As the globalization of chip design and manufacturing process becomes popular, malicious hardware inclusions such as hardware Trojans pose a serious threat to the security of digital systems. Advanced Trojans can mask many architectural-level Trojan signatures and adapt against several detection mechanisms. Runtime Trojan detection techniques are considered as a last line of defense against Trojan inclusion and activation. In this article, we propose an offline analysis to select a subset of flip-flops as surrogates and build an anomaly detection model based on the activity profile of flip-flops. These flip-flops are monitored online, and the anomaly detection model implemented online analyzes the flip-flop data to detect any anomalous Trojan activity. The effectiveness of our approach has been tested on several Trojan-inserted designs of the Leon3 processor. Trojan activation is detected with an accuracy score of above 0.9 (ratio of the number of true predictions to total number of predictions) with no false positives by monitoring less than 0.5% of the total number of flip-flops.

中文翻译：

---

基于门级非结构化数据的特征分析和异常检测的硬件木马运行时识别

随着芯片设计和制造过程全球化的普及，硬件木马等恶意硬件夹杂物对数字系统的安全构成了严重威胁。高级木马可以掩盖许多架构级别的木马特征并适应多种检测机制。运行时木马检测技术被认为是防止木马包含和激活的最后一道防线。在本文中，我们提出了一种离线分析，以选择触发器的子集作为代理，并基于触发器的活动配置文件构建异常检测模型。这些触发器被在线监控，并且在线实现的异常检测模型分析触发器数据以检测任何异常木马活动。我们的方法的有效性已经在 Leon3 处理器的几个插入木马的设计上进行了测试。通过监控少于 0.5% 的触发器总数，检测到木马激活的准确度得分高于 0.9（真实预测数与预测总数的比率）且没有误报。