Saved in:
Bibliographic Details
Main Authors: Gohil, Vasudev, Patnaik, Satwik, Kalathil, Dileep, Rajendran, Jeyavijayan
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2402.13946
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916140391858176
author Gohil, Vasudev
Patnaik, Satwik
Kalathil, Dileep
Rajendran, Jeyavijayan
author_facet Gohil, Vasudev
Patnaik, Satwik
Kalathil, Dileep
Rajendran, Jeyavijayan
contents Machine learning has shown great promise in addressing several critical hardware security problems. In particular, researchers have developed novel graph neural network (GNN)-based techniques for detecting intellectual property (IP) piracy, detecting hardware Trojans (HTs), and reverse engineering circuits, to name a few. These techniques have demonstrated outstanding accuracy and have received much attention in the community. However, since these techniques are used for security applications, it is imperative to evaluate them thoroughly and ensure they are robust and do not compromise the security of integrated circuits. In this work, we propose AttackGNN, the first red-team attack on GNN-based techniques in hardware security. To this end, we devise a novel reinforcement learning (RL) agent that generates adversarial examples, i.e., circuits, against the GNN-based techniques. We overcome three challenges related to effectiveness, scalability, and generality to devise a potent RL agent. We target five GNN-based techniques for four crucial classes of problems in hardware security: IP piracy, detecting/localizing HTs, reverse engineering, and hardware obfuscation. Through our approach, we craft circuits that fool all GNNs considered in this work. For instance, to evade IP piracy detection, we generate adversarial pirated circuits that fool the GNN-based defense into classifying our crafted circuits as not pirated. For attacking HT localization GNN, our attack generates HT-infested circuits that fool the defense on all tested circuits. We obtain a similar 100% success rate against GNNs for all classes of problems.
format Preprint
id arxiv_https___arxiv_org_abs_2402_13946
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle AttackGNN: Red-Teaming GNNs in Hardware Security Using Reinforcement Learning
Gohil, Vasudev
Patnaik, Satwik
Kalathil, Dileep
Rajendran, Jeyavijayan
Machine Learning
Cryptography and Security
Machine learning has shown great promise in addressing several critical hardware security problems. In particular, researchers have developed novel graph neural network (GNN)-based techniques for detecting intellectual property (IP) piracy, detecting hardware Trojans (HTs), and reverse engineering circuits, to name a few. These techniques have demonstrated outstanding accuracy and have received much attention in the community. However, since these techniques are used for security applications, it is imperative to evaluate them thoroughly and ensure they are robust and do not compromise the security of integrated circuits. In this work, we propose AttackGNN, the first red-team attack on GNN-based techniques in hardware security. To this end, we devise a novel reinforcement learning (RL) agent that generates adversarial examples, i.e., circuits, against the GNN-based techniques. We overcome three challenges related to effectiveness, scalability, and generality to devise a potent RL agent. We target five GNN-based techniques for four crucial classes of problems in hardware security: IP piracy, detecting/localizing HTs, reverse engineering, and hardware obfuscation. Through our approach, we craft circuits that fool all GNNs considered in this work. For instance, to evade IP piracy detection, we generate adversarial pirated circuits that fool the GNN-based defense into classifying our crafted circuits as not pirated. For attacking HT localization GNN, our attack generates HT-infested circuits that fool the defense on all tested circuits. We obtain a similar 100% success rate against GNNs for all classes of problems.
title AttackGNN: Red-Teaming GNNs in Hardware Security Using Reinforcement Learning
topic Machine Learning
Cryptography and Security
url https://arxiv.org/abs/2402.13946