is used for classifying the netlist circuit to be tested by using the trained deep neural network and judging whether the signals in the netlist circuit to be tested are normal signals or Trojan signals;
the trained deep neural network is obtained according to a training data set, the training data set is obtained by expanding a hardware Trojan feature vector library by using a data enhancement method and processing noise samples, and features in the hardware Trojan feature vector library comprise static structural features of signals in a netlist circuit and testability features of signals in the netlist circuit.
The invention has the beneficial effects that:
according to the hardware Trojan detection method based on the deep neural network and the multidimensional features, the trained deep neural network is used for classifying the netlist circuit to be detected, and signals in the netlist circuit to be detected can be effectively judged to be normal signals or Trojan signals; training a training data set of a preset deep neural network, wherein the training data set is obtained by combining static structural features and testability features and performing data enhancement processing; the static structural features and the testability features are combined, a hardware Trojan feature library containing 80-dimensional features is provided, the information of the hardware Trojan is expanded, the whole feature extraction process is automated, the circuit structure is not required to be manually analyzed, and the hardware Trojan feature library has good practicability and expandability; the mixed sampling method is used for enhancing the hardware Trojan horse data set, and combining the up-sampling method and the down-sampling method, so that overlapping samples and noise samples are eliminated while a minority sample set is expanded, and the problem that the proportion of positive and negative samples in the data set is too great is effectively solved; compared with the traditional neural network, the deep neural network can reach a deeper network level without network degradation, is not easily influenced by factors such as gradient elimination, gradient explosion and the like, and has better stability and generalization capability; thus, the classification result can be accurately and effectively obtained.
The present invention will be described in further detail with reference to the accompanying drawings and examples.
Drawings
FIG. 1 is a flowchart of a hardware Trojan detection method based on a deep neural network and multidimensional features provided by an embodiment of the invention;
FIG. 2 is a flow chart of deep neural network training provided by an embodiment of the present invention;
FIG. 3 is a schematic diagram of a preset deep neural network according to an embodiment of the present invention;
fig. 4 is a block diagram of a residual unit according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to specific examples, but embodiments of the present invention are not limited thereto.
Referring to fig. 1, fig. 1 is a flowchart of a hardware Trojan detection method based on a deep neural network and multidimensional features according to an embodiment of the present invention, where the hardware Trojan detection method based on the deep neural network and multidimensional features provided by the present invention includes:
s101, obtaining a netlist circuit to be tested;
s102, classifying the netlist circuit to be tested by using the trained deep neural network, and judging whether the signals in the netlist circuit to be tested are normal signals or Trojan signals;
the trained deep neural network is obtained according to a training data set, the training data set carries out data balance and data cleaning on a processed data set through a data enhancement method, the processed data set is obtained through normalization processing on a spliced data set, and the spliced data set is obtained through splicing the static structural characteristics of signals in a netlist circuit in the data set and the controllability and observability values of the signals in the netlist circuit in the data set.
The embodiment provides a hardware Trojan detection method based on a deep neural network and multidimensional features, which uses the trained deep neural network to classify the netlist circuit to be detected, and can effectively judge whether the signals in the netlist circuit to be detected are normal signals or Trojan signals; training a training data set of a preset deep neural network, wherein the training data set is obtained by combining static structural features and testability features and performing data enhancement processing; the static structural features and the testability features are combined, a hardware Trojan feature library containing 80-dimensional features is provided, the information of the hardware Trojan is expanded, the whole feature extraction process is automated, the circuit structure is not required to be manually analyzed, and the hardware Trojan feature library has good practicability and expandability; the mixed sampling method is used for enhancing the hardware Trojan horse data set, and combining the up-sampling method and the down-sampling method, so that overlapping samples and noise samples are eliminated while a minority sample set is expanded, and the problem that the proportion of positive and negative samples in the data set is too great is effectively solved; compared with the traditional neural network, the deep neural network can reach a deeper network level without network degradation, is not easily influenced by factors such as gradient elimination, gradient explosion and the like, and has better stability and generalization capability; thus, the classification result can be accurately and effectively obtained.
In an alternative embodiment of the present invention, please refer to fig. 2, fig. 2 is a flowchart of deep neural network training provided in the embodiment of the present invention, and a process for obtaining a trained deep neural network includes:
s201, acquiring a data set.
S202, performing text analysis on a netlist circuit in a data set by using Python scripts, and extracting static structural features of signals in the netlist circuit; wherein the static structural feature comprises 74 dimensions.
