This article has been accepted for publication in a future issue of this journal, but has not been
fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCAD.2015.2488495, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
On Reverse Engineering-Based Hardware Trojan
Detection
Chongxi Bao, Student Member, IEEE, Domenic Forte, Member, IEEE, and Ankur Srivastava, Member, IEEE
AbstractDue to design and fabrication outsourcing to
foundries, the problem of malicious modications to integrated
circuits, also known as hardware Trojans, has attracted attention
in academia as well as industry. To reduce the risks associated
with Trojans, researchers have proposed different approaches
to detect them. Among these approaches, test-time detection
approaches have drawn the greatest attention. Many test-time
approaches assume the existence of a Trojan-free chip/model
also known as golden model. Prior works suggest using reverse-
engineering to identify such Trojan-free ICs for the golden model.
However, they did not state how to do this efciently. In fact,
reverse-engineering is a very costly process which consumes
lots of time and intensive manual effort. It is also very error
prone. In this paper, we propose an innovative and robust
reverse-engineering scheme to identify the Trojan-free ICs. We
reformulate the Trojan-detection problem as clustering problem.
We then adapt a widely-used machine learning method, K-Means
clustering, to solve our problem. Simulation results using state-
of-the-art tools on several publicly available circuits show that
the proposed approach can detect hardware Trojans with high
accuracy rate. A comparison of this approach with our previously
proposed approach [1] is also conducted. Both the limitations and
application scenarios of the two methods are discussed in detail.
Index TermsHardware Trojan detection, reverse-engineering
based hardware Trojan detection, integrated circuit (IC) security
and trust, one-class SVM, K-Means clustering
I. I NTRODUCTION
More and more integrated circuit (IC) designers are out-
sourcing fabrication to foundries and incorporating third-
party intellectual property (IP) cores into their designs. This
practice leads to security problems. For example, malicious
modications to ICs, also known as hardware Trojans (HTs),
have been reported. HTs can change IC functionality, reduce
IC reliability, leak valuable information from the IC, and even
cause denial of service [2]. To reduce the risks associated
with Trojans, researchers have proposed different approaches
to detect them. Test-time detection approaches [3][5] have
drawn the greatest amount of attention from researchers. In
these approaches, functional and/or side-channel behavior of
suspect ICs are compared to a golden model that represents
the expected behavior of a Trojan-free IC. If the suspect IC
deviates sufciently from the golden model, it is classied as
This work was supported by the National Science Foundation under Grant
1223233.
D. Forte is with the Department of Electrical and Computer En-
gineering, University of Florida, Gainesville, FL, 32611 USA (e-mail:
dforte@ece.u.edu).
C. Bao and A. Srivastava are with the Department of Electrical and
Computer Engineering, University of Maryland, College Park, MD, 20742
USA (e-mail: {borisbcx,ankurs}@umd.edu.
0278-0070 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
1
being Trojan-infected. While these approaches are effective,
obtaining such golden models/data is mostly an open problem.
Motivation. Prior works such as [6] suggest that reverse-
engineering (RE) be used to identify Trojan-free ICs and
verify the data used for the golden models. To the best of
our knowledge, our previous work [1] was the rst one that
proposed a method to verify a golden chip using reverse-
engineering efciently and accurately. However, [1] is based
on a parametric classication approach, which means that its
performance is highly dependent on the choice of some design
parameters. This can make it very hard to be trained and tuned.
Contributions. In this paper, we propose another efcient
method for verifying a golden chip. Compared with [1], this
paper has lots of new contributions:
In addition to the Support Vector Machine based ap-
proach, we develop a K-Means clustering approach to
automatically learn how to distinguish between expected
and suspicious structures in the ICs. Neither of the two
methods relies on a Trojan-free (golden) IC, which is the
underlying assumption of many other approaches.
Simulation results on 6 benchmarks show that the per-
formance of K-Means clustering approach, unlike SVM,
does not depend on the choice of parameters. Thus it is
easier than SVM to be trained and tuned.
We also conduct experiments to compare the two ap-
proaches thoroughly in many aspects. We discuss their
advantages, limitations and application scenarios in detail.
The rest of the paper is organized as follows: Section II
gives a brief review of reverse-engineering, hardware Trojans
and detection. Section III denes the problem we want to solve
and discusses the motivation behind it. Section IV gives a
quick recap on our previously proposed SVM based approach.
K-Means clustering approach is elaborated in Section V. In
Section VI, experimental results are discussed. A thorough
comparison of two methods is conducted. A comparison of
our approaches with some other existing approaches is shown
in Section VII. Finally, Section VIII concludes the paper.
II. BACKGROUND
A. Reverse Engineering
Reverse-engineering of an IC is the process of analyzing an
ICs internal structures, connections, etc. in order to determine
how it was designed and how it operates. A typical RE ow
includes the following steps [7].
1) Decapsulation: The die is removed from its package.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCAD.2015.2488495, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
2) Delayering: Each layer of the die is stripped off one
at a time using chemical methods while polishing the
surface to keep it planar.
3) Imaging: Thousands of high-resolution images of each
exposed layer are taken using scanning electron micro-
scope (SEM). The images are stitched together to form
