Automated Hardware Trojan Insertion in Industrial-Scale Designs
This work addresses the evaluation gap for hardware security researchers by providing scalable, reproducible challenge instances without ethical risks, though it is incremental in automating existing HT insertion concepts.
The paper tackles the problem of evaluating hardware-Trojan detectors on realistic industrial-scale designs by developing an automated methodology to generate HT-like patterns in large netlists, and it shows that state-of-the-art graph-learning models fail to detect these Trojans in the generated benchmarks.
Industrial Systems-on-Chips (SoCs) often comprise hundreds of thousands to millions of nets and millions to tens of millions of connectivity edges, making empirical evaluation of hardware-Trojan (HT) detectors on realistic designs both necessary and difficult. Public benchmarks remain significantly smaller and hand-crafted, while releasing truly malicious RTL raises ethical and operational risks. This work presents an automated and scalable methodology for generating HT-like patterns in industry-scale netlists whose purpose is to stress-test detection tools without altering user-visible functionality. The pipeline (i) parses large gate-level designs into connectivity graphs, (ii) explores rare regions using SCOAP testability metrics, and (iii) applies parameterized, function-preserving graph transformations to synthesize trigger-payload pairs that mimic the statistical footprint of stealthy HTs. When evaluated on the benchmarks generated in this work, representative state-of-the-art graph-learning models fail to detect Trojans. The framework closes the evaluation gap between academic circuits and modern SoCs by providing reproducible challenge instances that advance security research without sharing step-by-step attack instructions.