In this embodiment, a Python script is used to traverse a netlist circuit in a data set, a gate type, a gate name, a net name and a port connection relationship in the netlist circuit are analyzed and recorded, and are stored in a dictionary form, signals of a main input and output and a main output are extracted by classifying according to the gate type, and a shortest path algorithm is used to obtain a signal with the shortest distance from the main input signal and the main output signal, namely, obtain a static structural feature of the signal in the netlist circuit.
In this embodiment, the static structural features are respectively: the number of fan-ins far from the net input end by x stages is (x is more than or equal to 1 and less than or equal to 5); the number of the triggers which are far from the net input end/output end by x stages is not less than x and not more than 5; the fan-out quantity far from the net output end by x stages is (x is more than or equal to 1 and less than or equal to 5); the number of stages of the main input closest to the net input; the number of stages of the main output closest to the net output; the number of the same logic gates far from the net input end of the net by x stages is (1.ltoreq.x.ltoreq.5); the number of logic gates far from the net input end/output end by x stages is more than or equal to 1 and less than or equal to 5; the number of the multiplexers far from the net input end/output end by x stages is more than or equal to 1 and less than or equal to 5; the number of stages of the flip-flop closest to the net input/output; the number of stages of the multiplexer closest to the net input/output; the number of stages of the inverter closest to the net input/output; the number of constant items far from the net input end/output end by x stages is more than or equal to 1 and less than or equal to 5; the number of loops far from the net input/output by x stages (1.ltoreq.x.ltoreq.5).
S203, using a testability tool, writing a script for assistance, and extracting the controllability and observability values of signals in the netlist circuit in the data set; wherein the controllability and observability values comprise 6 dimensions.
In this embodiment, the testability of the signal is characterized using a controllability and observability analysis algorithm (Sandia Controllability/Observability Analysis Program, SCOAP) comprising six metric values, CC0, CC1, CO, SC0, SC1, SO, respectively; the CC0 and CC1 represent combination controllability, namely the quantity of signals to be controlled by inputting a specific signal value of 0 or 1; CO characterizes the combined observability, which is the propagation of signal values to the number of signals the output needs to control; SC0, SC1 characterizes timing controllability, which is the shortest clock period required to set a signal to 0 or 1, SO is the shortest clock period required to observe a signal value from the output. Please refer to tables 1 to 3.
TABLE 1 controllability CC0, CC1 calculation rules
TABLE 2 controllability SC0, SC1 calculation rules
TABLE 3 observability of CO, SO calculation rules
S204, splicing the static structural features with the controllability and the observability values to form an 80-dimensional spliced data set, wherein the spliced data set is used for representing the hardware Trojan horse feature vector.
S205, normalizing each static structural feature in the spliced dataset and the controllability and observability values.
In this embodiment, the feature vectors in the spliced dataset are normalized, that is, the features extracted from each netlist circuit are normalized, so that the size of a certain feature value is irrelevant to the scale of the netlist circuit, but is only relevant to the relative size of the netlist circuit, thus eliminating the influence of the scale of the netlist circuit on the detection effect and enabling the feature extraction process to be more independent and universal.
Specifically, the expression of the normalization process is:
wherein x is max And x min Respectively are provided withIs the maximum and minimum values of features within the netlist circuit.
S206, generating a new netlist circuit according to the few netlist circuits in the processed data set by using a synthetic few-class oversampling technology, and acquiring an updated processed data set.
S207, using an edit nearest neighbor algorithm, removing the overlapped netlist circuit and the noise netlist circuit at the boundary in the updated processed data set to obtain a training data set.
In this embodiment, both step S206 and step S207 are data enhancement processes, and considering that the number of hardware Trojan is generally far smaller than the number of normal signals, it is difficult for the neural network to learn enough information for classification, so in this embodiment, the Trojan data set is extended by using the smoothenn data enhancement method; firstly, using a synthetic minority class oversampling technology (Synthetic Minority Over-sampling Technique, SMOTE), and generating new samples in some minority class samples with similar positions to achieve the purpose of balancing classes; next, overlapping samples and noise samples at class boundaries are removed using an edit nearest neighbor algorithm (Edited Nearest Neighbors, ENN). The SMOTE algorithm has the disadvantage that the generated minority class samples are often overlapped with the surrounding majority class samples and are difficult to classify, and ENN can just remove the overlapped samples, so that the purpose of data cleaning is achieved. The smotenenn algorithm combines the two, and utilizes the ability of SMOTE to generate composite samples and ENN to remove overlapping samples and noise samples, which can improve model performance without changing data distribution. For the algorithm flow of smoeenn, please refer to algorithm 1. In this embodiment, the k value of ENN is taken to be 3, and the sampling rate r of smote is the ratio of the total number of signals to the number of hardware Trojan signals.