a complete view of the layer using special software.
Multiple layers are also aligned at this step so that
contacts and vias are lined up with layers above and
below them.
4) Annotation: All structures in the device (interconnects,
vias, transistors, etc.) are annotated either manually or
by using image recognition software [7].
5) Schematic creation, organization, and analysis: A hier-
archical or at netlist is generated using the annotated
images as well as public information (e.g. datasheets).
All of the above steps are time-consuming and error-prone.
The rst 3 steps essentially extract images of the structures
contained in the IC. Removing and polishing layers affect the
structures in the exposed and lower layers, resulting in addi-
tional noise in their IC structures. The last 2 steps are required
for circuit/design extraction and are also quite challenging. The
annotation process and the schematic creation/analysis often
requires input from experienced analysts [7].
B. Hardware Trojans and Detection
Hardware Trojans (HTs) are malicious modications to the
circuitry of an IC. They can be made at any untrusted or
outsourced phase of the ICs production (design, synthesis,
fabrication, and distribution) [8]. HTs can leak secret infor-
mation, disable the IC, or even destroy the IC [9] making
them very dangerous.
Researchers in academia as well as industry have proposed
different approaches to detect HTs. These methods fall into
the following four categories.
Design-time approaches have two types: formal verica-
tion and design-for-security (DFS). Formal verication [10]
requires that the design house prove certain security properties
hold in the design. DFS approaches (e.g., [11]) are aimed at
increasing the controllability and observability of ICs in order
to aid test-time detection approaches. Test-time approaches
consist of tests in addition to normal IC post-manufacturing
tests and are the most widely studied approaches in the
literature. There are two types: functional testing and side-
channel ngerprinting [5]. Functional testing approaches [3],
[4] aim to detect HTs that change the functionality (primary
outputs) of the IC from the intended one. Side-channel n-
gerprinting [12], [13] is an alternative approach that measures
side channel signals (timing, power, EM, etc.) and uses them to
distinguish genuine ICs from Trojan-infested ones. Run-time
approaches add circuitry that monitors the behavior/state of a
chip after it has been deployed. If deviation from the expected
golden behavior is detected, additional circuitry can disable the
chip or bypass the malicious logic before the HT can do any
damage. Most test-time and run-time approaches assume that
a Trojan-free chip also known as a golden chip (a chip with
intended functionality and behavior) is available to compare
0278-0070 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
2
with. They suggest reverse-engineering be used to obtain such
a golden chip [6]. Reverse-engineering based approaches apply
the reverse-engineering (RE) process (discussed above) to ICs
in order to detect HTs. Basically, the design/netlist uncovered
by RE is compared to an intended (golden) netlist. Since these
approaches are not only time-consuming, but destructive, they
have been pursued the least for HT detection. Their main use
of RE has been to verify the Trojan-free chips used in the
golden model development [6].
Since all of the above have their own advantages and
disadvantages, one proposed direction is to apply each for
the highest HT coverage. For example, post-silicon, RE-based
approaches can verify golden chips required for test-time
and run-time golden models. Functional and side-channel ap-
proaches can be used to detect small and large Trojans respec-
tively inserted during fabrication. Design-time approaches can
be induced to improve the Trojan coverage and observability.
Run-time approaches can act as a last line of defense.
III. P ROBLEM S TATEMENT AND M OTIVATION
Problem Statement. Assume we are given ICs from one or
more untrusted foundries. We want to determine which ICs
are Trojan-free (TF) and which have Trojans inserted (TI).
We consider that there are three-types of TI cases possible:
Trojan Addition (TA) : These HTs add transistors, gates,
and interconnects into the original layout.
Trojan Deletion (TD) : These HTs delete transistors, gates,
and interconnects from the original layout.
Trojan Parametric (TP) : These HTs perform physical
changes to the transistors, gates, and interconnects of the
original layout as suggested in [14].
Examples of TF, TA, TD, and TP are shown in Figure 1. Note
that the above problem can be viewed as an instance of the
classication problem which is given as follows. Assume we
have 2 classes of objects denoted by C0 and C1 . Let each
object be represented by a feature vector x = (x1 , . . . , xn )
where xi denotes the ith feature, xi R, and n denotes the
# of features. Given an unknown object A, the problem is to
determine the correct class of A. In our case, objects are chips
under test and TF represents class C0 while the TI cases (TA,
TD and TP) represent class C1 . We further assume that a batch
of ICs manufactured by the same foundry will be either all
Trojan-free or all Trojan-infected. The reason is that making
two masks of the design, one Trojan-free and one Trojan-
infected, will be very costly for the foundry. Therefore, by
classifying one chip within the batch, we can tell whether this
batch of ICs is Trojan-free or not.
Motivation. Prior works [6] suggest reverse-engineering (RE)-
based methods be used to identify Trojan-free ICs in order to
develop the golden models for other HT detection approaches.
However, there has not been any work devoted towards per-
forming this classication. One can only assume that papers
in the literature would assume a golden netlist and naively
apply all 5 RE steps (see Section II-A) to extract netlists from
all unknown chips. Only data from those chips with netlists
that match the golden netlist would be included in the golden
model.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCAD.2015.2488495, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
3

