自适应优化的二元分类型硬件木马检测方法

Recently, because of the globalization of the semiconductor design and fabrication process as well as the widely use of third-party intellectual property cores (IP cores), integrated circuits (ICs) are becoming increasingly vulnerable to hardware Trojans (HTs). Hardware Trojan can make the IC malfunction, leak confidential information, or lead to other catastrophic consequences, thus has raised serious concerns from many critical communities. Most of the existing hardware Trojan detection works require golden chips to provide reference signals. However, obtaining a golden chip is extremely difficult. The golden chips are supposed to be either fabricated by a trusted foundry or verified to be Trojan-free through strict reverse engineering. Both methods are prohibitively expensive. In some scenarios, the golden chips even don't exist, e.g., if the mask is altered at the foundry. This paper proposes an adaptive optimization of two-class classification-based hardware Trojan detection method which can eliminate the need of fabricated golden chips. In the IC design time, it can be assumed that after thorough pre-silicon detection or under strict design process, the simulated IC of the original design is Trojan-free (golden netlist). This method is particularly suitable for detecting the Trojans which are inserted in the subsequent steps after design, such as the fabrication stage. First, we formulate the hardware Trojan detection problem into a two-class classification problem. Then, we train the classification algorithms using transient power of simulated ICs during IC design flow. The trained algorithms will then form a classifier which can automatically identify fabricated ICs as Trojan-free or Trojan-inserted during test-time. There are many representative types of classification algorithms. We formulate different algorithms and figure out which algorithm is more suitable for HT detection. The metrics accuracy, confusion matrix and recall are used for evaluation. We evaluate the performance of different algorithms against process variations, and present the suitable algorithm settings in the presence of high level of process variations. Moreover, considering there may be a shift which occurs between the IC design simulation and actual silicon fabrication which may cause reduced detection performance during practical post-silicon detection, we also propose several optimized methods to enhance the technique: (1) we analyze the misclassified ICs' numbers of a certain algorithm and present the matched algorithm-pairs to provide complementary detection performance; (2) we propose adaptive iterative optimization of one algorithm by focusing on errors, in which the weight-adjusting are based on how successful the algorithm was in the previous iteration; (3) since the cost of misclassification from Trojan-inserted to Trojan-free is larger than the cost of misclassification from Trojan-free to Trojan-inserted, we use a method of altering algorithms to take into account of the costs of making different hardware Trojan detection decisions, called cost-sensitive detection. The experiment results on ISCAS89 benchmark circuits show that, after optimization, the proposed approach can not only detect known Trojans, but also be able to detect various kinds of unknown Trojans with an accuracy and recall of more than 90%. Since we didn't add any extra circuit to the original design, there is no overhead of this approach.