ATTRITION: Attacking Static Hardware Trojan Detection Techniques Using
Reinforcement Learning
- URL: http://arxiv.org/abs/2208.12897v1
- Date: Fri, 26 Aug 2022 23:47:47 GMT
- Title: ATTRITION: Attacking Static Hardware Trojan Detection Techniques Using
Reinforcement Learning
- Authors: Vasudev Gohil, Hao Guo, Satwik Patnaik, Jeyavijayan (JV) Rajendran
- Abstract summary: We develop an automated, scalable, and practical attack framework, ATTRITION, using reinforcement learning (RL)
ATTRITION evades eight detection techniques across two HT detection categories, showcasing its behavior.
We demonstrate ATTRITION's ability to evade detection techniques by evaluating designs ranging from the widely-used academic suites to larger designs such as the open-source MIPS and mor1kx processors to AES and a GPS module.
- Score: 6.87143729255904
- License: http://creativecommons.org/licenses/by-sa/4.0/
- Abstract: Stealthy hardware Trojans (HTs) inserted during the fabrication of integrated
circuits can bypass the security of critical infrastructures. Although
researchers have proposed many techniques to detect HTs, several limitations
exist, including: (i) a low success rate, (ii) high algorithmic complexity, and
(iii) a large number of test patterns. Furthermore, the most pertinent drawback
of prior detection techniques stems from an incorrect evaluation methodology,
i.e., they assume that an adversary inserts HTs randomly. Such inappropriate
adversarial assumptions enable detection techniques to claim high HT detection
accuracy, leading to a "false sense of security." Unfortunately, to the best of
our knowledge, despite more than a decade of research on detecting HTs inserted
during fabrication, there have been no concerted efforts to perform a
systematic evaluation of HT detection techniques.
In this paper, we play the role of a realistic adversary and question the
efficacy of HT detection techniques by developing an automated, scalable, and
practical attack framework, ATTRITION, using reinforcement learning (RL).
ATTRITION evades eight detection techniques across two HT detection categories,
showcasing its agnostic behavior. ATTRITION achieves average attack success
rates of $47\times$ and $211\times$ compared to randomly inserted HTs against
state-of-the-art HT detection techniques. We demonstrate ATTRITION's ability to
evade detection techniques by evaluating designs ranging from the widely-used
academic suites to larger designs such as the open-source MIPS and mor1kx
processors to AES and a GPS module. Additionally, we showcase the impact of
ATTRITION-generated HTs through two case studies (privilege escalation and kill
switch) on the mor1kx processor. We envision that our work, along with our
released HT benchmarks and models, fosters the development of better HT
detection techniques.
Related papers
- TrojanForge: Generating Adversarial Hardware Trojan Examples with Reinforcement Learning [0.0]
Hardware Trojan problem can be thought of as a continuous game between attackers and defenders.
Machine Learning has recently played a key role in advancing HT research.
TrojanForge generates adversarial examples that defeat HT detectors.
arXiv Detail & Related papers (2024-05-24T03:37:32Z) - The Seeker's Dilemma: Realistic Formulation and Benchmarking for
Hardware Trojan Detection [0.0]
This work focuses on advancing security research in the hardware design space by formally defining the realistic problem of Hardware Trojan (HT) detection.
The goal is to model HT detection more closely to the real world, i.e., describing the problem as "The Seeker's Dilemma"
We create a benchmark that consists of a mixture of HT-free and HT-infected restructured circuits.
arXiv Detail & Related papers (2024-02-27T22:14:01Z) - Assaying on the Robustness of Zero-Shot Machine-Generated Text Detectors [57.7003399760813]
We explore advanced Large Language Models (LLMs) and their specialized variants, contributing to this field in several ways.
We uncover a significant correlation between topics and detection performance.
These investigations shed light on the adaptability and robustness of these detection methods across diverse topics.
arXiv Detail & Related papers (2023-12-20T10:53:53Z) - What to Remember: Self-Adaptive Continual Learning for Audio Deepfake
Detection [53.063161380423715]
Existing detection models have shown remarkable success in discriminating known deepfake audio, but struggle when encountering new attack types.
We propose a continual learning approach called Radian Weight Modification (RWM) for audio deepfake detection.
arXiv Detail & Related papers (2023-12-15T09:52:17Z) - DeMiST: Detection and Mitigation of Stealthy Analog Hardware Trojans [0.21301560294088315]
Capacitance-based Analog Hardware Trojan (AHT) is one of the stealthiest HT that can bypass most existing HT detection techniques.
We propose a novel way to detect such capacitance-based AHT in this paper.
arXiv Detail & Related papers (2023-10-06T03:45:41Z) - Trojan Playground: A Reinforcement Learning Framework for Hardware Trojan Insertion and Detection [0.0]
Current Hardware Trojan (HT) detection techniques are mostly developed based on a limited set of HT benchmarks.
We introduce the first automated Reinforcement Learning (RL) HT insertion and detection framework to address these shortcomings.
arXiv Detail & Related papers (2023-05-16T16:42:07Z) - Multi-criteria Hardware Trojan Detection: A Reinforcement Learning
Approach [0.0]
Hardware Trojans (HTs) can severely alter the security and functionality of digital integrated circuits.
This paper proposes a multi-criteria reinforcement learning (RL) HT detection tool that features a tunable reward function for different HT detection scenarios.
Our preliminary results show an average of 84.2% successful HT detection in ISCAS-85 benchmark.
arXiv Detail & Related papers (2023-04-26T01:40:55Z) - High Frequency EEG Artifact Detection with Uncertainty via Early Exit
Paradigm [70.50499513259322]
Current artifact detection pipelines are resource-hungry and rely heavily on hand-crafted features.
We propose E4G, a deep learning framework for high frequency EEG artifact detection.
Our framework exploits the early exit paradigm, building an implicit ensemble of models capable of capturing uncertainty.
arXiv Detail & Related papers (2021-07-21T07:05:42Z) - Distilling Image Classifiers in Object Detectors [81.63849985128527]
We study the case of object detection and, instead of following the standard detector-to-detector distillation approach, introduce a classifier-to-detector knowledge transfer framework.
In particular, we propose strategies to exploit the classification teacher to improve both the detector's recognition accuracy and localization performance.
arXiv Detail & Related papers (2021-06-09T16:50:10Z) - Signal Processing and Machine Learning Techniques for Terahertz Sensing:
An Overview [89.09270073549182]
Terahertz (THz) signal generation and radiation methods are shaping the future of wireless systems.
THz-specific signal processing techniques should complement this re-surged interest in THz sensing for efficient utilization of the THz band.
We present an overview of these techniques, with an emphasis on signal pre-processing.
We also address the effectiveness of deep learning techniques by exploring their promising sensing capabilities at the THz band.
arXiv Detail & Related papers (2021-04-09T01:38:34Z) - MimicDet: Bridging the Gap Between One-Stage and Two-Stage Object
Detection [65.74032877197844]
One-stage detectors are more efficient owing to straightforward architectures, but the two-stage detectors still take the lead in accuracy.
We propose MimicDet, a novel framework to train a one-stage detector by directly mimicking the two-stage features.
Mimic methods have a shared backbone for one-stage and two-stage detectors, then it branches into two heads which are well designed to have compatible features for mimicking.
arXiv Detail & Related papers (2020-09-24T07:36:58Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.