S208, inputting the training data set into a preset deep neural network for processing, and extracting features; and calculating the weight of the loss function according to the extracted characteristics so as to update the parameters of the preset deep neural network and obtain the trained deep neural network.
In this embodiment, please refer to fig. 3, fig. 3 is a schematic diagram of a preset deep neural network provided by the embodiment of the present invention, where the preset deep neural network is a 101-layer residual neural network, the network structure is composed of a plurality of residual units, an average pooling layer and a classification layer, the residual units are used to extract features of data, the features extracted by the convolution layer of the residual units are all connected to the average pooling layer, so as to obtain more information, and most of the features are output by the classification layer; the residual error unit comprises a convolution layer, a BN layer and a ReLu function, wherein the convolution kernel size is 5, the convolution step length is 2, the padding is 2, and a maximum pooling layer with the size of 3 and the step length of 2 is constructed; in the embodiment, an 80-dimensional input layer is used, a convolution layer is used for processing, data characteristics are extracted, and finally an average pooling layer and a full connection layer are used for classifying the data to obtain probability values of signals which are Trojan signals and normal signals; wherein the ReLu function acts as an activation function for all network layers except the output layer, and the Sigmoid function is used as an activation function for the output layer to support the computation of the two classifications. To avoid overfitting of the neural network, the present embodiment inserts a Batch Normalization (BN) layer between the network layers for normalization. The specific structural parameters of the residual neural network used in this example are shown in table 4. The ResNet used in the examples was implemented by the TensorFlow library with version 2.4.1.
TABLE 4 structural parameters
Referring to fig. 4, fig. 4 is a structural diagram of a residual unit provided in an embodiment of the present invention, where each residual unit may be represented by the following formula:
x l+1 =H(x l )= x l +F(x l ) (2);
x l+2 = x l+1 +F(x l+1 )=x l +F(x l )+F(x l+1 ) (3);
wherein x is l And x l+1 Input and output of the first residual unit, F (x) is residual function, x L Is the output of the L-th residual unit.
As can be obtained from equation (3) above, the output of any one residual unit can be calculated from the input of the previous residual unit; resNet can solve the degradation of network, just because there is the jumper connection, shallow layer characteristic jumper connection is deep, and deep layer network can obtain a result that is not worse than shallow layer network. The shallow layer features and the deep layer features are added, so that even if the features obtained by the intermediate operation have no effect, the deep layer network can ensure the same performance as the shallow layer network.
In this embodiment, training the classifier is further included to improve the ability of the classifier to correctly identify the Trojan signal and the normal signal. And placing the netlist inserted into the hardware Trojan in the training data set into a classifier for multi-round training, and after ResNet training of the classifier, obtaining a result and calculating loss to perform back propagation so as to update the weight by the classifier. The training loss adopted in ResNet of the embodiment is the Euclidean distance between the true label and the predicted label to maximize the embedded vector of different classes, and the formula is as follows:
wherein Y is a real label,to predict tags.
In this embodiment, the model is a deep neural network, and compared with the traditional neural network, the deep neural network can reach a deeper network level without degradation of the network, has higher learning efficiency, and can effectively alleviate the problems of gradient elimination and gradient explosion caused by the increase of the network depth. The invention adopts a deep neural network to acquire global characteristics of signals and conduct message transmission, firstly uses a multi-layer neural network to conduct characteristic extraction on input data, then classifies the input data through a classification layer and a Sigmoid function, and is used for judging whether the signals represented by the input data are hardware Trojan signals or not. The training loss adopted in the deep neural network is the cross entropy of the real label and the predicted label.
S209, acquiring a test set; and judging the performance of the trained deep neural network through the test set.
In this embodiment, the data sets are 15 netlist circuits in Trusthub, which are about 200 gates of RS232-T1000, RS232-T1100, RS232-T1200, RS232-T1300, RS232-T1400, RS232-T1500, RS232-T1600, and about 5000 gates of S15850-T100, S35932-T100, S35932-T200, S35932-T300, S38417-T100, S38417-T200, S38417-T300, and S38584-T100.
