Robust hardware Trojan detection leveraging dual-domain features and stacked ensemble learning

Cyber-physical systems rely on sensors, communication, and computing, all powered by integrated circuits (ICs). These ICs are vulnerable to malicious hardware attacks, with hardware Trojans being one of the stealthiest threats. Trojans are malicious implants in the circuitry, which are often inserted during design or fabrication stages. This stealthy addition remains dormant until triggered and might cause functional disruptions or sensitive information leakage once triggered. Traditional IC validation methods, such as functional testing and logic analysis, usually fail to capture these subtle anomalies because hardware Trojans are intentionally designed to mimic normal circuit behavior. They often remain dormant under standard test vectors, and the changes they bring into power consumption, timing, and area are minimal. We present a dual-domain feature extraction strategy that combines time-domain features with frequency-domain characteristics of power traces. For the detection, we created an artificial intelligence (AI) based robust Trojan detection framework that integrates traditional machine learning models, such as random forest (RF), gradient boosting (GB), naïve bayes (NB), and deep learning models, such as deep neural network (DNN), long short-term memory (LSTM), and graph neural network (GNN). In this study, we consider these models as baseline AI models to detect Trojan-infected circuits via side-channel power analysis. We employed a stacked ensemble classifier that integrates the distinct strengths of the six baseline models used in this study. After evaluating our stacking ensemble-based detection method on the advanced encryption standard (AES)-Trojan benchmark, which covers diverse Trojan types, the results demonstrate that the ensemble method consistently outperformed all six baseline models. The ensemble-based detection method achieved a macro-averaged area under the receiver operating characteristic (ROC) curve (AUC) of 0.987, while remaining golden-chip-free, meaning it does not rely on a trusted reference IC for baseline comparison. Instead it detects anomalies directly from observable characteristics of untrusted chips, such as side-channel emissions.