Recently, due to the increase of outsourcing in integrated circuit (IC) design and manufacturing, the case that malicious third party vendors insert a malicious circuit, called a hardware-Trojan, into their products has been increasing. To detect the hardware Trojans, machine-learning-based hardware-Trojan detection methods for gate-level netlists using neural networks have been proposed. In these methods, 51 feature values and 11 feature values for detecting hardware Trojans were proposed.
On the other hand, adversarial examples (AE) attacks, which add perturbation to circuits, have also been reported. These attacks can actually decrease the identification rate of detecting Trojan nets.
In this paper, we set up two classifiers which consist of 51 and 11 feature values respectively and compare the robustness of them when they classify the circuits with AE attacks. The experimental results show that the classifier using 51 feature values performed better against AE attacks.