Firstly, carrying out text analysis on a netlist circuit by using a Python language, extracting static structural features and testability measurement values, then fusing the two parts of features into 80-dimensional feature vectors, and carrying out normalization operation on the feature vectors; then, a data enhancement method is used for the data set to increase the number of minority class samples and remove noise samples; then, the feature vector is put into a deep neural network model for training, parameters are continuously adjusted for model training, and then, a classifier with the highest detection precision is selected for subsequent hardware Trojan detection; and finally, extracting features of the netlist to be detected, and then placing the netlist into a classifier for hardware Trojan detection to obtain a detection result. The embodiment adopts a leave-one-out cross-validation mode to perform hardware Trojan detection work, and is specifically characterized in that the 14 netlist circuits are adopted to perform training and 1 netlist circuit is adopted to perform testing, the testing result is used as a hardware Trojan detection result of a corresponding test netlist, the process is circulated for 15 times, and the average detection result of all netlists is taken as a final result.
In this example, the model was evaluated using classical evaluation indicators in the two classification fields, including TPR (Recall), TNR, precision, F-score and Accuracy; TPR (Recall) is a true positive rate, also called Recall rate, which is the proportion of the identified hardware Trojan to all hardware Trojan; TNR is true negative rate, and is the proportion of the identified normal signal to all normal signals; precision is the Precision, and the proportion of the hardware Trojan horse detected by the hardware Trojan horse occupation model which is correctly identified; f1-score is a harmonic mean of Recall and Precision and is used for comprehensively evaluating the classification effect of the model; accuracy is the Accuracy rate, which is the proportion of the correct signal to all signals for identification. The specific calculation formula is as follows:
wherein TN is the number of normal signals identified as normal, TP is the number of Trojan signals identified as Trojan, FN is the number of Trojan signals identified as normal, FP is the number of normal signals identified as Trojan, total is the number of all signals.
In this embodiment, the hardware Trojan detection results are shown in table 5, and the average accuracy of this example reaches 99.3%, and the average recall rate of 92.7%, the average accuracy of 89.3%, and the average F1 of 89.6% are obtained, which indicates that the network provided in this embodiment can basically implement correct classification of all signals.
TABLE 5Trust-Hub dataset detection results
/>
Referring to Table 6, which shows the results of the comparison of the present invention with the prior art, it can be seen from the Table that the present invention is capable of increasing the TPR by 28.9% at the expense of 0.7% TNR, and the F1 fraction is also increased by 11.8% compared to the methods based on testability (C.H.Kok, C.Y.Ooi, M.Moghbel, N.Ismail, H.S.Choo and M.Inoue, "Classification of Trojan Nets Based on SCOAP Values us-ing Supervised Learning,"2019IEEE International Symposium on Circuits and Systems (ISCAS), 2019, pp.1-5, doi:10.1109/ISCAS.2019.87024662.) compared to the methods using static features (T.Kurihara and N.Togawa, "Hardware-Trojan Classification based on the Structure of Trigger Circuits Utilizing Random Forests,"2021IEEE 27th International Symposium on On-Line Testing and Robust System Design (IOLTS), 2021.). It can be seen that the invention combines static characteristics and testability characteristics, extracts Trojan characteristics more comprehensively, expands information of hardware Trojan, and effectively improves detection accuracy; compared with the method adopting natural language processing technology (LuR, shen H, su Y, et al Gramsdet: hardware Trojan Detection Based on Recurrent Neural Network [ C ]//2019IEEE 28th Asian Test Symposium (ATS). Kolkata, india.2019: 111-115.), the TPR is improved by 10.4%, the TNR is improved by 2.6%, and F1 is improved by 29.8%, thereby showing the advantages of the method based on the deep neural network in the field of hardware Trojan detection. In short, both the method based on static features and the method based on testability only extract part of hardware Trojan features, which results in limited performance, and the existing detection method based on structural features cannot solve the network degradation problem caused by deep networks, and cannot obtain good results. Compared with the method, the method for detecting the Trojan horse features based on the static features and the testability extracts Trojan horse features more comprehensively, meanwhile, the deep neural network can enable the model to learn more abstract and higher-level information, the degradation problem in the deep network is greatly relieved, and a better detection effect is obtained. In addition, the invention fully automatizes the characteristic extraction process, has strong practicability and expandability, overcomes the defects of the prior researches and has great practical value.
