A CatBoost Based Approach to Detect Label Flipping Poisoning Attack in Hardware Trojan Detection Systems

Hardware Trojan (HT) intrusion at different integrated circuit (IC) phases is the most important concern for the semiconductor industries. Recently, machine learning (ML) models have been used to detect HT from the pre-silicon IC phase, which utilizes either structural or SCOAP gate level netlist features. However, the main concern is that an adversary may poison the training dataset by flipping the target labels to malign the ML model training, which further provides an incorrect prediction on the test dataset. Thus, due to the malicious training of ML models, the Trojan-inserted ICs are missed out and can easily perform their malicious activities. Hence, it is of utmost importance to scan the training dataset and identify the poisoned input samples before applying ML models for HT detection. Therefore, this paper proposes a new technique that first identifies the poisoned training samples, which consist of SCOAP features, and then detects HTs from the unseen gate-level netlist. The proposed technique employs a robust ensemble Categorical Boosting (CatBoost) model, which avoids the problem of target leakage by using the concept of ordered boosting. Further, a label flipping poisoning attack based on a stochastic hill climbing search is proposed, which flips the labels of the handful of samples that maximizes the validation dataset loss by deteriorating the model performance. Moreover, a defense method is proposed which utilizes CatBoost object importance and k-nearest neighbor to detect malicious training samples and restore their original labels. Finally, the CatBoost model is trained on the clean dataset to detect the HT nets from the unseen gate-level netlist accurately. Experimental results shows that the proposed attack method increases the on-an-average loss up to 58% and 54% on Trust-Hub and DeTrust benchmarks. Whereas the proposed defense method accurately identifies the poisoned input labels from the training dataset with on-an average 99% accuracy on these benchmarks.