<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE article PUBLIC "-//NLM//DTD Journal Publishing DTD v3.0 20080202//EN" "http://dtd.nlm.nih.gov/publishing/3.0/journalpublishing3.dtd">
<article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" dtd-version="3.0" xml:lang="en" article-type="research article">
 <front>
  <journal-meta>
   <journal-id journal-id-type="publisher-id">
    jcc
   </journal-id>
   <journal-title-group>
    <journal-title>
     Journal of Computer and Communications
    </journal-title>
   </journal-title-group>
   <issn pub-type="epub">
    2327-5219
   </issn>
   <issn publication-format="print">
    2327-5227
   </issn>
   <publisher>
    <publisher-name>
     Scientific Research Publishing
    </publisher-name>
   </publisher>
  </journal-meta>
  <article-meta>
   <article-id pub-id-type="doi">
    10.4236/jcc.2025.134013
   </article-id>
   <article-id pub-id-type="publisher-id">
    jcc-142296
   </article-id>
   <article-categories>
    <subj-group subj-group-type="heading">
     <subject>
      Articles
     </subject>
    </subj-group>
    <subj-group subj-group-type="Discipline-v2">
     <subject>
      Computer Science 
     </subject>
     <subject>
       Communications
     </subject>
    </subj-group>
   </article-categories>
   <title-group>
    A Survey on AI-Augmented Secure RTL Design for Hardware Trojan Prevention
   </title-group>
   <contrib-group>
    <contrib contrib-type="author" xlink:type="simple">
     <name name-style="western">
      <surname>
       Raj
      </surname>
      <given-names>
       Parikh
      </given-names>
     </name>
    </contrib>
    <contrib contrib-type="author" xlink:type="simple">
     <name name-style="western">
      <surname>
       Khushi
      </surname>
      <given-names>
       Parikh
      </given-names>
     </name>
    </contrib>
   </contrib-group> 
   <aff id="affnull">
    <addr-line>
     aAltera Corporation, San Jose, USA
    </addr-line> 
   </aff> 
   <pub-date pub-type="epub">
    <day>
     16
    </day> 
    <month>
     04
    </month>
    <year>
     2025
    </year>
   </pub-date> 
   <volume>
    13
   </volume> 
   <issue>
    04
   </issue>
   <fpage>
    197
   </fpage>
   <lpage>
    209
   </lpage>
   <history>
    <date date-type="received">
     <day>
      18,
     </day>
     <month>
      March
     </month>
     <year>
      2025
     </year>
    </date>
    <date date-type="published">
     <day>
      25,
     </day>
     <month>
      March
     </month>
     <year>
      2025
     </year> 
    </date> 
    <date date-type="accepted">
     <day>
      25,
     </day>
     <month>
      April
     </month>
     <year>
      2025
     </year> 
    </date>
   </history>
   <permissions>
    <copyright-statement>
     © Copyright 2014 by authors and Scientific Research Publishing Inc. 
    </copyright-statement>
    <copyright-year>
     2014
    </copyright-year>
    <license>
     <license-p>
      This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/
     </license-p>
    </license>
   </permissions>
   <abstract>
    Once, discreet circuit elements, called components, were heaped up on boards inside steel cages using wire-lead technology in just five short years. Fast forward to today, and your computer CPU fits about half an inch square on a chip. Both this constant miniaturization of electronic circuits and the rapid growth in the prevalence of third-party intellectual property parts have made hardware protection more worrisome than ever. Among all these issues, Hardware Trojans (HTs)—which represent corrupted or harmful additions during various design and fabrication stages—pose significant threats to system integrity, privacy of data, and essential infrastructure. This survey gives an in-depth look at how AI can enhance RTL security. It classifies these AI-based techniques into four main categories: GNNs, for instance, can be used to estimate the topology of circuits, extract structural characteristics, and thus find where some corruption has occurred. The SALTY framework applies Jumping-Knowledge GNNs to improve the accuracy location for hardware Trojans. Deep Learning in Side-Channel and Power-Analysis Techniques: Deep learning methods—such as Siamese Neural Networks (SNNs) and Long Short-Term Memory (LSTM) models—have been developed to detect abnormalities brought about by Trojans in power consumption or electromagnetic (EM) radiation, granting non-invasive practices clear security benefits. In conjunction with AI, research teams are now building nearest-neighbor classifiers and decision trees and using reinforcement learning (RL) to recognize occurrences of Trojans inside RTL code. Some research uses Verilog/VHDL conditional statements as features for ML, making it possible for early warning signals to be effectively detected and introducing a proactive security mechanism during the design phase. A step-by-step methodology has evolved for prevention measures such as logic locking and layout hardening, which aims against a splendid prospect within reach. The TroLLoc framework uses logic obfuscation combined with security-aware placement and routing, thus mitigating security exposures post-design.
   </abstract>
   <kwd-group> 
    <kwd>
     Logic Locking
    </kwd> 
    <kwd>
      Deep Learning in Power Analysis
    </kwd> 
    <kwd>
      Siamese Neural Networks (SNNs)
    </kwd> 
    <kwd>
      Jumping-Knowledge GNNs
    </kwd> 
    <kwd>
      Verilog/VHDL Code Analysis
    </kwd>
   </kwd-group>
  </article-meta>
 </front>
 <body>
  <sec id="s1">
   <title>1. Introduction</title>
   <p>The globalization of the integrated circuit (IC) supply chain has brought significant challenges to the security and trustworthiness of hardware. Adopting the fabless semiconductor model, in which companies outsource design, fabrication, and verification to third parties, further increases the risk of malicious alterations in the form of hardware Trojans (HTs) <xref ref-type="bibr" rid="scirp.142296-1">
     [1]
    </xref>.</p>
   <p>Hardware Trojans are low-profile changes to circuit design that can infiltrate sensitive data, sabotage system performance, or, in extreme cases, endanger the security of vital national infrastructure such as defense, health, traffic, and finance <xref ref-type="bibr" rid="scirp.142296-2">
     [2]
    </xref>.</p>
   <p>The complexity of modern IC designs and the widespread use of third-party IP cores pose further difficulties in detecting hardware Trojans. Traditional methods such as rule-based design verification (e.g., LVS and DRC checks), side-channel analysis, and functional testing have limitations: scalability issues and high false positives or negatives rates. They are also ill-equipped to deal with continuously evolving attack vectors <xref ref-type="bibr" rid="scirp.142296-3">
     [3]
    </xref>.</p>
   <p>Researchers are now using AI and machine learning (ML) techniques to generate new tools for design verification. Among these are Graph Neural Networks (GNNs), Siamese Neural Networks (SNNs), reinforcement learning (RL), and explainable AI (XAI), all to identify and mitigate Trojans <xref ref-type="bibr" rid="scirp.142296-4">
     [4]
    </xref>.</p>
   <p>This paper divides the AI-based RTL Security Methodology into four broad camps, each with its vigorously implemented badge:</p>
   <p>Graph-based detection techniques, which identify vulnerabilities from signal power levels.</p>
   <p>Power side-channel analysis featuring opportunities for greater power use.</p>
   <p>RTL machine learning models are designed to find and model new threats before they become real.</p>
   <p>Proactive logic locking mechanisms, as well as encrypting and decrypting keys.</p>
   <p>Through a thorough investigation and comparison of existing research on AI-based detection frameworks for Trojans, this paper aims to highlight some key difficulties, discuss recent advances in research, and suggest future research directions for buttressing data-security methods in upcoming generations of semiconductors.</p>
   <sec id="s1_1">
    <title>1.1. Key Challenges</title>
    <p>Scalability and Complexity: It’s impractical to verify modern ICs with billions of transistors manually. Many AI methods are not very good at this scale, mainly when they rely on deep neural networks as the learning models and graph theory as a coordination mechanism.</p>
    <p>False Positives and Detection Accuracy: Traditional functional verification methods, such as those used in side-channel analysis, are no guide for distinguishing between benign circuit variation and real Trojans because of the broad range of disturbances caused by today’s design techniques. If AI fraud measures are to work, they can have just two attribute sensitivity, or operational drawbacks.</p>
    <p>Golden Model Dependency: Many current approaches assume you always have a ‘golden’ reference IC. However, COTS components off the shelf do not provide global wiring as stated. Colleagues are testing AI methods using self-referencing side-channel analysis and dynamic post-processing ML models.</p>
    <p>Adaptive Hardware Attacks: Evading Trojans are forever improving. They repeatedly fool detection systems using low-power triggers, dynamic activation schemes, and hidden gates, requiring AI models to adjust in real-time for even the tiniest alteration or distortion.</p>
    <p>Security of Logic Locking Techniques: There are specific difficulties with existing logic locking and layout hardening methods. They preclude the insertion of Trojans directly into a chip. Still, according to recent research uncovered by some of our colleagues here at Columbia University, such chips have proven leaky in an embarrassingly short time. Furthermore, an AI-based testing framework should evaluate how well these protective devices operate and what can be done to improve them.</p>
   </sec>
   <sec id="s1_2">
    <title>1.2. Scope of Paper</title>
    <p>These methods contain a class of techniques based on AI content examination, including the following few:</p>
    <p>Graph-Based Hardware Trojan Detecting Method</p>
    <p>For (Jumping Knowledge) GNN-SALTY is a programmable RTL security model relying on Graph Neural Networks <xref ref-type="bibr" rid="scirp.142296-2">
      [2]
     </xref>. Graph-based features represent the geographical orientation of infected nodes in IC layouts and network volumes <xref ref-type="bibr" rid="scirp.142296-5">
      [5]
     </xref>.</p>
    <p>AI and Side-Channel Analysis for Hardware Security</p>
    <p>Deep learning techniques, such as Siamese Neural Networks and LSTMs (Long Short-Term Memories), are deployed in compromised ICs to identify power or EM signal anomalies <xref ref-type="bibr" rid="scirp.142296-6">
      [6]
     </xref> <xref ref-type="bibr" rid="scirp.142296-7">
      [7]
     </xref>. Methods using self-reference to lessen the reliance on the Golden chip <xref ref-type="bibr" rid="scirp.142296-3">
      [3]
     </xref>.</p>
    <p>Machine Learning for RTL Code Analysis Programs</p>
    <p>Machine Learning performed RTL verifying based on various principles, such as K-nearest neighbor classifiers, decision trees, and reinforcement learning [6]. In feature engineering, IP verification methods with Verilog/VHDL code scanning are also known as Hardware Trojan Detection <xref ref-type="bibr" rid="scirp.142296-8">
      [8]
     </xref>.</p>
    <p>Logic Locking and Secure ICs</p>
    <p>Logic obscuration and security-aware placement/routing combined in the TroLLoc Framework <xref ref-type="bibr" rid="scirp.142296-9">
      [9]
     </xref>. AI-powered vulnerability assessments can help locate the weak points in locked circuits and exposed data hazards <xref ref-type="bibr" rid="scirp.142296-5">
      [5]
     </xref>.</p>
   </sec>
   <sec id="s1_3">
    <title>1.3. Significance of Study</title>
    <p>This research results are significant for trust, data integrity, and business continuity. Therefore, it is essential to improve this technology in industries concerned with these problems—automobile manufacturing, aerospace, healthcare information systems (for both general practitioners and family planning secrets), etc.—as well as government organizations such as intelligence departments and the NSA.</p>
    <p>Significant contributions of this report included:</p>
    <p>Combining new theory with concrete applications</p>
    <p>This article unifies some of the basic research on PUF that has been done in recent years. It also examines how to implement practical security in this new era with artificial intelligence and related technology and realize and realize quantum-resistant architectures <xref ref-type="bibr" rid="scirp.142296-10">
      [10]
     </xref>.</p>
    <p>Promoting AI-driven security solutions</p>
    <p>The paper is testing the performance of AI-based detection algorithms. It examines the effectiveness of machine learning defense models for things like protecting against side-channel attack satellite transmissions or hardware Trojan horses <xref ref-type="bibr" rid="scirp.142296-6">
      [6]
     </xref>. It also considers how monitoring equipment can best combat the problem of pirates stealing your intellectual property.</p>
    <sec id="s1">
     <title>2. Content Reviewed and Recent Works</title>
     <p>As for the methods of Hardware Trojans detection</p>
     <p>Researchers have made innumerable attempts to detect and remedy hardware trojans (HTs). The earliest methods attempted to use are functional verification, circuit design analysis, and formal verification. Each of these had limitations:</p>
     <p>A. They could not find non-functional trojans, B. needed exhaustive manual analysis to get program information and relied upon frame models <xref ref-type="bibr" rid="scirp.142296-11">
       [11]
      </xref>.</p>
     <p>Although this resulted in efficiency improvements and greatly enhanced scalability, machine learning (ML) and artificial intelligence (AI) are still evolving.</p>
     <p>A typical early AI-based detection model, GNN4, used Graph Neural Networks (GNNs) to automatically extract RTL security and targeting features, etc. <xref ref-type="bibr" rid="scirp.142296-12">
       [12]
      </xref>. Other works used deep learning techniques, such as Siamese Neural Networks (SNNs) associated with Side Channel Analysis, plus the use of Long Short-Term Memory (LSTM) Models to track power and EM signatures corresponding to hardware trojans <xref ref-type="bibr" rid="scirp.142296-6">
       [6]
      </xref>.</p>
     <p>More recently, GNN4HT has extended its range from FPGAs to gate-level and RTL designs. This addressed situations where class similarity was significant, and data augmentation was limited <xref ref-type="bibr" rid="scirp.142296-13">
       [13]
      </xref>.</p>
     <p>New AI-augmented Safety in RTL and Gate-Level Designs</p>
     <p>Explainable AI (XAI) is a recently developed technology with promise, especially in hardware Trojan localization and security-aware anomaly detection. Some results under the SALTY framework use Jumping-Knowledge (JK) GNNs to extract patterns, thereby improving resolution for trojans <xref ref-type="bibr" rid="scirp.142296-2">
       [2]
      </xref>.</p>
     <p>ML-based detection frameworks, such as SVM, decision trees, and reinforcement learning (RL), have applied RTL-level verification, extracting security-sensitive patterns from conditional statements in Verilog/VHDL <xref ref-type="bibr" rid="scirp.142296-11">
       [11]
      </xref>.</p>
     <p>Another advancement is ML models’ self-referencing and dynamic post-processing, substituting for golden reference chips, thus allowing non-destructive Trojan detection in commercial off-the-shelf (COTS) components <xref ref-type="bibr" rid="scirp.142296-3">
       [3]
      </xref>.</p>
     <p>New Methods of Hybrid Cryptography: Various methods are now being researched to protect secure silicon architectures from attacks such as authentication tricks or Trojans. These include physically unclonable function-based encryption (PUFs).</p>
     <p>Logic Locking and Hardware Security Reinforcement: To counteract hardware Trojan insertion or other invasive methods of attack from attackers, trickery during the design stage increases the difficulty for them <xref ref-type="bibr" rid="scirp.142296-3">
       [3]
      </xref>. The TroLLoc framework integrates secure placement/routing with logic obfuscation to reduce on-die security traps after design <xref ref-type="bibr" rid="scirp.142296-4">
       [4]
      </xref>.</p>
     <p>Recent studies note potential flaws in logic locking techniques, such as key recovery attacks and accidental data leakage risks <xref ref-type="bibr" rid="scirp.142296-5">
       [5]
      </xref>.</p>
     <p>AI-assisted vulnerability assessments are being developed to evaluate the effectiveness of logic-locking mechanisms.</p>
     <p>AI-Based Hardware Security’s Challenges</p>
     <p>Despite advances, several challenges remain:</p>
     <p>Scalability: Existing models must scale to large IC designs with billions of transistors <xref ref-type="bibr" rid="scirp.142296-14">
       [14]
      </xref>.</p>
     <p>False Positives: High detection model sensitivity causes false alarms, complicating the differentiation between benign and malicious changes <xref ref-type="bibr" rid="scirp.142296-11">
       [11]
      </xref>.</p>
     <p>Adaptive Hardware Attack: Evolving stealthy Trojan designs demand adaptive, self-learning AI models <xref ref-type="bibr" rid="scirp.142296-13">
       [13]
      </xref>.</p>
     <p>AI Model Safety: AI-based security mechanisms are vulnerable to attacks, highlighting the need for robust, attack-resilient AI frameworks <xref ref-type="bibr" rid="scirp.142296-15">
       [15]
      </xref>.</p>
    </sec>
   </sec>
   <sec id="s3">
    <title>3. Methodology and Implementation</title>
    <p>Actionable Implementation Guidelines</p>
    <p>Graph-Based Hardware Trojan Detection: Convert RTL designs into netlists and extract structural features such as gate connectivity and logic dependencies. Train GNN-based models using labeled datasets containing both Trojan-infected and clean circuits. Compare detection performance using accuracy, precision, and false positive rate metrics. Integrate the trained model into electronic design automation (EDA) tools for continuous RTL security monitoring.</p>
    <p>AI and Side-Channel Analysis: Capture power traces and electromagnetic emissions from ICs during operation. Use Siamese Neural Networks (SNNs) to distinguish between Trojan-infected and standard power signatures. Validate detection accuracy through statistical analysis and ROC curves.</p>
    <p>Machine Learning for RTL Code Verification: Extract features from Verilog/VHDL code, including conditional statements and signal dependencies. Train classifiers such as decision trees and nearest-neighbor algorithms for RTL anomaly detection. Integrate ML-based verification into RTL synthesis workflows to detect modifications early in the design phase.</p>
    <p>Logic Locking and Secure IC Design: Use XOR-based logic locking to prevent unauthorized modifications. Securely store encryption keys to avoid key-recovery attacks. Assess resistance to Boolean SAT-based attacks using sensitivity analysis.</p>
    <p>1. Applying GNN to Hardware Trojan Detection Techniques</p>
    <p>Machine learning techniques, such as graph neural networks (GNNs), have been widely acclaimed for their effectiveness in HT detection due to their ability to simulate complex interactions in a circuit netlist. <xref ref-type="bibr" rid="scirp.142296-9">
      [9]
     </xref> To uncover potential Trojan occurrences, GNN effectively represents the circuit as a graph—where nodes are circuit components (e.g., gates, registers) and edges are the connections between them. Typical structures linking activities indicative of Trojan behavior can be captured almost effortlessly.</p>
    <p>Mathematically, the propagation rules of a GNN layer can be described as:</p>
    <p>
     <xref ref-type="bibr" rid="scirp.142296-"></xref> 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msubsup> 
        <mi>
          h 
        </mi> 
        <mi>
          i 
        </mi> 
        <mrow> 
         <mrow> 
          <mo>
            ( 
          </mo> 
          <mrow> 
           <mi>
             l 
           </mi> 
           <mo>
             + 
           </mo> 
           <mn>
             1 
           </mn> 
          </mrow> 
          <mo>
            ) 
          </mo> 
         </mrow> 
        </mrow> 
       </msubsup> 
       <mo>
         = 
       </mo> 
       <mi>
         σ 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mrow> 
         <msup> 
          <mi>
            W 
          </mi> 
          <mrow> 
           <mrow> 
            <mo>
              ( 
            </mo> 
            <mi>
              l 
            </mi> 
            <mo>
              ) 
            </mo> 
           </mrow> 
          </mrow> 
         </msup> 
         <mstyle displaystyle="true"> 
          <msub> 
           <mo>
             ∑ 
           </mo> 
           <mrow> 
            <mi>
              j 
            </mi> 
            <mo>
              ∈ 
            </mo> 
            <msub> 
             <mi>
               N 
             </mi> 
             <mrow> 
              <mrow> 
               <mo>
                 ( 
               </mo> 
               <mi>
                 i 
               </mi> 
               <mo>
                 ) 
               </mo> 
              </mrow> 
             </mrow> 
            </msub> 
           </mrow> 
          </msub> 
          <mrow> 
           <msub> 
            <mi>
              α 
            </mi> 
            <mrow> 
             <mi>
               i 
             </mi> 
             <mi>
               j 
             </mi> 
            </mrow> 
           </msub> 
           <msubsup> 
            <mi>
              h 
            </mi> 
            <mi>
              i 
            </mi> 
            <mrow> 
             <mrow> 
              <mo>
                ( 
              </mo> 
              <mi>
                l 
              </mi> 
              <mo>
                ) 
              </mo> 
             </mrow> 
            </mrow> 
           </msubsup> 
          </mrow> 
         </mstyle> 
        </mrow> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math>(1)</p>
    <p>where:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msubsup> 
        <mi>
          h 
        </mi> 
        <mi>
          i 
        </mi> 
        <mrow> 
         <mrow> 
          <mo>
            ( 
          </mo> 
          <mi>
            l 
          </mi> 
          <mo>
            ) 
          </mo> 
         </mrow> 
        </mrow> 
       </msubsup> 
      </mrow> 
     </math> represents the node feature at layer 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mi>
        l 
      </mi> 
     </math>,</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msup> 
        <mi>
          W 
        </mi> 
        <mrow> 
         <mrow> 
          <mo>
            ( 
          </mo> 
          <mi>
            l 
          </mi> 
          <mo>
            ) 
          </mo> 
         </mrow> 
        </mrow> 
       </msup> 
      </mrow> 
     </math> is the learnable weight matrix,</p>
    <p>σ is the activation function,</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          N 
        </mi> 
        <mrow> 
         <mrow> 
          <mo>
            ( 
          </mo> 
          <mi>
            i 
          </mi> 
          <mo>
            ) 
          </mo> 
         </mrow> 
        </mrow> 
       </msub> 
      </mrow> 
     </math> is the neighborhood of node iii,</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          α 
        </mi> 
        <mrow> 
         <mi>
           i 
         </mi> 
         <mi>
           j 
         </mi> 
        </mrow> 
       </msub> 
      </mrow> 
     </math> is the attention coefficient computed as:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          α 
        </mi> 
        <mrow> 
         <mi>
           i 
         </mi> 
         <mi>
           j 
         </mi> 
        </mrow> 
       </msub> 
       <mo>
         = 
       </mo> 
       <mrow> 
        <mrow> 
         <mi>
           exp 
         </mi> 
         <mrow> 
          <mo>
            ( 
          </mo> 
          <mrow> 
           <mtext>
             LeakyRe 
           </mtext> 
           <mrow> 
            <mo>
              ( 
            </mo> 
            <mrow> 
             <msup> 
              <mi>
                v 
              </mi> 
              <mtext>
                T 
              </mtext> 
             </msup> 
             <mrow> 
              <mo>
                [ 
              </mo> 
              <mrow> 
               <mi>
                 W 
               </mi> 
               <msub> 
                <mi>
                  h 
                </mi> 
                <mi>
                  i 
                </mi> 
               </msub> 
               <mo>
                 ∥ 
               </mo> 
               <mi>
                 W 
               </mi> 
               <msub> 
                <mi>
                  h 
                </mi> 
                <mi>
                  j 
                </mi> 
               </msub> 
              </mrow> 
              <mo>
                ] 
              </mo> 
             </mrow> 
            </mrow> 
            <mo>
              ) 
            </mo> 
           </mrow> 
          </mrow> 
          <mo>
            ) 
          </mo> 
         </mrow> 
        </mrow> 
        <mo>
          / 
        </mo> 
        <mrow> 
         <mstyle displaystyle="true"> 
          <msub> 
           <mo>
             ∑ 
           </mo> 
           <mrow> 
            <mi>
              k 
            </mi> 
            <mo>
              ∈ 
            </mo> 
            <msub> 
             <mi>
               N 
             </mi> 
             <mrow> 
              <mrow> 
               <mo>
                 ( 
               </mo> 
               <mi>
                 i 
               </mi> 
               <mo>
                 ) 
               </mo> 
              </mrow> 
             </mrow> 
            </msub> 
           </mrow> 
          </msub> 
          <mrow> 
           <mi>
             exp 
           </mi> 
           <mrow> 
            <mo>
              ( 
            </mo> 
            <mrow> 
             <mtext>
               LeakyReLU 
             </mtext> 
             <mrow> 
              <mo>
                ( 
              </mo> 
              <mrow> 
               <msup> 
                <mi>
                  v 
                </mi> 
                <mtext>
                  T 
                </mtext> 
               </msup> 
               <mrow> 
                <mo>
                  [ 
                </mo> 
                <mrow> 
                 <mi>
                   W 
                 </mi> 
                 <msub> 
                  <mi>
                    h 
                  </mi> 
                  <mi>
                    i 
                  </mi> 
                 </msub> 
                 <mo>
                   ∥ 
                 </mo> 
                 <mi>
                   W 
                 </mi> 
                 <msub> 
                  <mi>
                    h 
                  </mi> 
                  <mi>
                    k 
                  </mi> 
                 </msub> 
                </mrow> 
                <mo>
                  ] 
                </mo> 
               </mrow> 
              </mrow> 
              <mo>
                ) 
              </mo> 
             </mrow> 
            </mrow> 
            <mo>
              ) 
            </mo> 
           </mrow> 
          </mrow> 
         </mstyle> 
        </mrow> 
       </mrow> 
      </mrow> 
     </math> (2)</p>
    <p>This approach enables feature propagation across circuit elements, aiding efficient anomaly detection in netlists <xref ref-type="bibr" rid="scirp.142296-2">
      [2]
     </xref>.</p>
    <p>2. Side-Channel and Power Analysis-Based Detection</p>
    <p>In addition to these traditional approaches, deep learning models like Siamese Neural Networks (SNNs) and Long Short-Term Memory (LSTM) networks are used more frequently for Side-Channel Analysis (SCA). These technologies deviate from normal circuit behavior by analyzing power consumption and electromagnetic (EM) emissions, which might as well be on their radar screen.</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         P 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mi>
          t 
        </mi> 
        <mo>
          ) 
        </mo> 
       </mrow> 
       <mo>
         = 
       </mo> 
       <mi>
         V 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mi>
          t 
        </mi> 
        <mo>
          ) 
        </mo> 
       </mrow> 
       <mo>
         ⋅ 
       </mo> 
       <mi>
         I 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mi>
          t 
        </mi> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math>(3)</p>
    <p>where:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         V 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mi>
          t 
        </mi> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math> is the instantaneous voltage,</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         I 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mi>
          t 
        </mi> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math> is the instantaneous current.</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         L 
       </mi> 
       <mo>
         = 
       </mo> 
       <mstyle displaystyle="true"> 
        <msubsup> 
         <mo>
           ∑ 
         </mo> 
         <mrow> 
          <mi>
            i 
          </mi> 
          <mo>
            = 
          </mo> 
          <mn>
            1 
          </mn> 
         </mrow> 
         <mi>
           n 
         </mi> 
        </msubsup> 
        <mrow> 
         <msub> 
          <mi>
            y 
          </mi> 
          <mi>
            i 
          </mi> 
         </msub> 
         <msup> 
          <mrow> 
           <mrow> 
            <mo>
              ‖ 
            </mo> 
            <mrow> 
             <mi>
               f 
             </mi> 
             <mrow> 
              <mo>
                ( 
              </mo> 
              <mrow> 
               <msub> 
                <mi>
                  x 
                </mi> 
                <mi>
                  i 
                </mi> 
               </msub> 
              </mrow> 
              <mo>
                ) 
              </mo> 
             </mrow> 
             <mo>
               − 
             </mo> 
             <mi>
               f 
             </mi> 
             <mrow> 
              <mo>
                ( 
              </mo> 
              <mrow> 
               <msub> 
                <mi>
                  x 
                </mi> 
                <mi>
                  j 
                </mi> 
               </msub> 
              </mrow> 
              <mo>
                ) 
              </mo> 
             </mrow> 
            </mrow> 
            <mo>
              ‖ 
            </mo> 
           </mrow> 
          </mrow> 
          <mn>
            2 
          </mn> 
         </msup> 
         <mo>
           + 
         </mo> 
         <mrow> 
          <mo>
            ( 
          </mo> 
          <mrow> 
           <mn>
             1 
           </mn> 
           <mo>
             − 
           </mo> 
           <msub> 
            <mi>
              y 
            </mi> 
            <mi>
              i 
            </mi> 
           </msub> 
          </mrow> 
          <mo>
            ) 
          </mo> 
         </mrow> 
         <mi>
           max 
         </mi> 
         <msup> 
          <mrow> 
           <mrow> 
            <mo>
              ( 
            </mo> 
            <mrow> 
             <mn>
               0 
             </mn> 
             <mo>
               , 
             </mo> 
             <mi>
               m 
             </mi> 
             <mo>
               − 
             </mo> 
             <mrow> 
              <mo>
                ‖ 
              </mo> 
              <mrow> 
               <mi>
                 f 
               </mi> 
               <mrow> 
                <mo>
                  ( 
                </mo> 
                <mrow> 
                 <msub> 
                  <mi>
                    x 
                  </mi> 
                  <mi>
                    i 
                  </mi> 
                 </msub> 
                </mrow> 
                <mo>
                  ) 
                </mo> 
               </mrow> 
               <mo>
                 − 
               </mo> 
               <mi>
                 f 
               </mi> 
               <mrow> 
                <mo>
                  ( 
                </mo> 
                <mrow> 
                 <msub> 
                  <mi>
                    x 
                  </mi> 
                  <mi>
                    j 
                  </mi> 
                 </msub> 
                </mrow> 
                <mo>
                  ) 
                </mo> 
               </mrow> 
              </mrow> 
              <mo>
                ‖ 
              </mo> 
             </mrow> 
            </mrow> 
            <mo>
              ) 
            </mo> 
           </mrow> 
          </mrow> 
          <mn>
            2 
          </mn> 
         </msup> 
        </mrow> 
       </mstyle> 
      </mrow> 
     </math> (4)</p>
    <p>where:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          x 
        </mi> 
        <mi>
          i 
        </mi> 
       </msub> 
       <mo>
         , 
       </mo> 
       <msub> 
        <mi>
          x 
        </mi> 
        <mi>
          j 
        </mi> 
       </msub> 
      </mrow> 
     </math> are input feature vectors,</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          y 
        </mi> 
        <mi>
          i 
        </mi> 
       </msub> 
      </mrow> 
     </math> is the similarity label,</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         f 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mi>
          x 
        </mi> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math> is the feature extractor,</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mi>
        m 
      </mi> 
     </math> is a margin parameter.</p>
    <p>This method achieves high accuracy in detecting power anomalies caused by Trojan insertions <xref ref-type="bibr" rid="scirp.142296-11">
      [11]
     </xref>.</p>
    <p>3. Logic Locking and Secure RTL Design</p>
    <p>To prevent hardware Trojan insertion, logic locking and layout hardening techniques are used <xref ref-type="bibr" rid="scirp.142296-9">
      [9]
     </xref>. The TroLLoc framework integrates logic obfuscation with secure placement and routing, making it difficult for attackers to insert malicious modifications post-design <xref ref-type="bibr" rid="scirp.142296-5">
      [5]
     </xref>.</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         Y 
       </mi> 
       <mo>
         = 
       </mo> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mrow> 
         <mi>
           A 
         </mi> 
         <mo>
           ⊕ 
         </mo> 
         <msub> 
          <mi>
            K 
          </mi> 
          <mn>
            1 
          </mn> 
         </msub> 
        </mrow> 
        <mo>
          ) 
        </mo> 
       </mrow> 
       <mo>
         ⋅ 
       </mo> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mrow> 
         <mi>
           B 
         </mi> 
         <mo>
           ⊕ 
         </mo> 
         <msub> 
          <mi>
            K 
          </mi> 
          <mn>
            2 
          </mn> 
         </msub> 
        </mrow> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math>(5)</p>
    <p>where:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          K 
        </mi> 
        <mn>
          1 
        </mn> 
       </msub> 
       <mo>
         , 
       </mo> 
       <msub> 
        <mi>
          K 
        </mi> 
        <mn>
          2 
        </mn> 
       </msub> 
      </mrow> 
     </math> are secret keys, 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         A 
       </mi> 
       <mo>
         , 
       </mo> 
       <mi>
         B 
       </mi> 
      </mrow> 
     </math> are logic inputs, &amp; 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mi>
        Y 
      </mi> 
     </math> is the locked output.</p>
    <p>3.1. Path Sensitization for Security Evaluation Path sensitization techniques are used to evaluate the security of logic locking. Through ATPG the secure outputs of a locked circuit will remain unpredictable unless the correct key is put in <xref ref-type="bibr" rid="scirp.142296-8">
      [8]
     </xref>. Not all locked circuits will be this secure, however.</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         D 
       </mi> 
       <mo>
         = 
       </mo> 
       <mstyle displaystyle="true"> 
        <msubsup> 
         <mo>
           ∑ 
         </mo> 
         <mrow> 
          <mi>
            i 
          </mi> 
          <mo>
            = 
          </mo> 
          <mn>
            1 
          </mn> 
         </mrow> 
         <mi>
           n 
         </mi> 
        </msubsup> 
        <mrow> 
         <msub> 
          <mi>
            S 
          </mi> 
          <mi>
            i 
          </mi> 
         </msub> 
         <msub> 
          <mi>
            P 
          </mi> 
          <mi>
            i 
          </mi> 
         </msub> 
        </mrow> 
       </mstyle> 
      </mrow> 
     </math>(6)</p>
    <p>where:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          S 
        </mi> 
        <mi>
          i 
        </mi> 
       </msub> 
      </mrow> 
     </math> is the sensitivity function, &amp; 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          P 
        </mi> 
        <mi>
          i 
        </mi> 
       </msub> 
      </mrow> 
     </math> is the probability of leakage for key bit i.</p>
    <p>Security evaluations determine the resilience of locked circuits against key-recovery attacks by analyzing these constraints <xref ref-type="bibr" rid="scirp.142296-10">
      [10]
     </xref>.</p>
    <p>4. AI-Driven Security Enhancements</p>
    <p>4.1. Federated Learning for Secure IC Verification</p>
    <p>Federated learning allows AI models to be trained across multiple fabs without exposing proprietary design data <xref ref-type="bibr" rid="scirp.142296-15">
      [15]
     </xref>. The federated learning model aggregation rule is</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          θ 
        </mi> 
        <mi>
          t 
        </mi> 
       </msub> 
       <mo>
         = 
       </mo> 
       <mstyle displaystyle="true"> 
        <msubsup> 
         <mo>
           ∑ 
         </mo> 
         <mrow> 
          <mi>
            i 
          </mi> 
          <mo>
            = 
          </mo> 
          <mn>
            1 
          </mn> 
         </mrow> 
         <mi>
           n 
         </mi> 
        </msubsup> 
        <mrow> 
         <mrow> 
          <mo>
            ( 
          </mo> 
          <mrow> 
           <mrow> 
            <mrow> 
             <msub> 
              <mi>
                m 
              </mi> 
              <mi>
                i 
              </mi> 
             </msub> 
            </mrow> 
            <mo>
              / 
            </mo> 
            <mi>
              M 
            </mi> 
           </mrow> 
          </mrow> 
          <mo>
            ) 
          </mo> 
         </mrow> 
         <msub> 
          <mi>
            θ 
          </mi> 
          <mi>
            i 
          </mi> 
         </msub> 
        </mrow> 
       </mstyle> 
      </mrow> 
     </math>(7)</p>
    <p>where:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          θ 
        </mi> 
        <mi>
          t 
        </mi> 
       </msub> 
      </mrow> 
     </math> is the global model, 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          m 
        </mi> 
        <mi>
          i 
        </mi> 
       </msub> 
      </mrow> 
     </math> is the number of samples at fabrication site i, &amp; 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mi>
        M 
      </mi> 
     </math> is the total dataset size.</p>
    <p>This guarantees secure and private updates for AI-driven Trojan detection, allowing continuous safety improvement without losing data confidentiality.</p>
    <p>5. AI-Augmented Routing Security</p>
    <p>To suppress crosstalk, electromagnetic (EM) leakage, and side-channel attacks on the system, a constrained shortest-path algorithm is employed for secure routing driven by AI.</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         C 
       </mi> 
       <mo>
         = 
       </mo> 
       <mstyle displaystyle="true"> 
        <msub> 
         <mo>
           ∑ 
         </mo> 
         <mrow> 
          <mrow> 
           <mo>
             ( 
           </mo> 
           <mrow> 
            <mi>
              u 
            </mi> 
            <mo>
              , 
            </mo> 
            <mi>
              v 
            </mi> 
           </mrow> 
           <mo>
             ) 
           </mo> 
          </mrow> 
          <mo>
            ∈ 
          </mo> 
          <mi>
            P 
          </mi> 
         </mrow> 
        </msub> 
        <mrow> 
         <mi>
           w 
         </mi> 
         <mrow> 
          <mo>
            ( 
          </mo> 
          <mrow> 
           <mi>
             u 
           </mi> 
           <mo>
             , 
           </mo> 
           <mi>
             v 
           </mi> 
          </mrow> 
          <mo>
            ) 
          </mo> 
         </mrow> 
        </mrow> 
       </mstyle> 
      </mrow> 
     </math>(8)</p>
    <p>where:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mi>
        P 
      </mi> 
     </math> represents all possible paths, &amp; 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         w 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mrow> 
         <mi>
           u 
         </mi> 
         <mo>
           , 
         </mo> 
         <mi>
           v 
         </mi> 
        </mrow> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math> is the routing cost, considering wirelength, congestion, and security risks.</p>
    <p>The security-aware routing optimization function is:</p>
    <p>where:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         S 
       </mi> 
       <mo>
         = 
       </mo> 
       <mi>
         min 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mrow> 
         <mi>
           α 
         </mi> 
         <mi>
           C 
         </mi> 
         <mo>
           + 
         </mo> 
         <mi>
           β 
         </mi> 
         <mi>
           S 
         </mi> 
        </mrow> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math>(9)</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mi>
        S 
      </mi> 
     </math> represents side-channel vulnerability, &amp; 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         α 
       </mi> 
       <mo>
         , 
       </mo> 
       <mi>
         β 
       </mi> 
      </mrow> 
     </math> are weighting coefficients that balance performance and security.</p>
    <p>This AI-driven routing framework ensures secure signal transmission while minimizing susceptibility to hardware Trojans and side-channel attacks <xref ref-type="bibr" rid="scirp.142296-7">
      [7]
     </xref>.</p>
    <p>Evaluation and Performance Analysis</p>
    <p>Accuracy:</p>
    <p>Accuracy = (TP + TN)/(TP + TN + FP + FN).</p>
    <p>Precision:</p>
    <p>Precision = TP/(TP + FP).</p>
    <p>Recall (TPR):</p>
    <p>Recall = TP/(TP + FN).</p>
    <p>False Positive Rate (FPR):</p>
    <p>FPR = FP/(FP + TN).</p>
    <p>F1-Score:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mtext>
         F 
       </mtext> 
       <mn>
         1 
       </mn> 
       <mo>
         = 
       </mo> 
       <mn>
         2 
       </mn> 
       <mo>
         × 
       </mo> 
       <mrow> 
        <mrow> 
         <mrow> 
          <mo>
            ( 
          </mo> 
          <mrow> 
           <mtext>
             Precision 
           </mtext> 
           <mo>
             × 
           </mo> 
           <mtext>
             Recall 
           </mtext> 
          </mrow> 
          <mo>
            ) 
          </mo> 
         </mrow> 
        </mrow> 
        <mo>
          / 
        </mo> 
        <mrow> 
         <mrow> 
          <mo>
            ( 
          </mo> 
          <mrow> 
           <mtext>
             Precision 
           </mtext> 
           <mo>
             + 
           </mo> 
           <mtext>
             Recall 
           </mtext> 
          </mrow> 
          <mo>
            ) 
          </mo> 
         </mrow> 
        </mrow> 
       </mrow> 
      </mrow> 
     </math>(10)</p>
    <p>For the efficiency of Graph Neural Networks (GNNs) and machine learning detection models, these metrics were applied to multiple datasets from Trust-Hub benchmarks <xref ref-type="bibr" rid="scirp.142296-2">
      [2]
     </xref> <xref ref-type="bibr" rid="scirp.142296-11">
      [11]
     </xref>.</p>
    <p>Evaluation of Strategy of Cases</p>
    <p>A three-tiered strategy was adopted in the evaluation process of AI-powered detection models:</p>
    <p>Case I: Machine Learning-Based Classification</p>
    <p>The decision tree model was trained on the netlist features extracted and employs an approach based on the nearest neighboring <xref ref-type="bibr" rid="scirp.142296-1">
      [1]
     </xref>. The expression represents it:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         y 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mi>
          x 
        </mi> 
        <mo>
          ) 
        </mo> 
       </mrow> 
       <mo>
         = 
       </mo> 
       <mtext>
         DECISION 
       </mtext> 
       <mtext>
           
       </mtext> 
       <mtext>
         TREE 
       </mtext> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mrow> 
         <mi>
           x 
         </mi> 
         <mo>
           , 
         </mo> 
         <mtext>
           Nearest 
         </mtext> 
         <mtext>
             
         </mtext> 
         <mtext>
           Neighbour 
         </mtext> 
         <mrow> 
          <mo>
            ( 
          </mo> 
          <mrow> 
           <mi>
             x 
           </mi> 
           <mo>
             , 
           </mo> 
           <mi>
             D 
           </mi> 
          </mrow> 
          <mo>
            ) 
          </mo> 
         </mrow> 
        </mrow> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math>(11)</p>
    <p>This case showed an improvement of ~5% in accuracy over traditional feature-based classification methods <xref ref-type="bibr" rid="scirp.142296-3">
      [3]
     </xref>.</p>
    <p>Case II: Graph-Based Trojan Detection</p>
    <p>In RTL designs, Graph Neural Network (GNN) classification was employed to analyze circuit relationships and to detect malicious tampering <xref ref-type="bibr" rid="scirp.142296-13">
      [13]
     </xref>. We have:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         y 
       </mi> 
       <mo>
         = 
       </mo> 
       <mi>
         f 
       </mi> 
       <mi>
         θ 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mi>
          x 
        </mi> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math>(12)</p>
    <p>where 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mi>
        y 
      </mi> 
     </math> denotes the predicted output, 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         f 
       </mi> 
       <mi>
         θ 
       </mi> 
      </mrow> 
     </math> represents the deep learning model, and 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mi>
        x 
      </mi> 
     </math> is the extracted netlist feature vector.</p>
    <p>This method improved false positive reduction by 12% and significantly enhanced detection sensitivity for unknown Trojan types <xref ref-type="bibr" rid="scirp.142296-12">
      [12]
     </xref> <xref ref-type="bibr" rid="scirp.142296-14">
      [14]
     </xref>.</p>
    <p>Case III: Node-Level Classification with GNNs</p>
    <p>With the development of this method, instead of classifying entire netlists, it is now possible to identify each infected node based on its power characteristics. As a result, we see that in the SoftMax activation function employed here with Graph Convolutional Network (GCN), the classification can be expressed as follows:</p>
    <p>
     <math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"> <mrow> 
       <mover accent="true"> 
        <mi>
          y 
        </mi> 
        <mo>
          ^ 
        </mo> 
       </mover> 
       <mo>
         = 
       </mo> 
       <mtext>
         GCN 
       </mtext> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mi>
          x 
        </mi> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math>(13)</p>
    <p>where 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mover accent="true"> 
       <mi>
         y 
       </mi> 
       <mo>
         ^ 
       </mo> 
      </mover> 
     </math> is the classified node label and 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mi>
        x 
      </mi> 
     </math> represents node embeddings.</p>
    <p>This approach successfully identified Trojan locations within netlists with an accuracy of ~98%, making it superior to traditional machine learning-based detection techniques <xref ref-type="bibr" rid="scirp.142296-5">
      [5]
     </xref> <xref ref-type="bibr" rid="scirp.142296-15">
      [15]
     </xref>.</p>
    <p>Side-Channel and Power Analysis Evaluation</p>
    <p>Siamese Neural Networks (SNNs) were used for side-channel and power analysis. While they do not directly attack the chip, rather than their physical effects on power consumption cycles, one useful thing about SNN is that it is free from computationally intensive calculations to generate power cycle versions of on-chip waveforms. The classification function is:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         I 
       </mi> 
       <msub> 
        <mi>
          G 
        </mi> 
        <mi>
          x 
        </mi> 
       </msub> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mi>
          x 
        </mi> 
        <mo>
          ) 
        </mo> 
       </mrow> 
       <mo>
         = 
       </mo> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mrow> 
         <msub> 
          <mi>
            x 
          </mi> 
          <mrow> 
           <mi>
             f 
           </mi> 
           <mi>
             i 
           </mi> 
          </mrow> 
         </msub> 
         <mo>
           − 
         </mo> 
         <msub> 
          <msup> 
           <mi>
             x 
           </mi> 
           <mo>
             ′ 
           </mo> 
          </msup> 
          <mrow> 
           <mi>
             f 
           </mi> 
           <mi>
             i 
           </mi> 
          </mrow> 
         </msub> 
        </mrow> 
        <mo>
          ) 
        </mo> 
       </mrow> 
       <mo>
         × 
       </mo> 
       <mstyle displaystyle="true"> 
        <mrow> 
         <msubsup> 
          <mo>
            ∫ 
          </mo> 
          <mn>
            0 
          </mn> 
          <mn>
            1 
          </mn> 
         </msubsup> 
         <mrow> 
          <mrow> 
           <mrow> 
            <mo>
              ∂ 
            </mo> 
            <mi>
              F 
            </mi> 
            <mrow> 
             <mo>
               ( 
             </mo> 
             <mrow> 
              <msup> 
               <mi>
                 x 
               </mi> 
               <mo>
                 ′ 
               </mo> 
              </msup> 
              <mo>
                × 
              </mo> 
              <mi>
                α 
              </mi> 
              <mrow> 
               <mo>
                 ( 