  160

  320

Pixels




  480

640




800


 160 320 480 640 800
  

   




 Pixels

(a) Trojan Free Case (TF) (b) Trojan Addition Case (TA) Fig. 3: Griding techniques. Part Fig. 4: Golden layout and SEM image of real
of metal1 layer of s298 bench- layout within one grid. Solid rectangle and
mark with grid size 160160 curve denote Z and Y respectively while
pixels is shown. rectangles in dashed line are Zin and Zout .
 

 










 




  


(c) Trojan Deletion Case (TD) (d) Trojan Parametric Case (TP)
Fig. 1: Example of three kinds of trojans. SEM image of metal1 layer is shown.
We feel that there are some issues with this naive approach.
First, some Trojans (e.g., parametric Trojans) can actually be
missed by only comparing netlists. Second, the effort required
by this naive approach is excessive. As [7] pointed out, RE
steps 4-5 are time-consuming and require manual input for
annotation and schematic read-back. Furthermore, [15] states
that reverse-engineering at advanced technology nodes such as
22nm is not feasible without access to the gate-level netlist.
This means that extracting the gate-level netlists from the
layout images (RE steps 4-5) will be infeasible in technologies
beyond 22nm.
In this paper, our goal is to develop a more efcient and
robust RE approach for solving the above classication prob-
lem. In our approach, we avoid extracting netlists altogether.
Instead, we develop a one-class SVM-based approach that
makes a classication decision based on features extracted
from the IC images. The key features of our approach are
ability to detect all the above Trojan cases in an efcient and
automated fashion. Details of our approach are discussed in
the following sections.
IV. T HE SVM A PPROACH
A. General Ideas
Assumptions. As discussed above, we wish to solve the
following classication problem: Given N ICs, classify each
as Trojan-free (TF) or Trojan-inserted (TI). To perform the
classication, we assume the following. We assume that the
original design is Trojan-free and Trojans have only been
inserted during fabrication. Formal verication and trusted (in-
house) design are two approaches that guarantee this. We also
assume that we have the original physical layout (referred to
as the golden layout) for all the layers of the IC. Since the
designer would ultimately come up with this layout and send
it to the foundry, it is reasonable to assume we have this.
Classication via SVM. Our approach utilizes the rst 3 steps
of reverse-engineeringto obtain internal images of each layer
(poly, metal1, etc.) for the ICs. Then we classify the ICs using
these images and support vector machines (see below). The
key of our approach is to solve a classication problem which

is dened in Section III using one-class SVM approach. We
give a quick recap of the approach here but direct interested



readers to [1] for a more detailed explanation.
Support Vector Machine (SVM) is a popular classication
approach which tries to classify some objects based on some
features extracted from them. SVM is rst trained on training
samples to obtain a classier and then uses this classier to
classify a given object. One-class SVM is used when training
samples from one class is available. This is exactly the case
for our application. The designer can obtain the training chips
by sampling from the manufactured chips. However, he does
not know whether they are Trojan-free or Trojan-infected. He
can only assume that they are Trojan-free and let the classier
detect those outliers (those chips that violate our Trojan-free
assumptions).
The overall approach is summarized in the block diagram
shown in Figure 2. We take as input the golden layout, N
chips to classify, and parameter values for grid size, noise
margin dnm , etc. The N chips undergo only rst 3 RE steps,
which result in images of each layer for all N chips. The next
step is to divide the images for each layer of all N chips into
non-overlapping grids. Breaking the images into smaller grids
allows us to parallelize or distribute the processing for each
grid. Then, features are extracted for all N chips for each grid
in each layer. We train the classier and obtain a decision
boundary for each layer using a subset of the chips (possibly
even just one chip). After training, we classify the grids in the
each layer of all the N chips as Trojan-free (TF) or Trojan-
inserted (TI) based on the -SVM decision boundaries of each
layer. Finally, we determine a label for each chip based on
these grid classications.
We elaborate on two things: feature extraction and the nal
classication of the chip based on the label of each grid.
B. Feature Selection
As discussed above, we break the images (layouts) into
smaller non-overlapping grids as shown in Figure 3. Features
are extracted from each grid by comparing the corresponding
grids of the IC under test (ICUT) with the golden layout grids
(which we know from design).
We illustrate many of our features with the help of Figure 4.
The RE image and golden layout of one grid are shown. Let Y
denote the structures in the layout image obtained by reverse-
engineering, which is the curly shape in the gure. Let Z
denote the structures in the golden layout, which is the solid
rectangle in the middle. Let Zin be Z scaled by a margin dnm .

