2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th
IEEE International Conference On Big Data Science And Engineering
Hardware Trojan Detection Utilizing
Machine Learning Approaches
Kento Hasegawa∗ , Youhua Shi∗ , Nozomu Togawa∗
∗ Schoolof Fundamental Science and Engineering, Waseda University
Email: {kento.hasegawa, togawa}@togawa.cs.waseda.ac.jp, youhua.shi@islab.cs.waseda.ac.jp
Abstract—Hardware security has become a serious concern in
recent years. Due to the outsourcing in hardware production,
malicious circuits (or hardware Trojans) can be easily inserted
into hardware products by attackers. Since hardware Trojans
are tiny and stealthy, their detection is difficult. Under the
circumstances, numerous hardware-Trojan detection methods
have been proposed. In this paper, we elaborate the overview
of hardware-Trojan detection and review the hardware-Trojan
detection methods using machine learning which is one of the
state-of-the-art approaches.
I. I NTRODUCTION
In recent years, low-cost and high-volume electric de-
vices have widely been used in daily life. The Internet of
Things (IoT) and smart home devices have attracted people’s
attention, and numerous products are developed by leading
companies and start-up companies. For example, smart speak-
ers become very popular in these days. In order to keep up
with the growing demand for those devices and globalization
of hardware production, hardware vendors often outsource sev-
eral parts of their design and/or fabrication processes. Under
the circumstances, insertion of malicious circuits (or hardware
Trojans) has become a critical issue in hardware production.
Hardware Trojans may leak internal information, decrease
reliability of hardware products, and/or disable functions. As
IoT products and smart home devices are developed more and
more, we have to consider our privacy and security. How to
address the threat of hardware Trojans has become a critical
issue.
There are several steps in hardware production [3], [13], and
each step faces the threats of hardware-Trojan insertion [6].
The hardware production steps are roughly categorized into
two steps: the design step and the fabrication step. Fig. 1
shows the typical hardware production steps. In the design
step, a hardware vendor designs an integrated chip (IC)
often cooperating with third-party design teams using third-
party intellectual properties (IPs). Since hardware description
languages are often used in the IC design step, malicious
third-party vendors can easily insert hardware Trojans into the
design data. After the design is finished, the logic synthesis is
performed using third-party tools. The third-party tools may
also become the risk of hardware Trojan. In the fabrication
step, the parameters of manufacturing equipments may be
modified by attackers and they may insert malicious circuits
physically into the products. In general, insertion in the design
step is more worrisome compared to in the fabrication step
2324-9013/18/31.00 ©2018 IEEE
DOI 10.1109/TrustCom/BigDataSE.2018.00287
8QWUXVWHG,3YHQGRU
8QWUXVWHGIDEV
8QWUXVWHGWRROV
'HVLJQ )DEULFDWLRQ ,&SURGXFWV
Fig. 1: The typical hardware production steps.
because it is easy to modify design data. In fact, hardware-
Trojan insertion in the fabrication step can be difficult because
it requires special knowledge of manufacturing equipments,
and attackers must modify the products physically. On the
other hand, in the design step, attackers can modify the
design on their computer, often through the Internet, therefore
hardware-Trojan insertion is easy for attackers. Note that
verifications and tests are performed to check whether the
products correctly work or not, but the purpose of them is not
for the enhancement of security, but for ensuring the correct
operation. How to detect hardware Trojans inserted in the
design step is a serious concern for IC production.
In this paper, we focus on hardware-Trojan detection, espe-
cially in the design step. To begin with, we will explain the
characteristics of hardware Trojans and clarify the problems.
In order to deal with the problem, several hardware-Trojan
detection methods have been proposed by many hardware-
security researchers. We will introduce several approaches
for hardware-Trojan detection. After that we will elaborate a
machine-learning-based hardware-Trojan detection approach,
which is one of the state-of-the-art approaches for hardware-
Trojan detection. Finally, we will conclude this paper and give
future directions for hardware-Trojan detection.
