Adversarial examples for hardware-trojan detection at gate-level netlists

Kohei Nozawa; Kento Hasegawa; Seira Hidano; Shinsaku Kiyomoto; Kazuo Hashimoto; Nozomu Togawa

doi:10.1007/978-3-030-42048-2_22

Adversarial examples for hardware-trojan detection at gate-level netlists

Kohei Nozawa^*, Kento Hasegawa, Seira Hidano, Shinsaku Kiyomoto, Kazuo Hashimoto, Nozomu Togawa

^*この研究の対応する著者

研究成果: Conference contribution

3 被引用数 (Scopus)

抄録

Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the threat of injecting a malicious circuit, called a hardware Trojan, by third party has been increasing. Machine learning has been known to produce a powerful model to detect hardware Trojans. But it is recently reported that such a machine learning based detection is weak against adversarial examples (AEs), which cause misclassification by adding perturbation in input data. Referring to the existing studies on adversarial examples, most of which are discussed in the field of image processing, this paper first proposes a framework generating adversarial examples for hardware-Trojan detection for gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent circuits, and makes it difficult to detect them. Second, we define Trojan-net concealment degree (TCD) as a possibility of misclassification, and modification evaluating value (MEV) as a measure of the amount of modifications. Third, judging from MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases true positive rate (TPR) by at most 30.15 points.

本文言語	English
ホスト出版物のタイトル	Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers
編集者	Sokratis Katsikas, Sokratis Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Stefanos Gritzalis, Christos Kalloniatis, John Mylopoulos, Annie Antón, Frank Pallas, Jörg Pohle, Angela Sasse, Weizhi Meng, Steven Furnell, Joaquin Garcia-Alfaro
出版社	Springer
ページ	341-359
ページ数	19
ISBN（印刷版）	9783030420475
DOI	https://doi.org/10.1007/978-3-030-42048-2_22
出版ステータス	Published - 2020
イベント	5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the 3rd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the 1st International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the 2nd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019 - Luxembourg City, Luxembourg 継続期間: 2019 9月 26 → 2019 9月 27

出版物シリーズ

名前	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
巻	11980 LNCS
ISSN（印刷版）	0302-9743
ISSN（電子版）	1611-3349

Conference

Conference	5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the 3rd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the 1st International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the 2nd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019
国/地域	Luxembourg
City	Luxembourg City
Period	19/9/26 → 19/9/27

ASJC Scopus subject areas

理論的コンピュータサイエンス
コンピュータサイエンス（全般）

文献へのアクセス

10.1007/978-3-030-42048-2_22

他のファイルとリンク

引用スタイル

Nozawa, K., Hasegawa, K., Hidano, S., Kiyomoto, S., Hashimoto, K., & Togawa, N. (2020). Adversarial examples for hardware-trojan detection at gate-level netlists. In S. Katsikas, S. Katsikas, F. Cuppens, N. Cuppens, C. Lambrinoudakis, S. Gritzalis, C. Kalloniatis, J. Mylopoulos, A. Antón, F. Pallas, J. Pohle, A. Sasse, W. Meng, S. Furnell, & J. Garcia-Alfaro (Eds.), Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers (pp. 341-359). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11980 LNCS). Springer. https://doi.org/10.1007/978-3-030-42048-2_22

Adversarial examples for hardware-trojan detection at gate-level netlists. / Nozawa, Kohei; Hasegawa, Kento; Hidano, Seira その他.
Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers. ed. / Sokratis Katsikas; Sokratis Katsikas; Frédéric Cuppens; Nora Cuppens; Costas Lambrinoudakis; Stefanos Gritzalis; Christos Kalloniatis; John Mylopoulos; Annie Antón; Frank Pallas; Jörg Pohle; Angela Sasse; Weizhi Meng; Steven Furnell; Joaquin Garcia-Alfaro. Springer, 2020. p. 341-359 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11980 LNCS).

研究成果: Conference contribution

Nozawa, K, Hasegawa, K, Hidano, S, Kiyomoto, S, Hashimoto, K & Togawa, N 2020, Adversarial examples for hardware-trojan detection at gate-level netlists. in S Katsikas, S Katsikas, F Cuppens, N Cuppens, C Lambrinoudakis, S Gritzalis, C Kalloniatis, J Mylopoulos, A Antón, F Pallas, J Pohle, A Sasse, W Meng, S Furnell & J Garcia-Alfaro (eds), Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11980 LNCS, Springer, pp. 341-359, 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the 3rd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the 1st International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the 2nd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019, Luxembourg City, Luxembourg, 19/9/26. https://doi.org/10.1007/978-3-030-42048-2_22

Nozawa K, Hasegawa K, Hidano S, Kiyomoto S, Hashimoto K , Togawa N. Adversarial examples for hardware-trojan detection at gate-level netlists. In Katsikas S, Katsikas S, Cuppens F, Cuppens N, Lambrinoudakis C, Gritzalis S, Kalloniatis C, Mylopoulos J, Antón A, Pallas F, Pohle J, Sasse A, Meng W, Furnell S, Garcia-Alfaro J, editors, Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers. Springer. 2020. p. 341-359. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-42048-2_22

