Hardware IP Assurance against Trojan Attacks with Machine Learning and Post-processing

Abstract

System-on-chip (SoC) developers increasingly rely on pre-verified hardware intellectual property (IP) blocks often acquired from untrusted third-party vendors. These IPs might contain hidden malicious functionalities or hardware Trojans that may compromise the security of the fabricated SoCs. Lack of golden or reference models and vast possible Trojan attack space form some of the major barriers in detecting hardware Trojans in these third-party IP (3PIP) blocks. Recently, supervised machine learning (ML) techniques have shown promising capability in identifying nets of potential Trojans in 3PIPs without the need for golden models. However, they bring several major challenges. First, they do not guide us to an optimal choice of features that reliably covers diverse classes of Trojans. Second, they require multiple Trojan-free/trusted designs to insert known Trojans and generate a trained model. Even if a set of trusted designs are available for training, the suspect IP can have an inherently very different structure from the set of trusted designs, which may negatively impact the verification outcome. Third, these techniques only identify a set of suspect Trojan nets that require manual intervention to understand the potential threat. In this article, we present VIPR, a systematic machine learning (ML)-based trust verification solution for 3PIPs that eliminates the need for trusted designs for training. We present a comprehensive framework, associated algorithms, and a tool flow for obtaining an optimal set of features, training a targeted machine learning model, detecting suspect nets, and identifying Trojan circuitry from the suspect nets. We evaluate the framework on several Trust-Hub Trojan benchmarks and provide a comparative analysis of detection performance across different trained models, selection of features, and post-processing techniques. We demonstrate promising Trojan detection accuracy for VIPR with up to 92.85% reduction in false positives by the proposed post-processing algorithm.