Third-Party Hardware IP Assurance against Trojans through Supervised Learning and Post-processing

• URL: http://arxiv.org/abs/2111.14956v1
• Date: Mon, 29 Nov 2021 21:04:53 GMT
• Title: Third-Party Hardware IP Assurance against Trojans through Supervised Learning and Post-processing
• Authors: Pravin Gaikwad, Jonathan Cruz, Prabuddha Chakraborty, Swarup Bhunia, Tamzidul Hoque
• Abstract summary: VIPR is a systematic machine learning (ML) based trust verification solution for 3PIPs. We present a comprehensive framework, associated algorithms, and a tool flow for obtaining an optimal set of features. The proposed post-processing algorithms reduce false positives by up to 92.85%.
• Score: 3.389624476049805
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: System-on-chip (SoC) developers increasingly rely on pre-verified hardware intellectual property (IP) blocks acquired from untrusted third-party vendors. These IPs might contain hidden malicious functionalities or hardware Trojans to compromise the security of the fabricated SoCs. Recently, supervised machine learning (ML) techniques have shown promising capability in identifying nets of potential Trojans in third party IPs (3PIPs). However, they bring several major challenges. First, they do not guide us to an optimal choice of features that reliably covers diverse classes of Trojans. Second, they require multiple Trojan-free/trusted designs to insert known Trojans and generate a trained model. Even if a set of trusted designs are available for training, the suspect IP could be inherently very different from the set of trusted designs, which may negatively impact the verification outcome. Third, these techniques only identify a set of suspect Trojan nets that require manual intervention to understand the potential threat. In this paper, we present VIPR, a systematic machine learning (ML) based trust verification solution for 3PIPs that eliminates the need for trusted designs for training. We present a comprehensive framework, associated algorithms, and a tool flow for obtaining an optimal set of features, training a targeted machine learning model, detecting suspect nets, and identifying Trojan circuitry from the suspect nets. We evaluate the framework on several Trust-Hub Trojan benchmarks and provide a comparative analysis of detection performance across different trained models, selection of features, and post-processing techniques. The proposed post-processing algorithms reduce false positives by up to 92.85%.