0278-0070 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCAD.2015.2488495, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
Fig. 2: Block diagram of our SVM based Trojan detection approach.
Let Zout be Z expanded by dnm , which we call noise margin.
Zin and Zout correspond to two rectangles in dashed lines.
dnm represents noise in fabrication and reverse-engineering
process that is thought to be reasonable. Let Z denote the
complement of Z, where the universal set is the set containing
all the pixels in the grid (hence Z is the set of pixels outside
Z).
We select ve features which are determined based on area
and centroid differences between the RE and golden layouts.
Area differences. Our rst 3 features are obtained by calcu-
lating the intersection of different areas between the golden
layout and reverse-engineered layout. They are given by the
following equations
A(Y Zin )
f1 =
A(Zin )
A(Y Zout )
f2 =1
A(Y )
A(Y Zout )
f3 =1
A(Zout )
where A(Z) denotes the area of Z. Equation (1) captures
how much from the golden layout is missing in the reverse-
engineered layout while Equations (2) and (3) concentrate on
whether there is anything additional in the reverse-engineered
layout compared to the golden layout. The values of these
features should be 1 if no modications exist. When A(Zin ) =
0, which means there is no structure at all in the grid, we set
f1 = 1 meaning there is no deletion because there is nothing
to delete. When A(Y ) = 0 or A(Zout ) = 0, which means
either there is no addition or there is no way to add because
a grid of golden layout is entirely lled with structure, we set
f2 = 0 or f3 = 0 respectively.
The reason that we expand and shrink the original structure
by a margin and use them to get rst three features is based
on the following observation. Process variations and noises in
RE process tend to produce imperfections only outside Zin
and inside Zout . Thus, any differences within these areas are
regarded as acceptable while differences outside these areas
are suspicious.
Centroid differences. A centroid is dened as the geometric
center of a mass (e.g., see Figure 5). We calculate features
based on the difference between the centroid of the golden
layout and ICUT layout because not only do area differences
matter, but where these differences occur also matters. Figure 5
explains this in detail. The solid rectangle in the middle is
the structure in the golden layout while the shaded area is
the structure in the RE image for the ICUT. In both cases,
A(Y ) is the same. But in Figure 5(b), Y is more biased to
the left which indicates malicious deletion of the right portion.
In Figure 5(c), Y is more towards the center which indicates
0278-0070 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
4
(a) (b) (c)
Fig. 5: Illustration of centroid and use of centroid difference to distinguish two cases.
The cross and open dot denote the centroid of structures in the golden layout and
real layout respectively.
random RE and fabrication noise. Both cases will produce the
same f1 , f2 , f3 , but centroids will capture the difference.
Equations for the centroid difference features are as follows
(1)
|CX(Z) CX(Y )|
f4 = (4)
(2) grid s length
|CY (Z) CY (Y )|
f5 = (5)
(3) grid s height
where CX(Z) and CY (Z) denote the x and y coordinate of
Zs centroid.
C. Final Classication
The nal classication for each chip is decided by looking
at the number of grids classied as Trojan-Inserted (TI) and
their location. We do not classify a chip as TI if it has only a
few sparse TI grids. Rather, we assume that in order for the
chip to be classied at TI there must be at least n neighboring
TI classied grids in the chip. Neighboring grids can be
dened within layers (horizontally adjacent grids) and between
neighboring IC layers (vertically adjacent grids). This is based
on the following two observations. First, because of the grid
size we choose, most likely, the malicious modications will
not t in one grid. Thus two or more grids will be affected.
Second, malicious modications tend to be continuous. They
are either connected in some way on one layer or connected
to some other malicious modications through neighboring
layers. The maximum number of connected negative grids
gives us a notion of how large deviations from the golden
layout there are in the chip under test.
It is important to note that even if the attacker knows
such detection scheme, he cannot hide his Trojans either.
The reasons are as follows. To avoid detection, the attacker
has to make the interconnect discontinuous, i.e. to change
the interconnect to a different layer every other grid (metal
1, metal 2, metal 1, metal 2, . . . ). However, such abnormal
patterns will be easily agged suspicious by a rule-based
classier. The rule can be simply to check if there exists
a global interconnect that changes its layer (such as from
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCAD.2015.2488495, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
metal1 to metal2) every grid. Such interconnect will be agged
suspicious. If the cell it connects to is also suspicious, we
would classify the chip as Trojan-infected.
V. T HE K-M EANS C LUSTERING A PPROACH
The SVM approach introduced above is a parametric clas-
sication approach so its performance depends heavily on the
choice of several algorithm parameters. If these parameters are
not chosen properly, SVM may suffer from the problem of
over-tting which means it will learn the noise in the training
samples and has a very poor generalization ability. Moreover,
the SVM approach only classies each grid as Trojan-free or
Trojan-infected. It really does not give any specic information
about Trojan-infected grids like is there a malicious removal
of structures or is there a malicious addition of elements.
To tackle these problems, we will investigate the problem
as a clustering problem and introduce another powerful non-
parametric clustering method to solve this problem.
A. Revisit the Problem as A Clustering Problem
We have formulated the problem as a classication problem
in Section IV and apply one-class SVM to solve this problem.
In this subsection, we will investigate this problem and for-
mulate it in a clustering problem frame.
The clustering algorithms are used to group unlabeled data
into different clusters in the following way. Data belonging
to different clusters should be as different as possible while
data of the same cluster should be as close as possible. In
our proposed method, we want to group each grid of the IC
based on types of intrusions it has (no modications, malicious
addition, malicious deletion, etc.). The objective is to obtain
a clustering machine that can correctly group grids with no
modications into one cluster and group grids with different
types of malicious inclusions into other different clusters. After
the clustering is done, we could apply the technique introduced
in Section IV-C to determine the label for the whole IC.
B. General K-Means Clustering Approach
K-Means is a clustering technique that attempts to nd
a user-dened number (k) of clusters represented by their
centroids such that all data can be grouped into these clusters.
The K-Means algorithm takes as input the parameter k and
partitions a set of n data points into k clusters in such a way
that the resulting intra-cluster similarity is high but the inter-
cluster similarity is low.
To put it in a more rigorous way, K-Means clustering ap-
proach K-Means approach partitions a dataset DST consisting
 represented by feature vectors into k clusters:
of data points
DST = i=1,...,k Si , Si Sj = , i = j such that the
following criterion is minimized:
k 

E= ||x ci ||2
i=1 xSi
 mental modications that Trojans might make: addition and
x
where ci = xS |Si |
i
is the centroid of all data in cluster i [16].
Then each data point x is assigned a label i if x is closest to
ci . That is, assign x label i dened by:
0278-0070 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
5
i = arg min ||x ci ||2 (7)
i=1,...,k
Solving the above problem is computationally difcult (NP-
hard) and people have proposed the following heuristic [17]:
Dene number of clusters k
Initialize the k cluster centroids.
For all data points in the dataset, compute the distances
to the the centroids of all clusters. Assign each data point
to the cluster with the nearest centroid.
Recalculate k new cluster centroids resulting from the
previous step
Repeat step 3-4 until the centroids stop changing.
Note that unlike SVM approach which has two
phases:training and classication, K-Means does all the
things in one-shot. It groups all the data points into k clusters
and each data point will automatically be assigned to the
cluster with the nearest centroid. In this sense, all data points
can be viewed as training data.
Several challenges need to be addressed when applying the
standard K-Means approach to our problem:
The number of clusters need to be determined rst.
Like SVM, relevant features are needed for accuracy.
K-Means clustering approach is very sensitive to the
choice of the initial centroids. We need to select these
centroids carefully.
We will address these challenges in the next subsection.
C. Our K-Means Clustering based Approach
The overall ow of our proposed approach is shown in
Figure 6. Like what we did in the SVM approach, we need
to divide the image of layout into grids and extract features
from each grid to form feature vectors. Next we apply K-
Means clustering approach to group these feature vectors into
k clusters. As a nal step, we apply the same technique
introduced in Section IV-C. We say that grids which are in the
cluster that represents Trojan-free (TF) case TF grids. All the
rest grids are Trojan-infected (TI) grids. We count the number
of connected TI grids. If it exceeds a certain threshold, we say
that the chip is TI. We determine several key aspects of our
K-Means clustering approach as follows:
The number of clusters. As mentioned in Section V-A, we
would like to group the grids based on the types of intrusions
each grid has. Fundamentally there will be two kinds of
intrusions in each grid: the Trojan will either add or delete
some structures (note that parametric Trojans, which change
the parameters of a structure such as wire-width, is a special
case of one of these two cases). Considering that the grid can
also be Trojan-free, this gives a total of three clusters. That is,
we would like to group the grids of each IC into 3 clusters: one
represents Trojan-free case, one represents malicious addition
(6) case and one represents malicious removal case.
Feature selection. As mentioned above, there are two funda-
deletion. All modications that Trojans make can be seen as
a combination of these two. So we would like two features to
capture these two basic modications: the amount of addition
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCAD.2015.2488495, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
6