TABLE 6 comparison of the invention with the prior art
| TPR | TNR | F1-score | |
| SCOAP(2019) | 82.5% | 99.0% | 83.4% |
| Random Forest(2021) | 63.6% | 99.9% | 77.8% |
| GramsDet(2019) | 82.1% | 96.0% | 59.8% |
| The invention is that | 92.5% | 99.2% | 89.6% |
It should be noted that the classifier in this embodiment may be implemented using a deep neural network, including but not limited to MLP, DNN, CNN, resNet.
In summary, according to the hardware Trojan detection method based on the deep neural network and the multidimensional features, firstly, the static structural features and the testability features are collected, a hardware Trojan feature library comprising 80-dimensional features is provided, the information of the hardware Trojan is expanded, the whole feature extraction process is automated, the circuit structure is not required to be manually analyzed, and the hardware Trojan detection method has good practicability and expandability; secondly, aiming at the problem of unbalanced data in the hardware Trojan detection field, the invention uses a mixed sampling method to enhance the hardware Trojan data set, combines an up-sampling method and a down-sampling method, expands a few sample sets, simultaneously eliminates overlapping samples and noise samples, and effectively improves the problem that the proportion of positive and negative samples in the data set is too great; and finally, a deep neural network is constructed for hardware Trojan detection, compared with the traditional neural network, the deep neural network can reach a deeper network level without network degradation, is not easily influenced by factors such as gradient elimination, gradient explosion and the like, and has better stability and generalization capability.
It should be noted that in this document relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that an article or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in an article or apparatus that comprises the element. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The orientation or positional relationship indicated by "upper", "lower", "left", "right", etc. is based on the orientation or positional relationship shown in the drawings, and is merely for convenience of description and to simplify the description, and is not indicative or implying that the apparatus or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and therefore should not be construed as limiting the invention.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Further, one skilled in the art can engage and combine the different embodiments or examples described in this specification.
The foregoing is a further detailed description of the invention in connection with the preferred embodiments, and it is not intended that the invention be limited to the specific embodiments described. It will be apparent to those skilled in the art that several simple deductions or substitutions may be made without departing from the spirit of the invention, and these should be considered to be within the scope of the invention.
Claims (9)
1. A hardware Trojan horse detection method based on a deep neural network and multidimensional features is characterized by comprising the following steps:
obtaining a netlist circuit to be tested;
classifying the netlist circuit to be tested by using a trained deep neural network, and judging whether signals in the netlist circuit to be tested are normal signals or Trojan signals;
the trained deep neural network is obtained according to a training data set, the training data set is obtained by expanding a hardware Trojan feature vector library by using a data enhancement method and processing noise samples, and features in the hardware Trojan feature vector library comprise static structural features of signals in a netlist circuit and testability features of signals in the netlist circuit.
2. The hardware Trojan detection method based on the deep neural network and the multidimensional features according to claim 1, wherein the process of acquiring the static structural features of the signals in the netlist circuit comprises the following steps:
acquiring a data set;
performing text analysis on the netlist circuit in the dataset by using Python scripts, and extracting static structural features of signals in the netlist circuit; wherein the static structural feature comprises 74 dimensions.
3. The hardware Trojan detection method based on the deep neural network and the multidimensional features according to claim 2, wherein a Python script is used for traversing a netlist circuit in a data set, connection relations between gates and nets in the netlist circuit are recorded, signals of main input and output and signals of main output are extracted according to types of the gates, and a shortest path algorithm is used for acquiring signals with shortest distances from the main input signals and the main output signals, namely acquiring static structural features of the signals in the netlist circuit.
4. The hardware Trojan detection method based on the deep neural network and the multidimensional features according to claim 1, wherein the process of acquiring the testability features of the signals in the netlist circuit comprises the following steps:
acquiring a data set;
using a testability tool, writing a script to assist, and extracting controllability and observability values of signals in the netlist circuit in the data set, namely testability characteristics of the signals in the netlist circuit; wherein the testability feature comprises 6 dimensions.
5. The method for detecting a hardware trojan horse based on a deep neural network and multidimensional features as recited in claim 1, further comprising: normalizing the features in the hardware Trojan feature vector library;
normalizing each static structural feature and testability feature in the hardware Trojan feature vector library; the expression of normalization processing is as follows:
wherein x is max And x min Respectively, the maximum value and the minimum value of the feature in the netlist circuit, x is the original feature value, x new Is the normalized eigenvalue.
6. The method for detecting the hardware Trojan horse based on the deep neural network and the multidimensional features according to claim 1, wherein the method for expanding the hardware Trojan horse feature vector library and processing the noise samples by using the data enhancement method comprises the following steps:
generating a new netlist circuit according to the normalized hardware Trojan feature vector library by using an up-sampling method;
and (3) using a downsampling method to remove the generated overlapped netlist circuit and the noise netlist circuit at the boundary to obtain a training data set.