The rest of this paper is organized as follows: Section II
elaborates the characteristics of hardware Trojans and shows
the taxonomy of hardware-Trojan detection approaches in the
design step; Section III reviews several machine-learning-
based hardware-Trojan detection methods; Section IV gives
future directions and concluding remarks for hardware-Trojan
detection.
II. OVERVIEW OF HARDWARE T ROJANS AND THEIR
DETECTION
In this section, we elaborate the characteristic of hardware
Trojans and their detection approaches.
1891
 1RUPDOFLUFXLW
7ULJJHULQSXW 7URMDQLQIHFWHGVLJQDOV
7ULJJHU 3D\ORDG 7URMDQ
FLUFXLW FLUFXLW SD\ORDG
7ULJJHUVLJQDO
7URMDQFLUFXLW
Fig. 2: The typical structure of a hardware Trojan.
A. Characteristics of hardware Trojans
Once a hardware Trojan is inserted into an IC design, its
detection is difficult because of their stealthiness. Fig. 2 shows
the typical structure of a hardware Trojan which is inserted
in the design step. A hardware-Trojan circuit often consists
of two parts: a trigger circuit and a payload circuit. The
trigger circuit judges whether the condition for the Trojan
payload is satisfied or not using the trigger inputs and/or
internal states of the circuit. The payload circuit works for the
malfunction such as leakage of information or downgrading
the performance of the circuit using internal signals. The
payload circuit sometimes tampers internal signals in the
normal circuit, and the tampered signals are often propagated
to the primary output of the circuit.
From the viewpoint of the trigger circuit, the design-
time hardware Trojans can be classified into two types: the
always-on type and the condition-based type [3], [14]. As the
name suggests, the always-on Trojan is always active, while
the condition-based Trojan is only activated under a certain
condition. In case of the always-on type, the trigger circuit
and trigger inputs are not inserted. Most always-on Trojans
intend to increase power consumption or redundant process,
and consequently they lead to fault or gradually degrading
the quality of products. Their effect to the normal circuit in
a time is tiny, and therefore their detection is difficult. The
condition-based type can be further divided into two types: the
combinational-based type and the sequential-based type [4].
The combinational-based Trojan has very rare condition, and
its payload is activated only when the condition is satisfied.
The sequential-based Trojan has a sequential circuit such as a
counter or a state machine, and thus the Trojans of this type
have complex conditions. For example of the sequential-based
Trojan, the malfunction is activated when the counter reaches
the particular range of counts. As mentioned above, since
condition-based Trojans have very rare trigger conditions, the
payloads are rarely activated. The rare trigger condition is one
of the reasons why hardware-Trojan detection is difficult, and
why existing verification and test methods cannot be applied
to hardware-Trojan detection.
The payload circuit can be also classified into several
categories: the information-leakage type, the denial-of-service
type, the functional modification type, and downgrading-
performance type [10]. The information-leakage Trojans read
1892
the internal signals or data such as a secret key for crypto-
graphic circuit and an internal state which should be hidden,
and transmit it to the outside of the circuit. The denial-of-
service Trojans turn the functions off in normal circuits such
as encryption or other critical functions. The functional modi-
fication Trojans change the functionality in normal circuits.
The downgrading-performance Trojans consume redundant
power or flow abnormal current which degrades the quality
of circuits. What is common among those types is that the
payload circuit can be designed in a small scale. For example
of the information-leakage type, the payload circuit obtains
internal data from the normal circuit, and transmits them to
several outputs or wires where the original signals are disabled
by multiplexers.
As discussed above, hardware Trojans can be classified into
several categories in terms of their triggers and payloads. The
common point of a hardware Trojan is that the Trojan circuit
is very small and it has a slight effect to the normal circuit in
the long run. In order to deal with the challenge of detecting
hardware Trojans, hardware-Trojan detection methods have
been proposed in a few years. The following subsection
introduces their approaches, categorizes them, and clarifies
their strong and weak points.
