A Hardware Trojan Detection Method Based on the Electromagnetic Leakage

Hardware Trojan(HT) refers to a special module intentionally implanted into a chip or an electronic system. The module can be exploited by the attacker to achieve destructive functions. Unfortunately the HT is difficult to detecte due to its minimal resource occupation. In order to achieve an accurate detection with high efficiency, a HT detection method based on the electromagnetic leakage of the chip is proposed in this paper. At first, the dimensionality reduction and the feature extraction of the electromagnetic leakage signals in each group(template chip, Trojan-free chip and target chip) were realized by principal component analysis(PCA). Then, the Mahalanobis distances between the template group and the other groups were calculated. Finally, the differences between the Mahalanobis distances and the threshold were compared to determine whether the HT had been implanted into the target chip. In addition, the concept of the HT Detection Quality(HTDQ) was proposed to analyze and compare the performance of different detection methods. Our experiment results indicate that the accuracy of this detection method is 91.93%, and the time consumption is 0.042s in average, which shows a high HTDQ compared with three other methods.

An Unknown Trojan Detection Method Based on Software Network Behavior

Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat （APT） attack intents： besides dealing with damaging or destroying facilities, the more essential purpose of APT attacks is to gather confidential data from target hosts by planting Trojans. Inspired by this idea and some in-depth analyses on recently happened APT attacks, five typical communication characteristics are adopted to describe application’s network behavior, with which a fine-grained classifier based on Decision Tree and Na ve Bayes is modeled. Finally, with the training of supervised machine learning approaches, the classification detection method is implemented. Compared with general methods, this method is capable of enhancing the detection and awareness capability of unknown Trojans with less resource consumption.

HTDet:A Clustering Method Using Information Entropy for Hardware Trojan Detection

Hardware Trojans(HTs)have drawn increasing attention in both academia and industry because of their significant potential threat.In this paper,we propose HTDet,a novel HT detection method using information entropybased clustering.To maintain high concealment,HTs are usually inserted in the regions with low controllability and low observability,which will result in that Trojan logics have extremely low transitions during the simulation.This implies that the regions with the low transitions will provide much more abundant and more important information for HT detection.The HTDet applies information theory technology and a density-based clustering algorithm called Density-Based Spatial Clustering of Applications with Noise(DBSCAN)to detect all suspicious Trojan logics in the circuit under detection.The DBSCAN is an unsupervised learning algorithm,that can improve the applicability of HTDet.In addition,we develop a heuristic test pattern generation method using mutual information to increase the transitions of suspicious Trojan logics.Experiments on circuit benchmarks demonstrate the effectiveness of HTDet.

Empirical Evaluation of Information Leakage Detection Using Net-flow Analysis

Because of the widespread of Trojans,organizations and Internet users become more vulnerable to the threat of information leakage.This paper describes an information leakage detection system( ILDS) to detect sensitive information leakage caused by Trojan.In particular,the principles of the system are based on the analysis of net-flows in four perspectives: heartbeat behavior analysis,DNS abnormal analysis,uploaddownload ratio and content analysis.Heartbeat behavior analysis and DNS abnormal analysis are used to detect the existence of Trojans while upload-download ratio and content analysis can quickly detect when the information leakage happens.Experiments indicate that the system is reliable and efficient in detecting information leakage.The system can also help to collect and preserve digital evidence when information leakage incident occurs.

Efficient Activation Method of Hardware Trojan Based on Greedy Algorithm

To generate test vector sets that can efficiently activate hardware Trojans and improve probability of the hardware Trojan activation,an efficient hardware Trojan activation method is proposed based on greedy algorithm for combinatorial hardware Trojans. Based on the greedy algorithm and the recursive construction method in the combination test,the method formulates appropriate and useful greedy strategy and generates test vector sets with different combinatorial correlation coefficients to activate hardware Trojans in target circuits. The experiment was carried out based on advanced encryption standard（ AES） hardware encryption circuit,different combinatorial hardware Trojans were implanted in AES as target circuits,the experiment of detecting hardware Trojans in target circuits was performed by applying the proposed method and different combinatorial hardware Trojans in target circuits were activated successfully many times in the experiment. The experimental results showthat the test vector sets generated using the proposed method could effectively activate combinatorial hardware Trojans,improve the probability of the hardware Trojan being activated,and also be applied to practice.

An Evolutionary Algorithm for Non-Destructive Reverse Engineering of Integrated Circuits

In hardware Trojan detection technology, destructive reverse engineering can restore an original integrated circuitwith the highest accuracy. However, this method has a much higher overhead in terms of time, effort, and cost thanbypass detection. This study proposes an algorithm, called mixed-feature gene expression programming, whichapplies non-destructive reverse engineering to the chip with bypass detection data. It aims to recover the originalintegrated circuit hardware, or else reveal the unknown circuit design in the chip.