Related papers

• Uncertainty-Aware Hardware Trojan Detection Using Multimodal Deep Learning [3.118371710802894]
  The risk of hardware Trojans being inserted at various stages of chip production has increased in a zero-trust fabless era. We propose a multimodal deep learning approach to detect hardware Trojans and evaluate the results from both early fusion and late fusion strategies.
  arXiv  Detail & Related papers  (2024-01-15T05:45:51Z)
• Design for Assurance: Employing Functional Verification Tools for Thwarting Hardware Trojan Threat in 3PIPs [13.216074408064117]
  Third-party intellectual property cores are essential building blocks of modern system-on-chip and integrated circuit designs. These design components usually come from vendors of different trust levels and may contain undocumented design functionality. We develop a method for identifying and preventing hardware Trojans, employing functional verification tools and languages familiar to hardware designers.
  arXiv  Detail & Related papers  (2023-11-21T03:32:07Z)
• Risk-Aware and Explainable Framework for Ensuring Guaranteed Coverage in Evolving Hardware Trojan Detection [2.6396287656676733]
  In high-risk and sensitive domain, we cannot accept even a small misclassification. In this paper, we generate evolving hardware Trojans using our proposed novel conformalized generative adversarial networks. The proposed approach has been validated on both synthetic and real chip-level benchmarks.
  arXiv  Detail & Related papers  (2023-10-14T03:30:21Z)
• TrojanNet: Detecting Trojans in Quantum Circuits using Machine Learning [5.444459446244819]
  TrojanNet is a novel approach to enhance the security of quantum circuits by detecting and classifying Trojan-inserted circuits. We generate 12 diverse datasets by introducing variations in Trojan gate types, the number of gates, insertion locations, and compilers. Experimental results showcase an average accuracy of 98.80% and an average F1-score of 98.53% in effectively detecting and classifying Trojan-inserted QAOA circuits.
  arXiv  Detail & Related papers  (2023-06-29T05:56:05Z)
• Game of Trojans: A Submodular Byzantine Approach [9.512062990461212]
  We provide an analytical characterization of adversarial capability and strategic interactions between the adversary and detection mechanism. We propose a Submodular Trojan algorithm to determine the minimal fraction of samples to inject a Trojan trigger. We show that the adversary wins the game with probability one, thus bypassing detection.
  arXiv  Detail & Related papers  (2022-07-13T03:12:26Z)
• Quarantine: Sparsity Can Uncover the Trojan Attack Trigger for Free [126.15842954405929]
  Trojan attacks threaten deep neural networks (DNNs) by poisoning them to behave normally on most samples, yet to produce manipulated results for inputs attached with a trigger. We propose a novel Trojan network detection regime: first locating a "winning Trojan lottery ticket" which preserves nearly full Trojan information yet only chance-level performance on clean inputs; then recovering the trigger embedded in this already isolated subnetwork.
  arXiv  Detail & Related papers  (2022-05-24T06:33:31Z)
• Practical Detection of Trojan Neural Networks: Data-Limited and Data-Free Cases [87.69818690239627]
  We study the problem of the Trojan network (TrojanNet) detection in the data-scarce regime. We propose a data-limited TrojanNet detector (TND), when only a few data samples are available for TrojanNet detection. In addition, we propose a data-free TND, which can detect a TrojanNet without accessing any data samples.
  arXiv  Detail & Related papers  (2020-07-31T02:00:38Z)
• Cassandra: Detecting Trojaned Networks from Adversarial Perturbations [92.43879594465422]
  In many cases, pre-trained models are sourced from vendors who may have disrupted the training pipeline to insert Trojan behaviors into the models. We propose a method to verify if a pre-trained model is Trojaned or benign. Our method captures fingerprints of neural networks in the form of adversarial perturbations learned from the network gradients.
  arXiv  Detail & Related papers  (2020-07-28T19:00:40Z)
• Odyssey: Creation, Analysis and Detection of Trojan Models [91.13959405645959]
  Trojan attacks interfere with the training pipeline by inserting triggers into some of the training samples and trains the model to act maliciously only for samples that contain the trigger. Existing Trojan detectors make strong assumptions about the types of triggers and attacks. We propose a detector that is based on the analysis of the intrinsic properties; that are affected due to the Trojaning process.
  arXiv  Detail & Related papers  (2020-07-16T06:55:00Z)
• An Embarrassingly Simple Approach for Trojan Attack in Deep Neural Networks [59.42357806777537]
  trojan attack aims to attack deployed deep neural networks (DNNs) relying on hidden trigger patterns inserted by hackers. We propose a training-free attack approach which is different from previous work, in which trojaned behaviors are injected by retraining model on a poisoned dataset. The proposed TrojanNet has several nice properties including (1) it activates by tiny trigger patterns and keeps silent for other signals, (2) it is model-agnostic and could be injected into most DNNs, dramatically expanding its attack scenarios, and (3) the training-free mechanism saves massive training efforts compared to conventional trojan attack methods.
  arXiv  Detail & Related papers  (2020-06-15T04:58:28Z)
• Scalable Backdoor Detection in Neural Networks [61.39635364047679]
  Deep learning models are vulnerable to Trojan attacks, where an attacker can install a backdoor during training time to make the resultant model misidentify samples contaminated with a small trigger patch. We propose a novel trigger reverse-engineering based approach whose computational complexity does not scale with the number of labels, and is based on a measure that is both interpretable and universal across different network and patch types. In experiments, we observe that our method achieves a perfect score in separating Trojaned models from pure models, which is an improvement over the current state-of-the art method.
  arXiv  Detail & Related papers  (2020-06-10T04:12:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.