B. Taxonomy of hardware-Trojan detection approaches
In order to defeat hardware Trojans, many detection ap-
proaches have been proposed in recent years. In this subsec-
tion, we categorize those detection approaches and show their
strong and weak points.
Fig. 3 shows the categories of hardware-Trojan detection
approaches. First of all, hardware-Trojan detection approaches
can be classified into two types: the destructive type and
the non-destructive type. The destructive approaches are per-
formed after the fabrication step. In the destructive approach,
the die of an IC is removed from the package, and the
internal structure is physically investigated using scanning
electron microscope (SEM) and other optical methods. This
approach can detect physically inserted hardware Trojans such
as modification of wiring thickness and removal of metals,
which are carried out in the fabrication step. In [2], one of
the destructive-based hardware-Trojan detection methods has
been proposed. Based on the SEM image of the sample IC, the
support-vector-machine (SVM) and the K-means algorithms
are applied to the features obtained from the SEM image. This
approach achieves high accuracy, however, it has a problem
that this approach cannot investigate all the products. Since
this approach destructs a sample IC, the investigated sample
IC can no longer be used. Even if a sample IC passes this
detection approach, it does not ensure that all the ICs are
Trojan-free. Other ICs may be infected by hardware Trojans.
Though the destructive approach can physically check the
samples, destruction itself is a problem.
On the other hand, the non-destructive type is opposite
to the destructive type in the point that this approach does
not destruct ICs. The non-destructive approaches can be fur-
ther classified into three types: the IP-verification type, the
 +DUGZDUH7URMDQ
GHWHFWLRQDSSURDFKHV
'HVWUXFWLYH 1RQGHVWUXFWLYH
/RJLFWHVWLQJ
6LGHFKDQQHO
,3YHULILFDWLRQ
DQDO\VLV
3UHVLOLFRQ 3RVWVLOLFRQ
Fig. 3: The taxonomy of hardware-Trojan detection ap-
proaches.
logic-testing type, and the side-channel-analysis type. The IP-
verification approaches are performed before the fabrication,
whereas the other approaches are performed during or after
the fabrication.
Here we focus on the post-silicon approaches: the logic-
testing approach and the side-channel-analysis approach. The
logic-testing approaches can be applied to the hardware de-
sign and/or post-silicon products. MERO [5] is one of the
logic-testing approaches. It proposes a test-pattern generation
method which efficiently finds out the trigger condition in
hardware Trojans. This method reduces the test length by 85%
on average over random pattern tests, but logic test cannot
cover all the input patterns, much less all the internal states.
The other post-silicon approach, the side-channel-analysis
approach analyzes side-channel information such as power
consumption and/or electromagnetic (EM) radiations. Power
analysis can be performed on simulation, so that the side-
channel-analysis approach can be done in pre-silicon. In [1],
a hardware Trojan detection method using power trace is
proposed, where Trojan-infected RSA cryptographic circuits
can be successfully detected by comparing power traces of
the circuits to those of Golden circuits (which are Trojan-free
circuits). However, it is definitely difficult to obtain the Golden
circuit. The paper [11] proposes a Golden chip-free hardware-
Trojan detection method where side channel fingerprints ob-
tained from multiple samples are statistically analyzed. This
method overcomes the weakness of the previous methods,
however, it assumed that most of the samples are Trojan-free
circuits. In other words, when all of the samples are Trojan-
infected, this method cannot be applied. Summarizing the dis-
cussions above, post-silicon approaches can detect physically-
inserted hardware Trojans, and several approaches can also
be applied to the IC designs using simulation tools, whereas
taking much time or ensuring Golden chips still remains as an
issue.