7. The method for detecting the hardware Trojan horse based on the deep neural network and the multidimensional features according to claim 1, wherein the obtaining process of the trained deep neural network comprises the following steps:
inputting the training data set into a preset deep neural network for processing, and extracting features;
and calculating the weight of the loss function according to the extracted characteristics so as to update the parameters of the preset deep neural network and obtain the trained deep neural network.
8. The method for detecting a hardware trojan horse based on a deep neural network and multidimensional features as recited in claim 1, further comprising:
acquiring a test set;
and classifying the netlist circuits in the test set by using the trained deep neural network to judge the performance of the trained deep neural network.
9. A hardware Trojan detection device based on a deep neural network and multidimensional features is characterized by comprising:
the data acquisition module is used for acquiring a netlist circuit to be tested;
the data processing module is used for classifying the netlist circuit to be tested by using the trained deep neural network and judging whether the signals in the netlist circuit to be tested are normal signals or Trojan signals;
the trained deep neural network is obtained according to a training data set, the training data set is obtained by expanding a hardware Trojan feature vector library by using a data enhancement method and processing noise samples, and features in the hardware Trojan feature vector library comprise static structural features of signals in a netlist circuit and testability features of signals in the netlist circuit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310797828.3A CN116956121A (en) | 2023-06-30 | 2023-06-30 | Hardware Trojan detection method and device based on deep neural network and multidimensional features |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310797828.3A CN116956121A (en) | 2023-06-30 | 2023-06-30 | Hardware Trojan detection method and device based on deep neural network and multidimensional features |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116956121A true CN116956121A (en) | 2023-10-27 |
Family
ID=88450339
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310797828.3A Pending CN116956121A (en) | 2023-06-30 | 2023-06-30 | Hardware Trojan detection method and device based on deep neural network and multidimensional features |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116956121A (en) |
-
2023
- 2023-06-30 CN CN202310797828.3A patent/CN116956121A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hasegawa et al. | Hardware Trojans classification for gate-level netlists based on machine learning | |
| US7844873B2 (en) | Fault location estimation system, fault location estimation method, and fault location estimation program for multiple faults in logic circuit | |
| US11087066B2 (en) | Static voltage drop (SIR) violation prediction systems and methods | |
| CN111209168A (en) | Log sequence anomaly detection framework based on nLSTM-self attention | |
| US11361248B2 (en) | Multi-stage machine learning-based chain diagnosis | |
| Kok et al. | Classification of Trojan nets based on SCOAP values using supervised learning | |
| CN111753290B (en) | Software type detection method and related equipment | |
| Yilmaz et al. | Adaptive multidimensional outlier analysis for analog and mixed signal circuits | |
| Kok et al. | Net classification based on testability and netlist structural features for hardware Trojan detection | |
| CN109657461B (en) | RTL hardware Trojan horse detection method based on gradient lifting algorithm | |
| US11600505B2 (en) | Systems and methods for systematic physical failure analysis (PFA) fault localization | |
| Yu et al. | Structural damage prognosis on truss bridges with end connector bolts | |
| Sharma et al. | A few shot learning based approach for hardware trojan detection using deep siamese cnn | |
| Qiu et al. | Detecting misclassification errors in neural networks with a gaussian process model | |
| CN116522334A (en) | RTL-level hardware Trojan detection method based on graph neural network and storage medium | |
| CN116956121A (en) | Hardware Trojan detection method and device based on deep neural network and multidimensional features | |
| Rematska et al. | A survey on reverse engineering of technical diagrams | |
| Sunil et al. | An effective approach for detecting acute lymphoblastic leukemia using deep convolutional neural networks | |
| US20180137270A1 (en) | Method and apparatus for non-intrusive program tracing for embedded computing systems | |
| CN111177713B (en) | XGBoost-based hardware Trojan detection method and device | |
| US12019971B2 (en) | Static voltage drop (SIR) violation prediction systems and methods | |
| US20230145002A1 (en) | Connecting adversarial attacks to neural network topography | |
| US20230214575A1 (en) | Static voltage drop (sir) violation prediction systems and methods | |
| US20230113750A1 (en) | Reinforcement learning based group testing | |
| US20240044973A1 (en) | Detecting a Function Section in a Representation of a Quantum Circuit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |