A fast hardware Trojan detection method with parallel clustering for large-scale gate-level netlists

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-06-16 DOI:10.1016/j.cose.2025.104570

Gaoyuan Pan, Huan Li, Jian Wang

{"title":"A fast hardware Trojan detection method with parallel clustering for large-scale gate-level netlists","authors":"Gaoyuan Pan, Huan Li, Jian Wang","doi":"10.1016/j.cose.2025.104570","DOIUrl":null,"url":null,"abstract":"<div><div>The growing complexity of hardware design makes third-party intellectual property (3PIP) a superior option. However, it poses security threats to the integrated circuit (IC) supply chain. An untrusted 3PIP may have been implanted with hardware Trojans (HTs), which are malicious modifications to ICs. To ensure the security of ICs, state-of-the-art HT detection techniques related to testability metrics have been recently researched. Nevertheless, the computation of testability values and clustering analysis may be time-consuming for large-scale gate-level netlists (GLNs). To address this issue, we propose a fast HT detection method based on a previously proposed modularity algorithm, incorporating parallel clustering for large-scale GLNs. D-flip-flops are utilized as the boundaries to divide the GLN into modules. Then, we use a self-designed tool to simultaneously compute testability values and static transition probabilities for each signal in each module. If the minimum static transition probability of signals within a module falls below a predefined threshold, the module is suspected to contain HTs and necessitates clustering analysis. Otherwise, it is considered safe and excluded from further analysis. Suspicious modules are then clustered in parallel to identify potential HT signals. Lastly, a secondary diagnosis is performed to minimize false positives in the clustering analysis results. For samples with up to approximately 10<sup>5</sup> signals from Trust-hub, the detection time is reduced by up to 60 % compared to our previous work, achieving a detection accuracy of 100 %, a signal diagnosis accuracy exceeding 93 %, and a false positive rate below 1 %.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"157 ","pages":"Article 104570"},"PeriodicalIF":4.8000,"publicationDate":"2025-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825002597","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The growing complexity of hardware design makes third-party intellectual property (3PIP) a superior option. However, it poses security threats to the integrated circuit (IC) supply chain. An untrusted 3PIP may have been implanted with hardware Trojans (HTs), which are malicious modifications to ICs. To ensure the security of ICs, state-of-the-art HT detection techniques related to testability metrics have been recently researched. Nevertheless, the computation of testability values and clustering analysis may be time-consuming for large-scale gate-level netlists (GLNs). To address this issue, we propose a fast HT detection method based on a previously proposed modularity algorithm, incorporating parallel clustering for large-scale GLNs. D-flip-flops are utilized as the boundaries to divide the GLN into modules. Then, we use a self-designed tool to simultaneously compute testability values and static transition probabilities for each signal in each module. If the minimum static transition probability of signals within a module falls below a predefined threshold, the module is suspected to contain HTs and necessitates clustering analysis. Otherwise, it is considered safe and excluded from further analysis. Suspicious modules are then clustered in parallel to identify potential HT signals. Lastly, a secondary diagnosis is performed to minimize false positives in the clustering analysis results. For samples with up to approximately 10⁵ signals from Trust-hub, the detection time is reduced by up to 60 % compared to our previous work, achieving a detection accuracy of 100 %, a signal diagnosis accuracy exceeding 93 %, and a false positive rate below 1 %.

查看原文本刊更多论文

基于并行聚类的大规模门级网络快速硬件木马检测方法

硬件设计的日益复杂使得第三方知识产权（3PIP）成为一个更好的选择。然而，它对集成电路（IC）供应链构成了安全威胁。不受信任的3PIP可能已经植入了硬件木马（ht），这是对ic的恶意修改。为了确保集成电路的安全性，最近研究了与可测试性指标相关的最先进的高温检测技术。然而，对于大规模门级网络来说，可测试性值的计算和聚类分析可能会耗费大量时间。为了解决这一问题，我们提出了一种基于先前提出的模块化算法的快速高温检测方法，并结合了大规模gln的并行聚类。采用d -触发器作为边界，将GLN划分为模块。然后，我们使用自己设计的工具同时计算每个模块中每个信号的可测试性值和静态转移概率。如果模块内信号的最小静态转移概率低于预定义的阈值，则怀疑该模块包含ht，需要进行聚类分析。否则，被认为是安全的，排除在进一步的分析之外。然后将可疑模块并行聚集以识别潜在的高温信号。最后，进行二次诊断，以尽量减少聚类分析结果中的假阳性。对于来自Trust-hub的多达105个信号的样本，与我们之前的工作相比，检测时间减少了60%，实现了100%的检测准确率，信号诊断准确率超过93%，假阳性率低于1%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.