Next to the post-silicon approaches, we focus on the
pre-silicon approach, the IP-verification approach. The IP-
verification approaches generally investigate the IC design
written in hardware description languages. FANCI [15] is one
of the IP-verification methods. In [15], a metric called control
1893
value is introduced and suspicious wires are flagged based
on the control value. This method achieved good results, but
several false positives (that is, mistakenly identifying normal
to be Trojan) are found. In order to overcome this problem,
Trojan-feature-based hardware Trojan detection method is
proposed [12]. This method can detect all the Trojans in the
investigated benchmarks, but the problem of this method is
that it is too specific to the referenced benchmarks.
C. Towards machine-learning approaches
As discussed above, hardware-Trojan detection approaches
can be classified into several types. In this paper, we focus
on the design-step detection, in other words, on the IP-
verification approaches at the pre-silicon step. As discussed in
Section II-A, hardware-Trojan detection is difficult because of
their stealthiness. We believe that detecting hardware Trojans
as early as possible should be the most important. In order to
detect the hardware Trojans inserted in the design stage, the
IP-verification approach is effective to address the issue. As
in the aforementioned discussion, the IP-verification approach
analyzes the hardware design written in hardware description
languages. This approach takes advantages from the viewpoint
of the ability to detect hardware Trojans in the early stage.
However, how to find out the tiny Trojan circuit from the
huge hardware design is an issue to be considered.
In order to tackle the problem, we have proposed machine-
learning-based hardware-Trojan detection approaches. As de-
scribed in [12], hardware-Trojan circuits have specific features
since they often have rare-trigger conditions or typical payload
circuits. However, this method is too specific to the bench-
marks. If we can apply machine learning to extract and learn
the features of hardware Trojans, we expect that the hardware-
Trojan detection can be efficiently performed. Therefore, we
have applied machine learning to hardware-Trojan detection.
The following section elaborates the machine-learning-based
hardware-Trojan detection methods.
III. M ACHINE - LEARNING - BASED HARDWARE -T ROJAN
DETECTION APPROACHES
In this section, we elaborate the machine-learning-based
hardware-Trojan detection methods proposed in [7] and [9].
A. Overview of machine-learning-based hardware-Trojan de-
tection
Machine-learning-based hardware-Trojan detection ap-
proach contains two phases: the learning phase and the classifi-
cation phase. Fig. 4 depicts the overview of machine-learning-
based hardware-Trojan detection.
Learning phase:
The learning phase is carried out before detection. In the learn-
ing phase, the known netlists, where we have already known
which net is a Trojan one or not, are used to learn Trojan
features which describe the characteristics of Trojans well.
Based on the known netlists, a machine learning algorithm
learns Trojan features. As a result of machine learning, we
can obtain the learned model.
 /HDUQLQJSKDVH &ODVVLILFDWLRQSKDVH QG
/6/*

7URMDQLQIHFWHG RUPRUH VW


QHWOLVW 6DPSOHQHWOLVW LQSXWV /6/*

RU ' 4
QG
/6/*
)OLSIORS
41
2WKHU
)HDWXUHH[WUDFWLRQ )HDWXUHH[WUDFWLRQ FHOOV

/HDUQHGPRGHO
&DVH &DVH
0DFKLQHOHDUQLQJ &ODVVLILFDWLRQ
Fig. 5: The examples of Trojan-net features proposed in [12].

&ODVVLILFDWLRQUHVXOWV
7URMDQRUQRWIRUHDFKQHW
Fig. 4: The overview of machine-learning-based hardware-
Trojan detection approach.
Classification phase:
The classification phase is carried out to obtain the classifica-
tion results which describe whether the net is a Trojan or not
using the learned model in the learning phase. To begin with,
the unknown netlists, where we do not know which net is a
Trojan one or not, are given and we extract the features from
them. After we extract the features, we classify the nets into
a set of Trojan ones and that of normal ones.
Using the machine-learning-based hardware-Trojan detec-
tion approaches, we can classify the nets in a given netlist
into a set of normal nets and that of Trojan nets. The next
subsection elaborates the feature extraction step, and how
to learn and classify the extracted features using machine
learning algorithms.
B. Future extraction
For machine learning, how to extract the features of hard-
ware Trojans is a major problem. A hardware design is
described in hardware description languages. By analyzing
it, we can obtain the structure of the designed hardware.
However, existing machine-learning algorithms cannot directly
learn the structure of a circuit or a graph, therefore we have
to extract feature values from the structure. Using extracted
feature values, we construct n-dimensional feature vectors
which contain n feature values, and then we can apply it to
the machine learning algorithm. The features which represent
the characteristics of hardware-Trojan circuits well will lead
to good classification results, whereas redundant features are
insufficient to classify and also lead to taking much time and
many computational resources.
In [12], a score-based hardware-Trojan detection method has
been proposed, which is one of the IP-verification methods.
This paper carefully analyzes several hardware-Trojan bench-
marks published on [16], and it proposes nine features which
represent Trojan nets well. Fig. 5 shows two examples of the
Trojan-net features proposed in [12]. The bold nets in this
figure show the Trojan nets. The ‘Case 1’ in Fig. 5 shows
the combinational-based trigger circuit, where ‘LSLG’ refers
1894
1HW݊/*)L ))L ))R 3, DQG32 
/*)L
3ULPDU\ LQSXW
3ULPDU\ RXWSXW
)OLSIORS )OLSIORS
$ %
Fig. 6: The example of the five Trojan features: LGFi, FFi,
FFo, PI, and PO.
to either AND, NAND, OR, or NOR gate. The ‘Case 6’ in
Fig. 5 shows a part of the sequential-based trigger circuit.
However, the extracted features in [12] are too specific to the
referenced benchmarks in the paper.
Based on the features extracted in [12], a machine-learning-
based hardware-Trojan classification method is proposed [7].
In the paper, the five features: LGFi (Logic Gate Fan-ins),
FFi (Flip-flop input), FFo (Flip-flop output), PI (Primary
Input), and PO (Primary Output) are proposed. LGFi is defined
by the number of inputs of the logic gates two-level away
from the target net. FFi and FFo are defined by the number of
logic levels to the nearest flip-flop input and output from the
target net, respectively. PI and PO are defined by the minimum
logic level from any primary input and output from the target
net, respectively. Fig. 6 shows examples of the extracted five
features from the net n, the bold line in this figure. In this
case, LGFi becomes 4, FFi becomes 2, FFo becomes 1, PI
becomes 2, and PO becomes 1.
Though [7] obtained good classification results, we can
further increase the accuracy. In [9], the 51 Trojan features
listed in Table I are extracted from the nets in the benchmarks.
From the 51 features, the eleven features listed in Table II,
with which we can efficiently classify the nets into a set of
normal ones and Trojan ones, are picked. As shown in Table II,
the numbers of fanins, flip-flops, and the minimum levels to
multiplexer and primary input/output can be deeply related
to hardware-Trojan features. Moreover, the number of loops
is also related to the hardware-Trojan feature, which is not
included in [12].
As discussed above, feature extraction is a critical matter
for machine-learning-based hardware-Trojan detection. In [7]
and [9], several Trojan features for machine-learning-based
hardware-Trojan detection approaches are proposed, but we
TABLE I: The extracted features from a netlist (1 ≤ x ≤ 5) /*)L

proposed in [9].
))L
Trojan feature Description
fan in x The number of logic-gate fanins up to x-level away from a target net. 1RUPDOQHW
1RUPDO
number of flip-flops up to x-level away from the input side of a target net.
0LGGOH
in flipflop x The ))R RU
out flipflop x The number of flip-flops up to x-level away from the output side of a target net. 7URMDQ OD\HUV 7URMDQQHW


in multiplexer x The number of multiplexers up to x-level away from the input side of a target net. 2XWSXW
/D\HU
out multiplexer x The number of multiplexers up to x-level away from the output side of a target net. 3,
in loop x The number of up to x-level loops.
out loop x The number of up to x-level loops. ,QSXWOD\HU 2XWSXWOD\HU
in const x The number of constants up to x-level away from the input side of a target net. 32
XQLWV  XQLWV
out const x The number of constants up to x-level away from the output side of a target net.
in nearest pin The minimum level to the primary input from a target net. ,QSXW
out nearest pout The minimum level to the primary output from a target net.
/D\HU 0LGGOH
{in, out} nearest flipflop The minimum level to any flip-flop from the input or output side of a target net.
{in, out} nearest multiplexer The minimum level to any multiplexer from the input or output side of a target net.
TABLE II: The best set of 11 Trojan features and their
importance values proposed in [9].
No. Trojan feature No.
1 fan in 4 7 out loop 5
2 fan in 5 8 in nearest pin
3 in flipflop 4 9 out nearest pout
4 out flipflop 3 10
5 out flipflop 4 11
6 in loop 4
cannot theoretically argue that they are the most effective
Trojan features. Directly extracting features from the circuit
structure should be required for the efficient machine-learning-
based hardware-Trojan detection.
C. Hardware-Trojan detection using machine learning
This subsection demonstrates how to learn and classify
the nets in a netlist into a set of normal nets and Trojan
nets using the extracted features. A supervised machine-
learning algorithm can be applied to the machine-learning-
based hardware-Trojan detection for the IP verification. In the
learning phase (appeared in the left of Fig. 4), a dataset, which
consists of the data and their corresponding labels, is required.
The machine-learning algorithm computes internal values with
which the data corresponds to its label well. As a result of
the computation, the learned model, which includes computed
internal values, is constructed. In the classification phase (ap-
peared in the right of Fig. 4), we give data without labels to the
learned model. Finally we can obtain the classification results
which show whether a net will be Trojan or not.
In [7], an SVM-based and a neural-network-based
hardware-Trojan classification methods have been proposed.
An SVM is one of the supervised machine learning algorithms
and it computes a hyperplane which divides data samples into
two classes with maximizing the margin from the hyperplane
to the most nearest sample in each class. In the learning phase,
the SVM determines the hyperplane using given datasets. In
the classification phase, the SVM classifies the data into a
class based on the computed hyperplane. On the other hand, a
neural network, which is also one of the supervised machine
learning algorithms, takes different way from the SVM for
classification. The neural network has several layers: the input
layer, the middle layers, and the output layer, and each layer
has several units called ‘perceptron’. A perceptron collects
values from those in the previous layer, sums up their weighted
/D\HUV (b) The neural network in [8].
(a) The neural network in [7].
Fig. 7: The structures of the neural networks proposed in [7]
and [8].
Trojan feature
values, and finally outputs the value which is obtained by a
function called ‘activation function’ using the summed value.
out nearest flipflop Fig. 7a depicts an example of the structure for hardware-Trojan
out nearest multiplexer
classification using the five Trojan features discussed in the
previous subsection. The input layer receives a vector input.
The number of units in the input layer is equal to the number of
elements in the input vector. The middle layers are composed
of one or more layers and compute internal vectors between
the input layer and the output layer. The output layer sends
out the calculated data as an output of the neural network.
Each layer is further composed of units which receive the
output values as inputs from the units in the previous layer
and compute an output value using these inputs.
Although the neural network in [7] has one middle layer,
multi-middle-layer neural networks are applied in [8]. In [8],
the eleven features listed in Table II are used for classification,
whereas the five features are used in [7]. Fig. 7b depicts
the structure of the neural networks in [8]. The number of
units in the output layer can be set to one or two for binary
classification. With one unit in the output layer, we set a
threshold value to the output value. For binary classification,
the output value ranges 0 to 1 so that 0.5 is frequently used as a
threshold value. With two units in the output layer, we compare
the output values of the two units. One unit corresponds to the
normal net, and the other corresponds to the Trojan net. When
the output value of the first unit is larger than that of the second
one, we identify the net to be a normal net. On the other hand,
when the output value of the first unit is smaller than that of
the second one, we identify the net to be a Trojan net. In [8],
the output layer has two units as seen in Fig. 7b, which is a
different structure from that in Fig. 7a.
A different approach from the SVM or neural networks, a
random forest classifier is applied to hardware-Trojan classi-
fication in [9]. A random forest is also one of the supervised
machine-learning methods using multiple decision trees. Each
decision tree uses a subset of features randomly sampled from
a set of entire input features. Even though a given netlist
includes a very small number of Trojan nets, classification
based on decision trees can lead to good results.
Table III shows the classification results among the four
machine-learning algorithms above. In the leftmost column of
Table III, NN refers to the neural-network-based approach, and
1895
TABLE III: Comparison among four machine-learning algo-
rithms.
# of # of Average Average
Approach
features benchmarks TPR TNR
SVM [7] 5 17 83% 49%
NN [7] 5 17 81% 69%
Multi-NN [8] 11 17 85% 70%
Random forest [9] 11 15 68% 99.7%
Multi-NN refers to the multi-middle-layer neural networks.
The SVM and the NN approaches use the five features, and the
Multi-NN and the random forest approaches use eleven fea-
tures. All the experiments performed in [7], [8], and [9] use the
Trust-HUB [16] benchmarks. For the SVM, NN, and Multi-
NN approaches, 17 gate-level netlists: RS232-T1000–T1600,
s15850-T100, s35932-T100–T300, s38417-T100–T300, and
s38584-T100–T300 are used. For the random forest ap-
proach, 15 gate-level netlists: RS232-T1000–T1600, s15850-
T100, s35932-T100–T300, s38417-T100–T300, and s38584-
T100 are used. In order to evaluate the classification results,
we define several indices. Trojan nets identified to be Trojan
nets correctly are called true positives, and TP shows the
number of true positives. Trojan nets identified to be normal
nets mistakenly are called false negatives, and FN shows the
number of false negatives. TN (true negative) and FP (false
positive) are defined similarly. Based on the definitions above,
the true positive rate (TPR) is defined by TP=(TP+FN),
the true negative rate (TNR) is defined by TN=(TN+FP),
and the accuracy is defined by (TP+TN)/(TP+FN+FP+TN).
The experiments are carried out utilizing one-leave-out cross
validation. The Average TPR, Average TNR, and Average Ac-
curacy columns in Table III show the average TPR, TNR, and
accuracy of the classification results, respectively. As shown in
Table III, the Multi-NN approach obtained the largest average
TPR, and the random forest approach obtained the largest
average TNR and accuracy. In terms of accuracy, the random
forest approach obtained good classification results. However,
maximizing TPR is the most important for the hardware-
Trojan classification because we have to detect all the Trojan
nets, in other word, we have to decrease FN. In this point, the
Multi-NN approach may be suitable for the hardware-Trojan
classification. Though the Multi-NN approach obtains the
largest average TPR, the average TNR is not good compared to
the random forest approach. The trade-off between the TPR
and TNR is a major concern in the machine-learning-based
hardware-Trojan detection approaches, and overcoming this
issue will be the future work.
IV. F UTURE DIRECTIONS AND CONCLUSION
This paper elaborates the characteristics of hardware Trojans
and their detection methods, and reviewed several machine-
learning-based hardware-Trojan detection methods. Several
machine-learning-based hardware-Trojan detection approaches
have achieved more than 80% average TPR. However, the
trade-off between TPR and TNR still remains to be done.
Increasing both of the TPR and TNR will be the important
future work.
Though several hardware-Trojan detection methods have
been proposed, it is likely to be impossible to detect all the
Average hardware Trojans by one method because there are many types
Accuracy of hardware Trojans and their circuits are potentially similar
51%
69% to normal circuits. For the practice hardware-Trojan detection,
73% several approaches are applied to the products. Machine-
99%
learning-based hardware-Trojan detection will be one of the
major approaches.
ACKNOWLEDGMENTS
This study was supported in part by the MIC/SCOPE
#171503005.
R EFERENCES
[1] D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar, “Trojan
detection using IC fingerprinting,” in Proc. Symposium on Security and
Privacy (SP), pp. 296–310, 2007.
[2] C. Bao, D. Forte, and A. Srivastava, “On reverse engineering-based
hardware Trojan detection,” IEEE Transactions on Computer-Aided
Design of Integrated Circuits and Systems, vol. 35, no. 1, pp. 49–57,
2016.
[3] S. Bhunia, M. S. Hsiao, M. Banga, and S. Narasimhan, “Hardware
Trojan attacks: threat analysis and countermeasures,” in Proceedings of
the IEEE, vol. 102, no. 8, pp. 1229–1247, 2014.
[4] R. S. Chakraborty, S. Narasimhan, and S. Bhunia, “Hardware Trojan:
Threats and emerging solutions,” Proc. International High-Level Design
Validation and Test Workshop (HLDVT), pp. 166–171, 2009.
[5] R. S. Chakraborty, F. Wolff, S. Paul, C. Papachristou, and S. Bhunia,
“MERO: A statistical approach for hardware Trojan detection,” in
Cryptographic Hardware and Embedded Systems (CHES), 2009, pp.
396–410.
[6] J. Francq and F. Frick, “Introduction to hardware Trojan detection
methods,” in Proc. Design, Automation and Test in Europe (DATE),
pp. 770–775, 2015.
[7] K. Hasegawa, M. Yanagisawa, and N. Togawa, “A hardware-Trojan
classification method using machine learning at gate-level netlists
based on Trojan features,” IEICE Transactions on Fundamentals of
Electronics, Communications and Computer Sciences, vol. E100-A,
no. 7, pp. 1427–1438, 2017.
[8] K. Hasegawa, M. Yanagisawa, and N. Togawa, “Hardware Trojans
classification for gate-level netlists using multi-layer neural networks,”
in Proc. IEEE Symposium on On-Line Testing and Robust System Design
(IOLTS), pp. 227–232, 2017.
[9] K. Hasegawa, M. Yanagisawa, and N. Togawa, “Trojan-feature extrac-
tion at gate-level netlists and its application to hardware-Trojan detection
using random forest classifier,” in Proc. International Symposium on
Circuits and Systems, pp. 2154–2157, 2017.
[10] R. Karri, J. Rajendran, K. Rosenfeld, and M. Tehranipoor, “Trustworthy
hardware: Identifying and classifying hardware Trojans,” Computer,
vol. 43, no. 10, pp. 39–46, 2010.
[11] Y. Liu, K. Huang, and Y. Makris, “Hardware Trojan detection through
golden chip-free statistical side-channel fingerprinting,” in Proc. Design
Automation Conference (DAC), pp. 1–6, 2014.
[12] M. Oya, Y. Shi, M. Yanagisawa, and N. Togawa, “A score-based clas-
sification method for identifying hardware-trojans at gate-level netlists,”
in Proc. Design, Automation and Test in Europe (DATE), pp. 465–470,
2015.
[13] M. Rostami, F. Koushanfar, J. Rajendran, and R. Karri, “Hardware
security: threat models and metrics,” in Proc. International Conference
on Computer-Aided Design (ICCAD), pp. 819–823, 2013.
[14] M. Tehranipoor and F. Koushanfar, “A survey of hardware Trojan
taxonomy and detection,” IEEE Transactions on Design and Test of
Computers, vol. 27, no. 1, pp. 10–25, 2010.
[15] A. Waksman, M. Suozzo, and S. Sethumadhavan, “FANCI: identification
of stealthy malicious logic using boolean functional analysis,” in Proc.
ACM SIGSAC Conference on Computer and Communications Security
(ACM-CCS), pp. 697–708, 2013.
[16] “Trust-HUB.” http://www.trust-hub.org
1896