Embracing Graph Neural Networks for Hardware Security
29 Oct 2022-pp 1-9
TL;DR: A comprehensive overview of the usage of GNNs in hardware security can be found in this paper , where the authors divide the state-of-the-art GNN-based hardware security systems into four categories: IP piracy detection systems, reverse engineering platforms, and attacks on logic locking.
Abstract: Graph neural networks (GNNs) have attracted increasing attention due to their superior performance in deep learning on graph-structured data. GNNs have succeeded across various domains such as social networks, chemistry, and electronic design automation (EDA). Electronic circuits have a long history of being represented as graphs, and to no surprise, GNNs have demonstrated state-of-the-art performance in solving various EDA tasks. More importantly, GNNs are now employed to address several hardware security problems, such as detecting intellectual property (IP) piracy and hardware Trojans (HTs), to name a few.In this survey, we first provide a comprehensive overview of the usage of GNNs in hardware security and propose the first taxonomy to divide the state-of-the-art GNN-based hardware security systems into four categories: (i) HT detection systems, (ii) IP piracy detection systems, (iii) reverse engineering platforms, and (iv) attacks on logic locking. We summarize the different architectures, graph types, node features, benchmark data sets, and model evaluation of the employed GNNs. Finally, we elaborate on the lessons learned and discuss future directions.
Citations
More filters
29 Nov 2022
TL;DR: GNN4IC as discussed by the authors proposes a generic pipeline for tailoring GNN models toward solving challenging problems for IC design, and outlines promising options for each pipeline element, and discuss selected and promising works, like leveraging GNNs to break SOTA logic obfuscation.
Abstract: Graph neural networks (GNNs) have pushed the state-of-the-art (SOTA) for performance in learning and predicting on large-scale data present in social networks, biology, etc. Since integrated circuits (ICs) can naturally be represented as graphs, there has been a tremendous surge in employing GNNs for machine learning (ML)-based methods for various aspects of IC design. Given this trajectory, there is a timely need to review and discuss some powerful and versatile GNN approaches for advancing IC design. In this paper, we propose a generic pipeline for tailoring GNN models toward solving challenging problems for IC design. We out-line promising options for each pipeline element, and we discuss selected and promising works, like leveraging GNNs to break SOTA logic obfuscation. Our comprehensive overview of GNNs frame-works covers (i) electronic design automation (EDA) and IC design in general, (ii) design of reliable ICs, and (iii) design as well as analysis of secure ICs. We provide our overview and related resources also in the GNN4IC hub at https://github.com/DfX-NYUAD/GNN4IC. Finally, we discuss interesting open problems for future research.
4 citations
TL;DR: In this article , the authors proposed a backdoor attack on GNNs in the context of hardware design, which injects backdoor triggers into the register-transfer or the gate-level representation of a given design without affecting the functionality to evade some GNN-based detection procedures.
Abstract: Graph neural networks (GNNs) have shown great success in detecting intellectual property (IP) piracy and hardware Trojans (HTs). However, the machine learning community has demonstrated that GNNs are susceptible to data poisoning attacks, which result in GNNs performing abnormally on graphs with pre-defined backdoor triggers (realized using crafted subgraphs). Thus, it is imperative to ensure that the adoption of GNNs should not introduce security vulnerabilities in critical security frameworks. Existing backdoor attacks on GNNs generate random subgraphs with specific sizes/densities to act as backdoor triggers. However, for Boolean circuits, backdoor triggers cannot be randomized since the added structures should not affect the functionality of a design. We explore this threat and develop PoisonedGNN as the first backdoor attack on GNNs in the context of hardware design. We design and inject backdoor triggers into the register-transfer- or the gate-level representation of a given design without affecting the functionality to evade some GNN-based detection procedures. To demonstrate the effectiveness of PoisonedGNN, we consider two case studies: (i) Hiding HTs and (ii) IP piracy. Our experiments on TrustHub datasets demonstrate that PoisonedGNN can hide HTs and IP piracy from advanced GNN-based detection platforms with an attack success rate of up to 100%.
1 citations
TL;DR: TrojanSAINT as discussed by the authors is a graph neural network (GNN)-based hardware Trojan detection scheme working at the gate level, which leverages a sampling-based GNN framework to detect and also localize HTs.
Abstract: We propose TrojanSAINT, a graph neural network (GNN)-based hardware Trojan (HT) detection scheme working at the gate level. Unlike prior GNN-based art, TrojanSAINT enables both pre-/post-silicon HT detection. TrojanSAINT leverages a sampling-based GNN framework to detect and also localize HTs. For practical validation, TrojanSAINT achieves on average (oa) 78% true positive rate (TPR) and 85% true negative rate (TNR), respectively, on various TrustHub HT benchmarks. For best-case validation, TrojanSAINT even achieves 98% TPR and 96% TNR oa. TrojanSAINT outperforms related prior works and baseline classifiers. We release our source codes and result artifacts.
1 citations
24 Apr 2023
TL;DR: BadGNN as discussed by the authors is a backdoor attack on GNNs that can hide HTs and evade detection with a 100% success rate through minor circuit perturbations, which highlights the need for further investigation into the security and robustness of GNN-based networks before they can be safely used in security-critical applications.
Abstract: The participation of third-party entities in the globalized semiconductor supply chain introduces potential security vulnerabilities, such as intellectual property piracy and hardware Trojan (HT) insertion. Graph neural networks (GNNs) have been employed to address various hardware security threats, owing to their superior performance on graph-structured data, such as circuits. However, GNNs are also susceptible to attacks.This work examines the use of GNNs for detecting hardware threats like HTs and their vulnerability to attacks. We present BadGNN, a backdoor attack on GNNs that can hide HTs and evade detection with a 100% success rate through minor circuit perturbations. Our findings highlight the need for further investigation into the security and robustness of GNNs before they can be safely used in security-critical applications.
29 Mar 2023
TL;DR: BadGNN as mentioned in this paper is a backdoor attack on GNNs that can hide HTs and evade detection with a 100% success rate through minor circuit perturbations, which highlights the need for further investigation into the security and robustness of GNN-based networks before they can be safely used in security-critical applications.
Abstract: The participation of third-party entities in the globalized semiconductor supply chain introduces potential security vulnerabilities, such as intellectual property piracy and hardware Trojan (HT) insertion. Graph neural networks (GNNs) have been employed to address various hardware security threats, owing to their superior performance on graph-structured data, such as circuits. However, GNNs are also susceptible to attacks.This work examines the use of GNNs for detecting hardware threats like HTs and their vulnerability to attacks. We present BadGNN, a backdoor attack on GNNs that can hide HTs and evade detection with a 100% success rate through minor circuit perturbations. Our findings highlight the need for further investigation into the security and robustness of GNNs before they can be safely used in security-critical applications.
References
More filters
TL;DR: A new method for estimation in linear models called the lasso, which minimizes the residual sum of squares subject to the sum of the absolute value of the coefficients being less than a constant, is proposed.
Abstract: SUMMARY We propose a new method for estimation in linear models. The 'lasso' minimizes the residual sum of squares subject to the sum of the absolute value of the coefficients being less than a constant. Because of the nature of this constraint it tends to produce some coefficients that are exactly 0 and hence gives interpretable models. Our simulation studies suggest that the lasso enjoys some of the favourable properties of both subset selection and ridge regression. It produces interpretable models like subset selection and exhibits the stability of ridge regression. There is also an interesting relationship with recent work in adaptive function estimation by Donoho and Johnstone. The lasso idea is quite general and can be applied in a variety of statistical models: extensions to generalized regression models and tree-based models are briefly described.
40,785 citations
TL;DR: It is shown that the elastic net often outperforms the lasso, while enjoying a similar sparsity of representation, and an algorithm called LARS‐EN is proposed for computing elastic net regularization paths efficiently, much like algorithm LARS does for the lamba.
Abstract: Summary. We propose the elastic net, a new regularization and variable selection method. Real world data and a simulation study show that the elastic net often outperforms the lasso, while enjoying a similar sparsity of representation. In addition, the elastic net encourages a grouping effect, where strongly correlated predictors tend to be in or out of the model together.The elastic net is particularly useful when the number of predictors (p) is much bigger than the number of observations (n). By contrast, the lasso is not a very satisfactory variable selection method in the
16,538 citations
Posted Content•
TL;DR: A scalable approach for semi-supervised learning on graph-structured data that is based on an efficient variant of convolutional neural networks which operate directly on graphs which outperforms related methods by a significant margin.
Abstract: We present a scalable approach for semi-supervised learning on graph-structured data that is based on an efficient variant of convolutional neural networks which operate directly on graphs. We motivate the choice of our convolutional architecture via a localized first-order approximation of spectral graph convolutions. Our model scales linearly in the number of graph edges and learns hidden layer representations that encode both local graph structure and features of nodes. In a number of experiments on citation networks and on a knowledge graph dataset we demonstrate that our approach outperforms related methods by a significant margin.
15,696 citations
TL;DR: This tutorial gives an overview of the basic ideas underlying Support Vector (SV) machines for function estimation, and includes a summary of currently used algorithms for training SV machines, covering both the quadratic programming part and advanced methods for dealing with large datasets.
Abstract: In this tutorial we give an overview of the basic ideas underlying Support Vector (SV) machines for function estimation. Furthermore, we include a summary of currently used algorithms for training SV machines, covering both the quadratic (or convex) programming part and advanced methods for dealing with large datasets. Finally, we mention some modifications and extensions that have been applied to the standard SV algorithm, and discuss the aspect of regularization from a SV perspective.
10,696 citations
TL;DR: The authors introduce an algorithm, called matching pursuit, that decomposes any signal into a linear expansion of waveforms that are selected from a redundant dictionary of functions, chosen in order to best match the signal structures.
Abstract: The authors introduce an algorithm, called matching pursuit, that decomposes any signal into a linear expansion of waveforms that are selected from a redundant dictionary of functions. These waveforms are chosen in order to best match the signal structures. Matching pursuits are general procedures to compute adaptive signal representations. With a dictionary of Gabor functions a matching pursuit defines an adaptive time-frequency transform. They derive a signal energy distribution in the time-frequency plane, which does not include interference terms, unlike Wigner and Cohen class distributions. A matching pursuit isolates the signal structures that are coherent with respect to a given dictionary. An application to pattern extraction from noisy signals is described. They compare a matching pursuit decomposition with a signal expansion over an optimized wavepacket orthonormal basis, selected with the algorithm of Coifman and Wickerhauser see (IEEE Trans. Informat. Theory, vol. 38, Mar. 1992). >
9,380 citations