Fig. 6: Block diagram of our K-Means based Trojan detection approach.

TABLE I: Benchmarks used and classication accuracy rate averaged over 500
and the amount of deletion. Since features dened by Eqn (1) trials using SVM.
and (3) in Section IV-B give exactly what we want, we will Benchmark #gates Source TF TA TD TP
use these two features as our K-Means clustering features. We s27 57 ISCAS89 100% 100% 100% 99.8%
exclude other features described in Section IV-B from our K- s298 283 ISCAS89 100% 100% 100% 99.6%
s280 3455 ISCAS89 100 % 100% 100% 100%
Means clustering features because they are irrelevant. s15850 10984 ISCAS89 100% 100% 100% 99.8%
Initial centroids selection. Let x = (f1 , f3 ) be the feature s38417 30347 ISCAS89 100% 100% 100% 100%
b18 122559 ITC99 99.4% 100% 100% 100%
vector where f1 and f3 are dened by Eqn (1) and (3)
respectively. As discussed in Section IV-B, when there is no 
  
 
malicious deletion, f1 should be as close to 1 as possible.  

When there is no malicious addition, f3 should be as close to  

 
1 as possible. Thus our initial choice of the centroid of the








cluster that represents the Trojan-free case is (1,1). If there is


 
some malicious deletion, f1 would deviate signicantly from  

1. We choose (0.5, 1) as the initial centroid of the cluster that 
  

   


represents the malicious deletion case. Similarly, we choose
(1,0.5) as the initial centroid of the cluster that represents the
malicious addition case.
D. Merits of K-Means Clustering based Approach
Note that like SVM approach, K-Means based approach is
still a feature vector based layout-level comparison approach.
Therefore, it has all the advantages that SVM has over
traditional approaches. To name a few, it eliminates RE steps
4 and 5, allows for parallel extraction of features and accounts
for noise in the RE ICs. Besides, K-Means clustering based
approach has some additional advantages:
K-Means clustering approach is a non-parametric method.
Its performance does not rely on the choice of parameters
as heavily as SVM. So K-Means is very easy to work
with.
K-Means is a clustering approach so the cluster label of
each grid give an idea of what malicious modications
there are in the grid. For example, if a grid is in the cluster
that represents the malicious addition case, we know
that there might be malicious additions inside this grid.
Therefore, unlike SVM which could only classify the grid
as TF or TI, K-Means based approach allows more ne-
grained classication and gives more information about
the chip.
A thorough comparison between SVM and K-Means based
approach will be shown later in Section VI-D.
VI. E XPERIMENTS AND R ESULTS
A. Experiment Setup
Benchmarks. We tested our approaches on 6 publicly available
benchmarks (see Table I). They were all synthesized using
Cadence RTL Compiler with Synopsys 90nm Generic Library
and placed and routed with Cadence Encounter.
Golden layout extraction. The golden layout was then ob-
tained by GDSII le generated by Cadence Encounter tool.
0278-0070 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
  

   

(a) Golden layout (b) Real layout
Fig. 7: Simulation of process variations in reverse-engineering process
This le was later parsed by a Matlab script and used to
generate a binary image for each layer. Each pixel in the
image represents 5nm in reality. 1 in the image denotes there
are structures at that position in the golden layout while 0
denotes that there is nothing in the golden layout.
Trojan insertion. For each benchmark, we implemented three
kinds of malicious modications. We randomly duplicated one
component (a component is a collection of randomly selected
gates and the number of the gates in different components
varies from 1 to 10), deleted one component and selected one
gate and doubled its gate width. We will refer to these three
kinds of modications as Trojan addition (TA), Trojan deletion
(TD) and Trojan parametric (TP). We will refer to Trojan-
free chip as TF. For each class of the Trojan, we repeated
the component selection step 50 times to generate 50 Trojan
designs respectively for TA, TD and TP. We then simulated
fabrication and reverse-engineering noise (see Figure 7) and
generated 10 sample chips for each Trojan design. In total,
500 TA, 500 TD, and 500 TP sample chips were generated.
We also generated 500 sample chips for TF.
ICUT generation and noise. Using the same method as
golden layout extraction, we generated binary images for these
modied designs. To simulate process variations in fabrication
and reverse-engineering, we added some random noise to these
binary images. Figure 7 shows the noise. Those images with
noise would be used as SEM images of ICUT.
B. One-Class SVM based Approach
We refer the readers to [1] for detailed experimental setup
and results. Here, we only show the classication accuracy
rate (dened in Eqn (8)) of the SVM-based approach for
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCAD.2015.2488495, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
7

TABLE II: Chip classication accuracy rate averaged over 500 trials using K-Means TABLE III: Chip classication accuracy percentage averaged over 500 trials using
clustering based approach SVM and K-Means clustering based approach under different noise levels

Benchmark TF TA TD TP Noise Level Small

s27 100% 100% 100% 98.8% TF TA TD TP

s298 100% 100% 100% 97.6% #Training Chips K S K S K S K S
s280 99.2% 100% 100% 99.6% 5 100 100 100 100 100 100 100 100
s15850 97.2% 100% 100% 98.4% 4 100 100 100 100 100 100 100 100
s38417 100% 100% 100% 100% 3 100 100 100 100 100 100 96.4 98.8
b18 99.0% 100% 100% 98.8% 2 100 92.4 85.2 100 100 100 82.8 98.2
1 92.8 90.4 45.8 100 100 100 40.4 94.6
Noise Level Medium
5 28.6 100 100 100 100 100 100 100
comparison purpose (see Table I). Note that different from [1], 4 17.4 93.8 100 100 100 100 100 100
3 12.6 96.4 100 100 100 100 100 100
the results are averaged over 500 trials. 2 13.8 91.2 88.2 100 100 97.6 86.4 99.6
1 9.6 89.2 86.2 100 100 93.2 81.2 100
#mislabeled chips
racc = (8) Noise Level Large
#chips under test 5 0 87.4 100 100 100 4.2 100 100
4 0 77.2 100 100 100 18.6 100 97.2
3 0 75.8 100 100 100 23.2 100 98.4
C. K-Means Clustering based Approach 2 0 71.2 100 100 100 28.6 100 97.4
1 0 79.6 100 100 100 30.4 100 96.2

1) Experiments and Results Recorded: We generated 500
K stands for K-Means clustering based method
S stands for SVM based method
TF, 500 TA, 500 TD and 500 TP chips. K-Means clustering
approach introduced in Section V was then applied and each
chip was classied as Trojan-free or Trojan-infested. The into K-Means clustering approach. During this step, training
algorithm consumes the most time in extracting features from ICs are used to obtain k centroids and these k centroids are
each grids. All other things are almost instantly done, which xed after the training step is done. Then when a new IC needs
is the same as SVM (thus the total run time is almost the same to be classied, each grid of this IC is assigned to the cluster
as SVM). Accuracy rate dened in Equation (8) was recorded with nearest centroid and nal classication step is done to
for each case. This whole process was repeated for 500 trials classify the whole IC as Trojan-free or Trojan-infected.
and accuracy rate was averaged over these 500 trials. We also vary the amount of noise in the reverse-engineering
2) Results and Discussion: Table II demonstrates that our process (shown in Figure 7) . We choose three different noise
K-Means clustering based method can detect three kinds of levels and test the performance of two methods under these
malicious modications, including malicious addition, dele- three noise levels. Note that we introduce the noise margin
tion and parametric changes, with high accuracy rate while in Section IV-B. Thus large noise means there is a large
recognizing Trojan-free chips reliably. difference between our estimated noise margin and the true
value of this parameter while small noise means that our
D. A Comparison of Two Approaches estimation is pretty close to its true value. The results in
Table I and Table II show that both SVM based approach Table III show the following:
and K-Means clustering based approach can achieve very high When the noise level is small, both methods can classify
accuracy rate on all benchmarks while giving very few false the chip correctly with very high accuracy rate given
positives. To see the limitations of each method, we x s298 as enough training samples. However, as the number of
our benchmark and test the performance of each method with training samples decreases, the performance of one-class
different number of training chips under different noise levels. SVM degrades slightly while K-Means clustering breaks
We have previously stated that one huge advantage of our down quickly. This implies that one-class SVM needs
methods is that we do not require a golden chip to be available much less training samples than K-Means clustering ap-
to classify all the chips. However, in some cases, such a golden proach and thus has a much better generalization ability.
chip might indeed be available. Thus during this subsection, When the noise level increases, the performance of
we will distinguish between two cases where a golden chip is both methods degrades and K-Means clustering approach
available and where no golden chips are available. breaks down faster. When the noise level increases even
1) No Golden Chips Are Available.: This is the initial further, K-Means clustering approach completely lost its
motivation of this paper: to verify a chip is Trojan-free when efcacy (its performance is the same as a naive classier
no golden chips are available. In this case, it is reasonable which always classies a chip as Trojan-infected) while
to assume that each chip is from TF/TA/TD/TP class with SVM approach can still make some right classications.
an equal probability without any prior knowledge (such as This implies that SVM approach is more resistant to the
the trustworthiness of the foundry). We vary the number of noise in the dataset than K-Means.
training chips from 1 to 5 and the training process assumes that 2) A Golden Chip Is Available: This is a very strong
the chips belong to any of the four cases with equal probability. assumption and is very often not true. We only make this
Note that K-Means clustering approach does not need assumption to see whether the availability of a golden chip will
training steps, instead it uses all the chips available and does help improve the performance of the two methods. Note that
clustering in one shot. Therefore, to gain a fair comparison, we have shown that our proposed two methods will classify
we modify K-Means clustering approach slightly to x the the chip correctly without this assumption.
number of training chips. To do this, we add a training step In this experiment, we will use only one chip, which is a

