Generating adversarial examples for hardware-trojan detection at gate-level netlists

Kohei Nozawa*, Kento Hasegawa, Seira Hidano, Shinsaku Kiyomoto, Kazuo Hashimoto, Nozomu Togawa

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

6 Citations (Scopus)


Recently, the great demand for integrated circuits (ICs) drives third parties to be involved in IC design and manufacturing steps. At the same time, the threat of injecting a malicious circuit, called a hardware Trojan, by third parties has been increasing. Machine learning is one of the powerful solutions for detecting hardware Trojans. How-ever, a weakness of such a machine-learning-based classification method against adversarial examples (AEs) has been reported, which causes misclassification by adding perturbation in input samples. This paper firstly proposes a framework generating adversarial examples for hardware-Trojan detection at gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent ones, and makes it difficult to detect them. Secondly, we propose a Trojan-net concealment degree (TCD) and a modification evaluating value (MEV) as measures of the amount of modifications. Finally, based on the MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases the true positive rate (TPR) by a maximum of 30.15 points.

Original languageEnglish
Pages (from-to)236-246
Number of pages11
JournalJournal of information processing
Publication statusPublished - 2021


  • Adversarial example
  • Hardware Trojan
  • Logic gate
  • Machine learning
  • Netlist

ASJC Scopus subject areas

  • Computer Science(all)


Dive into the research topics of 'Generating adversarial examples for hardware-trojan detection at gate-level netlists'. Together they form a unique fingerprint.

Cite this