自适应优化的二元分类型硬件木马检测方法  被引量：9

作　　者：薛明富[1,2] 王箭 胡爱群[3] 

机构地区：[1]南京航空航天大学计算机科学与技术学院,南京210016 [2]软件新技术与产业化协同创新中心.南京210023 [3]东南大学信息科学与工程学院,南京210096

出　　处：《计算机学报》2018年第2期439-451,共13页Chinese Journal of Computers

基　　金：本课题得到国家自然科学基金青年基金(61602241)、江苏省自然科学基金青年基金(BK20150758)、CCF启明星辰鸿雁科研计划(CCFVenustechRP2016005)、CCF绿盟科技鲲鹏基金(CCFNSFocus2017003)、中国博士后科学基金面上资助(2014M561644)、江苏省博士后基金科研资助(1402034C)、中国民航信息技术科研基地开放课题基金(CAACITRB201405)、中央高校基本科研业务费专项资金(NS2016096)资助.

摘　　要：近年来,由于半导体设计和制造过程的全球化以及第三方知识产权核(Intellectual Property cores,IP cores)的广泛使用,电路越来越容易受到硬件木马的攻击.硬件木马能够使得电路功能故障、泄露机密信息或者导致其他一些灾难性的后果,因此已经引起了许多关键部门的密切关注.大多数已有的硬件木马检测工作需要参考芯片去提供参考信息.然而,获得参考芯片是极其困难的.参考芯片通常是假设通过可信的工厂生产出来或者通过很严苛的逆向工程检测验证为不含木马,两种方式的代价都是极其昂贵的.在一些情景下,参考芯片甚至是不存在的,比如掩膜在工厂被修改过.该文提出了一种自适应优化的二元分类型硬件木马检测方法,消除了对生产后的参考芯片的依赖.在电路设计过程中,通常可以假设通过详尽的硅前检测或者经过严格的设计流程,使得原电路的仿真芯片是不含木马的.该文工作尤其适用于检测在设计之后的步骤中插入的木马,比如工厂生产阶段.首先,将木马检测问题建模为二元分类问题,采用电路设计流程中的仿真信息(瞬时功耗)对算法进行训练.经过训练的算法将会生成一个分类器,该分类器能够在芯片生产后测试时自动识别不含木马的和含木马的电路.有许多代表性的分类算法,该文建模了不同的算法并分析评估了哪个算法更适合木马检测.采用的评估指标包括正确分类率、混淆矩阵和查全率.评估了不同工艺偏差下多种算法的性能,给出了在较高水平的工艺偏差下合适的算法设置.更进一步地,考虑到在电路仿真和实际的硅生产之间可能会产生一定的偏差,从而导致该方法的检测性能在实际检测中有所下降,该文提出了一些优化方法来增强这一技术:(1)分析了各分类算法错误分类的芯片编号,提出了匹配算法对的工作方式,用来提供互补的检测性能;(2)提出Recently,because of the globalization of the semiconductor design and fabrication process as well as the widely use of third-party intellectual property cores(IP cores),integrated circuits(ICs)are becoming increasingly vulnerable to hardware Trojans(HTs).Hardware Trojancan make the IC malfunction,leak confidential information,or lead to other catastrophic consequences,thus has raised serious concerns from many critical communities.Most of the existing hardware Trojan detection works require golden chips to provide reference signals.However,obtaining agolden chip is extremely difficult.The golden chips are supposed to be either fabricated by a trusted foundry or verified to be Trojan-free through strict reverse engineering.Both methods are prohibitively expensive.In some scenarios,the golden chips even don't exist,e.g.,if the mask is altered at the foundry.This paper proposes an adaptive optimization of two-class classificationbased hardware Trojan detection method which can eliminate the need of fabricated golden chips.In the IC design time,it can be assumed that after thorough pre-silicon detection or under strict design process,the simulated IC of the original design is Trojan-free(golden netlist).This method is particularly suitable for detecting the Trojans which are inserted in the subsequent steps after design,such as the fabrication stage.First,we formulate the hardware Trojan detection problem into a two-class classification problem.Then,we train the classification algorithms using transient power of simulated ICs during IC design flow.The trained algorithms will then form a classifier which can automatically identify fabricated ICs as Trojan-free or Trojan-inserted during test-time.There are many representative types of classification algorithms.We formulate different algorithms and figure out which algorithm is more suitable for HT detection.The metrics accuracy,confusion matrix and recall are used for evaluation.We evaluate the performance of different algorithms against process variations,and present

关 键 词：硬件木马检测 硬件安全 参考芯片 分类算法 自适应优化 

分 类 号：TP301[自动化与计算机技术—计算机系统结构]