0278-0070 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCAD.2015.2488495, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
TABLE IV: Chip classication accuracy rate averaged over 500 trials using SVM
and K-Means clustering based approach with one training chip
TF TA
Noise Level K S K S K S
Small 84.8 88.2 95.4 100 100
Medium 36.2 61.4 81.8 100 100
Large 0 66.4 100 100 98.2
TABLE V: A comparison between SVM and K-Means clustering approach
SVM
Performance depends on parameter? Heavily
Number of training samples needed Small
Generalization ability Good
Training speed Fast
Sensitive to noise No
Allow ne-grained classication? No
Trojan-free chip as the training chip to train SVM/K-Means
clustering machine. We will then generate 500 TF chips,
500 TA chips, 500 TD chips and 500 TF chips and test the
classication accuracy rate over these test chips. We also vary
the amount of noise in the reverse-engineering process.
Note that one issue when training K-Means clustering
machine using one Trojan-free chip is that all data points will
converge to only one cluster which represents the Trojan-free
case. We cannot get the centroids of the other two groups. This
means we can and only can learn how much variation will be
made by the reverse-engineering process. One way to get out
of this dilemma is to introduce a threshold number which
represents the amount of deviations acceptable. We use this
threshold together with the rst cluster center to generate the
cluster center of the other two clusters. For example, we get
a cluster center (0.98, 0.97) during training. We consider =
50% amount of noise to be reasonable. We can generate the
second cluster center as (0.98 (1 ), 0.97) = (0.49, 0.97)
and the third cluster center as (0.98, 0.97 (1 )) =
(0.98, 0.485). After obtaining these cluster centers, we can
proceed using the modied K-Means clustering approach as
described in Section VI-D1.
Throughout this experiment, we set = 50%. The results
are listed in Table IV. Compared with III, we see that the
availability of golden chips help improve the accuracy rate of
K-Means clustering approach a lot while it does not help the
SVM approach. This is because the availability of a golden
chip will help K-Means clustering approach gure out the
center of the Trojan-Free cluster accurately. This will improve
the overall classication accuracy. On the other hand, one-
class SVM does not have a way to employ the fact that the
training chip is golden thus its performance does not improve.
E. Final Discussion
We now give a thorough comparison of two approaches in
Table V. We can conclude that when SVM usually performs
better than K-Means clustering approach. This is expected
because SVM is a more sophisticated approach. However,
SVM needs several parameters to be tuned and can be hard
to train. K-Means clustering approach, on the other hand, is
a less complexed model and easy to train. Besides, it gives
extra information about Trojan-infected grids. However, it is
more sensitive to noise. Therefore, when we need to know
0278-0070 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
8
more information, like what kind of malicious modications
TD TP
are made, about a chip besides the only fact that it is Trojan-
K S infected or when there it is very hard to tune the parameters
100 96.4 99.2
100 88.2 98.2
of SVM, we should use K-Means clustering based approach.
39.4 100 100 When it is very hard for us to estimate the exact value
of noise margins (when the noise is large), we should use
SVM approach. In all other cases where both approaches are
K-Means applicable, we should use SVM as often as possible since it
No
Many
shows a better performance in general.
Not as good as SVM
Comparable
Yes VII. C OMPARISON W ITH OTHER A PPROACHES
Yes
In this section, we go over some of the existing detection
approaches in the literature and argue why our approach is
favored over others.
Functional testing based approaches may fail to work when:
a Trojan is not triggered during testing; the effect of the
Trojan is not observable from primary outputs. The side-
channel analysis approaches suffer from process variations and
perform poorly on the detection of small Trojans. Reverse-
engineering based approaches, on the other hand, are arguably
among the strongest detection approaches. Our approach can
detect Trojans that are hard to be detected by other approaches.
For example, attacks on the global interconnect such as wire
sizing are very hard to be captured by side-channel analysis.
However, it is guaranteed that our approach will detect it.
The performance of functional testing strongly depends on
the coverage of automatic test pattern generation (ATPG). If
the Trojan trigger is not covered by ATPG, then the Trojan will
most likely remain undetected. Even with advanced techniques
such as [4], the coverage for the Trojan is only 68.35% for
benchmark s15850 for 4 trigger nodes, while our approaches
can achieve over 98.4% detection accuracy.
Some side-channel analysis based approaches try to enhance
the signal to noise ratio during detection, and can achieve
100% accuracy on s15850 [18]. However, they require the
existence of a golden chip which is very hard to verify or
obtain. Other side-channel analysis approaches try to eliminate
the golden chip assumption by using self-referencing, but due
to process variations, the performance is not very good (85%
for s15850 in [19]). On the contrary, our approaches eliminate
the golden chip assumption and perform very well. They can
be used to verify that a chip is golden for other approaches.
Recently a novel side-channel analysis approach based on
gate-level characterization (GLC) has been proposed [20].
GLC is the process of characterizing each gate of an integrated
circuit (IC) in terms of its physical properties. It eliminates
the need for a golden chip and achieves very high accuracy.
However, their work cannot detect attacks on the global
interconnect while ours can.
VIII. C ONCLUSION
In this paper, we applied K-means clustering to RE based
Trojan detection approach. It is efcient in storage space, do
not require the existence of a golden chip and is robust to
variations in fabrication and RE process. The experimental
results on several publicly available benchmarks show that
very high Trojan detection accuracy can be achieved. A
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCAD.2015.2488495, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
9