Nozawa, Kohei ; Hasegawa, Kento ; Hidano, Seira その他. / Adversarial examples for hardware-trojan detection at gate-level netlists. Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers. editor / Sokratis Katsikas ; Sokratis Katsikas ; Frédéric Cuppens ; Nora Cuppens ; Costas Lambrinoudakis ; Stefanos Gritzalis ; Christos Kalloniatis ; John Mylopoulos ; Annie Antón ; Frank Pallas ; Jörg Pohle ; Angela Sasse ; Weizhi Meng ; Steven Furnell ; Joaquin Garcia-Alfaro. Springer, 2020. pp. 341-359 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{1b00eca6d6b1417b9360554a1bc95155,

title = "Adversarial examples for hardware-trojan detection at gate-level netlists",

abstract = "Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the threat of injecting a malicious circuit, called a hardware Trojan, by third party has been increasing. Machine learning has been known to produce a powerful model to detect hardware Trojans. But it is recently reported that such a machine learning based detection is weak against adversarial examples (AEs), which cause misclassification by adding perturbation in input data. Referring to the existing studies on adversarial examples, most of which are discussed in the field of image processing, this paper first proposes a framework generating adversarial examples for hardware-Trojan detection for gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent circuits, and makes it difficult to detect them. Second, we define Trojan-net concealment degree (TCD) as a possibility of misclassification, and modification evaluating value (MEV) as a measure of the amount of modifications. Third, judging from MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases true positive rate (TPR) by at most 30.15 points.",

keywords = "Adversarial example, Hardware trojan, Logic gate, Machine learning, Netlist",

author = "Kohei Nozawa and Kento Hasegawa and Seira Hidano and Shinsaku Kiyomoto and Kazuo Hashimoto and Nozomu Togawa",

note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2020.; 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the 3rd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the 1st International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the 2nd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019 ; Conference date: 26-09-2019 Through 27-09-2019",

year = "2020",

doi = "10.1007/978-3-030-42048-2_22",

language = "English",

isbn = "9783030420475",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "341--359",

editor = "Sokratis Katsikas and Sokratis Katsikas and Fr{\'e}d{\'e}ric Cuppens and Nora Cuppens and Costas Lambrinoudakis and Stefanos Gritzalis and Christos Kalloniatis and John Mylopoulos and Annie Ant{\'o}n and Frank Pallas and J{\"o}rg Pohle and Angela Sasse and Weizhi Meng and Steven Furnell and Joaquin Garcia-Alfaro",

booktitle = "Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers",

}

TY - GEN

T1 - Adversarial examples for hardware-trojan detection at gate-level netlists

AU - Nozawa, Kohei

AU - Hasegawa, Kento

AU - Hidano, Seira

AU - Kiyomoto, Shinsaku

AU - Hashimoto, Kazuo

AU - Togawa, Nozomu

N1 - Publisher Copyright: © Springer Nature Switzerland AG 2020.

PY - 2020

Y1 - 2020

N2 - Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the threat of injecting a malicious circuit, called a hardware Trojan, by third party has been increasing. Machine learning has been known to produce a powerful model to detect hardware Trojans. But it is recently reported that such a machine learning based detection is weak against adversarial examples (AEs), which cause misclassification by adding perturbation in input data. Referring to the existing studies on adversarial examples, most of which are discussed in the field of image processing, this paper first proposes a framework generating adversarial examples for hardware-Trojan detection for gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent circuits, and makes it difficult to detect them. Second, we define Trojan-net concealment degree (TCD) as a possibility of misclassification, and modification evaluating value (MEV) as a measure of the amount of modifications. Third, judging from MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases true positive rate (TPR) by at most 30.15 points.

AB - Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the threat of injecting a malicious circuit, called a hardware Trojan, by third party has been increasing. Machine learning has been known to produce a powerful model to detect hardware Trojans. But it is recently reported that such a machine learning based detection is weak against adversarial examples (AEs), which cause misclassification by adding perturbation in input data. Referring to the existing studies on adversarial examples, most of which are discussed in the field of image processing, this paper first proposes a framework generating adversarial examples for hardware-Trojan detection for gate-level netlists utilizing neural networks. The proposed framework replaces hardware Trojan circuits with logically equivalent circuits, and makes it difficult to detect them. Second, we define Trojan-net concealment degree (TCD) as a possibility of misclassification, and modification evaluating value (MEV) as a measure of the amount of modifications. Third, judging from MEV, we pick up adversarial modification patterns to apply to the circuits against hardware-Trojan detection. The experimental results using benchmarks demonstrate that the proposed framework successfully decreases true positive rate (TPR) by at most 30.15 points.

KW - Adversarial example

KW - Hardware trojan

KW - Logic gate

KW - Machine learning

KW - Netlist

UR - http://www.scopus.com/inward/record.url?scp=85081542853&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85081542853&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-42048-2_22

DO - 10.1007/978-3-030-42048-2_22

M3 - Conference contribution

AN - SCOPUS:85081542853

SN - 9783030420475

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 341

EP - 359

BT - Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers

A2 - Katsikas, Sokratis

A2 - Cuppens, Frédéric

A2 - Cuppens, Nora

A2 - Lambrinoudakis, Costas

A2 - Gritzalis, Stefanos

A2 - Kalloniatis, Christos

A2 - Mylopoulos, John

A2 - Antón, Annie

A2 - Pallas, Frank

A2 - Pohle, Jörg

A2 - Sasse, Angela

A2 - Meng, Weizhi

A2 - Furnell, Steven

A2 - Garcia-Alfaro, Joaquin

PB - Springer

T2 - 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the 3rd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the 1st International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the 2nd International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019

Y2 - 26 September 2019 through 27 September 2019

ER -

Adversarial examples for hardware-trojan detection at gate-level netlists

抄録

出版物シリーズ

Conference

ASJC Scopus subject areas

文献へのアクセス

他のファイルとリンク

フィンガープリント

引用スタイル