thorough comparison of the proposed approach and [1] is Chongxi Bao Chongxi Bao (S14) received his B.S.
conducted and suggested application scenarios are provided. degree in Mechanical Engineering from Tsinghua
University, Beijing, China in 2008. He is currently
pursuing his Ph.D. degree in the ECE department at
R EFERENCES University of Maryland, College Park.
His current research interests include trusted hard-
[1] C. Bao, D. Forte, and A. Srivastava, On application of one-class ware design, IC anti-counterfeiting, and security
SVM to reverse engineering-based hardware trojan detection, in Quality issues in 3D Integrated Circuits.
Electronic Design (ISQED), 2014 15th International Symposium on.
IEEE, 2014, pp. 4754.
[2] R. Karri, J. Rajendran, and K. Rosenfeld, Trojan taxonomy, in Intro-
duction to Hardware Security and Trust, M. Tehranipoor and C. Wang,
Eds. Springer New York, 2012, pp. 325338.
[3] Xuehui Zhang and M. Tehranipoor, Case study: Detecting hardware
trojans in third-party digital IP cores, May, pp. 6770.
[4] R. Chakraborty, F. Wolff, S. Paul, C. Papachristou, and S. Bhunia,
MERO: a statistical approach for hardware trojan detection, in Cryp-
tographic Hardware and Embedded Systems - CHES 2009, ser. Lecture
Notes in Computer Science, C. Clavier and K. Gaj, Eds. Springer
Berlin Heidelberg, 2009, vol. 5747, pp. 396410.
[5] Y. Jin and Y. Makris, Hardware trojans in wireless cryptographic
integrated circuits, Design & Test, IEEE, vol. PP, no. 99, pp. 11,
2013. Domenic Forte Domenic Forte (S09M13) re-
[6] S. Narasimhan and S. Bhunia, Hardware trojan detection, in Introduc- ceived the B.S. degree in Electrical Engineering
tion to Hardware Security and Trust. Springer, 2012, pp. 339364. from Manhattan College, Riverdale, NY, USA, in
[7] R. Torrance and D. James, The state-of-the-art in semiconductor reverse 2006, and the M.S. and Ph.D. degrees in Electri-
engineering, in Proceedings of the 48th Design Automation Conference. cal Engineering from the University of Maryland,
ACM, 2011, pp. 333338. College Park, MD, USA, in 2010 and 2013, respec-
[8] A. Baumgarten, M. Steffen, M. Clausman, and J. Zambreno, A case tively.
study in hardware trojan design and implementation, International From 2013 to 2015, he was an Assistant Professor
Journal of Information Security, vol. 10, no. 1, pp. 114, 2011. of the Department of Electrical and Computer Engi-
[9] M. Tehranipoor and F. Koushanfar, A survey of hardware trojan neering, University of Connecticut in Storrs, CT. He
taxonomy and detection, Design & Test of Computers, IEEE, vol. 27, is currently an Assistant Professor with the Electrical
no. 1, pp. 1025, 2010. and Computer Engineering Department, University of Florida, Gainesville,
[10] Y. Jin and Y. Makris, Proof carrying-based information ow tracking FL, USA, where he has been since July 2015. His research is primarily focused
for data secrecy protection and hardware trust, in VLSI Test Symposium on the domain of hardware security and includes investigation of hardware
(VTS), 2012 IEEE 30th. IEEE, 2012, pp. 252257. security primitives, hardware Trojan detection and prevention, security of the
[11] H. Salmani, M. Tehranipoor, and J. Plusquellic, A novel technique electronics supply chain, and anti-reverse engineering. He has served on the
for improving hardware trojan detection and reducing trojan activation program committees of several workshops and conferences in addition to
time, Very Large Scale Integration (VLSI) Systems, IEEE Transactions serving as session chair in many technical events.
on, vol. 20, no. 1, pp. 112125, Jan. 2012. Dr. Forte was a recipient of the Northrop Grumman Fellowship and the
[12] S. Narasimhan, X. Wang, D. Du, R. Chakraborty, and S. Bhunia, George Corcoran Memorial Outstanding Teaching Award by the Electrical and
TeSR: a robust temporal self-referencing approach for hardware trojan Computer Engineering Department at University of Maryland. His work has
detection, in Hardware-Oriented Security and Trust (HOST), 2011 been recognized through several best paper awards and nominations, including
IEEE International Symposium on, Jun. 2011, pp. 71 74. Adaptive Hardware Systems (AHS) 2011 and Design Automation Conference
[13] S. Narasimhan, Dongdong Du, R. Chakraborty, S. Paul, F. Wolff, (DAC) 2012.
C. Papachristou, K. Roy, and S. Bhunia, Multiple-parameter side-
channel analysis: A non-invasive hardware trojan detection approach,
pp. 1318.
[14] Y. Shiyanovskii, F. Wolff, A. Rajendran, C. Papachristou, D. Weyer, and
W. Clay, Process reliability based trojans through nbti and hci effects,
in Adaptive Hardware and Systems (AHS), 2010 NASA/ESA Conference
on. IEEE, 2010, pp. 215222.
[15] S. M. Plaza and I. L. Markov, Solving the third-shift problem in ic
piracy with test-aware logic locking, 2015.
[16] D. Fradkin and I. Muchnik, A study of k-means clustering for im-
proving classication accuracy of multi-class SVM, Technical Report.
Rutgers University, New Brunswick, New Jersey 08854, Tech. Rep.,
2004.
[17] A. Chandrasekhar and K. Raghuveer, Intrusion detection technique Ankur Srivastava Ankur Srivastava (S00M02)
by using k-means, fuzzy neural network and SVM classiers, in received his B.Tech in Electrical Engineering from
Computer Communication and Informatics (ICCCI), 2013 International Indian Institute of Technology Delhi in 1998, M.S.
Conference on. IEEE, 2013, pp. 17. in ECE from Northwestern University in 2000 and
[18] M. Banga and M. S. Hsiao, A novel sustained vector technique for the Ph.D. in Computer Science from UCLA in 2002. He
detection of hardware trojans, in VLSI Design, 2009 22nd International is currently a Full Professor in the ECE department
Conference on. IEEE, 2009, pp. 327332. with joint appointment with the Institute for Systems
[19] M. Li, A. Davoodi, and M. Tehranipoor, A sensor-assisted self- Research at University of Maryland, College Park.
authentication framework for hardware trojan detection, in Proceedings He is the associate editor of IEEE Transactions
of the Conference on Design, Automation and Test in Europe. EDA on VLSI and INTEGRATION: VLSI Journal.
Consortium, 2012, pp. 13311336.
[20] S. Wei and M. Potkonjak, Scalable hardware trojan diagnosis, Very
Large Scale Integration (VLSI) Systems, IEEE Transactions on, vol. 20,
no. 6, pp. 10491057, 2012.

0278-0070 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.