               </mo> 
               <mrow> 
                <mi>
                  x 
                </mi> 
                <mo>
                  − 
                </mo> 
                <msup> 
                 <mi>
                   x 
                 </mi> 
                 <mo>
                   ′ 
                 </mo> 
                </msup> 
               </mrow> 
               <mo>
                 ) 
               </mo> 
              </mrow> 
             </mrow> 
             <mo>
               ) 
             </mo> 
            </mrow> 
           </mrow> 
           <mo>
             / 
           </mo> 
           <mrow> 
            <mo>
              ∂ 
            </mo> 
            <msub> 
             <mi>
               x 
             </mi> 
             <mrow> 
              <mi>
                f 
              </mi> 
              <mi>
                i 
              </mi> 
             </mrow> 
            </msub> 
           </mrow> 
          </mrow> 
          <mtext>
            d 
          </mtext> 
          <mi>
            α 
          </mi> 
         </mrow> 
        </mrow> 
       </mstyle> 
      </mrow> 
     </math>(14)</p>
    <p>where 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         F 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mi>
          x 
        </mi> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math> is the model output and 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mi>
        α 
      </mi> 
     </math> is a scaling factor.</p>
    <p>This method achieved:</p>
    <p>Logic Locking Security Assessment</p>
    <p>The security of different logic-locking technology, such as XOR-based obfuscation, was evaluated in light of how resistant they were to key recovery attacks. Path sensitization techniques were also used when assessing the extent to which there was a danger of leakage from a key:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         D 
       </mi> 
       <mo>
         = 
       </mo> 
       <mstyle displaystyle="true"> 
        <msubsup> 
         <mo>
           ∑ 
         </mo> 
         <mn>
           1 
         </mn> 
         <mi>
           n 
         </mi> 
        </msubsup> 
        <mrow> 
         <msub> 
          <mi>
            S 
          </mi> 
          <mi>
            i 
          </mi> 
         </msub> 
         <msub> 
          <mi>
            P 
          </mi> 
          <mi>
            i 
          </mi> 
         </msub> 
        </mrow> 
       </mstyle> 
      </mrow> 
     </math>(15)</p>
    <p>where 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          S 
        </mi> 
        <mi>
          i 
        </mi> 
       </msub> 
      </mrow> 
     </math> is the security sensitivity function and 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <msub> 
        <mi>
          P 
        </mi> 
        <mi>
          i 
        </mi> 
       </msub> 
      </mrow> 
     </math> is the probability of a successful attack <xref ref-type="bibr" rid="scirp.142296-5">
      [5]
     </xref>.</p>
    <p>This study found that traditional XOR-based methods were vulnerable to Boolean SAT-based attacks, while TroLLoc (Logic Locking + Layout Hardening) improved security resilience by 43% <xref ref-type="bibr" rid="scirp.142296-9">
      [9]
     </xref>.</p>
    <p>Secure AI-Driven Routing Optimization</p>
    <p>In this research, to prevent signal leakage and Trojan insertion in IC routing, an AI-driven constrained shortest-path optimization was put:</p>
    <p>
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         C 
       </mi> 
       <mo>
         = 
       </mo> 
       <mstyle displaystyle="true"> 
        <msub> 
         <mo>
           ∑ 
         </mo> 
         <mrow> 
          <mrow> 
           <mo>
             ( 
           </mo> 
           <mrow> 
            <mi>
              u 
            </mi> 
            <mo>
              , 
            </mo> 
            <mi>
              v 
            </mi> 
           </mrow> 
           <mo>
             ) 
           </mo> 
          </mrow> 
          <mo>
            ∈ 
          </mo> 
          <mi>
            P 
          </mi> 
         </mrow> 
        </msub> 
        <mrow> 
         <mi>
           w 
         </mi> 
         <mrow> 
          <mo>
            ( 
          </mo> 
          <mrow> 
           <mi>
             u 
           </mi> 
           <mo>
             , 
           </mo> 
           <mi>
             v 
           </mi> 
          </mrow> 
          <mo>
            ) 
          </mo> 
         </mrow> 
        </mrow> 
       </mstyle> 
      </mrow> 
     </math>(16)</p>
    <p>where 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mi>
        P 
      </mi> 
     </math> represents possible paths, and 
     <math display="inline" xmlns="http://www.w3.org/1998/Math/MathML"> <mrow> 
       <mi>
         w 
       </mi> 
       <mrow> 
        <mo>
          ( 
        </mo> 
        <mrow> 
         <mi>
           u 
         </mi> 
         <mo>
           , 
         </mo> 
         <mi>
           v 
         </mi> 
        </mrow> 
        <mo>
          ) 
        </mo> 
       </mrow> 
      </mrow> 
     </math> accounts for wire length, congestion, and security risks.</p>
    <p>Results showed:</p>
   </sec>
   <sec id="s4">
    <title>4. Limitations and Constraints</title>
    <p>Vulnerability to Adversarial Attacks: AI models can be misled by carefully crafted adversarial inputs. Robust techniques, such as adversarial training, must be explored to enhance resilience.</p>
    <p>Computational Overhead: Deep learning-based security measures introduce significant computational requirements, increasing verification time and hardware complexity.</p>
    <p>Dependency on Golden Models: Many detection approaches assume the availability of a trusted reference IC, which is often impractical for commercial off-the-shelf (COTS) components.</p>
    <p>Scalability Challenges: AI-driven security frameworks must scale effectively for large IC designs containing billions of transistors.</p>
    <p>Trade-Offs and Pitfalls</p>
    <p>Accuracy vs. Performance: More complex AI models generally yield higher accuracy but at the cost of increased latency and computational power.</p>
    <p>False Positive Rates: Overly sensitive models may flag benign variations as potential threats, necessitating extensive validation to reduce false alarms.</p>
    <p>Energy Consumption: AI-enhanced verification methods can impose higher power consumption during training and deployment phases.</p>
   </sec>
   <sec id="s5">
    <title>5. Conclusions</title>
    <p>This paper introduces an artificial intelligence-driven method for locating and preventing hardware Trojans at the various phases of IC design. The main findings are as follows:</p>
    <p>Graph Neural Networks (GNNs): Offer Trojan-infected node localization capabilities with an accuracy of as high as 98%, making them superior to all types of machine learning models temporarily used for other purposes <xref ref-type="bibr" rid="scirp.142296-13">
      [13]
     </xref>.</p>
    <p>AI-assisted side-channel analysis: Utilizing Siamese Neural Networks (SNNs) can sense power leakage and electromagnetic radiation produced by HTs. The True Positive Rate (TPR) of the anomaly detected in this way is 98 percent <xref ref-type="bibr" rid="scirp.142296-6">
      [6]
     </xref>.</p>
    <p>Logic Locking Techniques: TroLLoc (Dual Technique for Logic Locking and Layout Hardening) can raise the average success rate by 43% compared to prevention <xref ref-type="bibr" rid="scirp.142296-9">
      [9]
     </xref>.</p>
    <p>AI-embedded routing optimization: Can lower susceptibility to signal leakage while making these systems more resistant to electromagnetic side-channel attacks than ever <xref ref-type="bibr" rid="scirp.142296-7">
      [7]
     </xref>.</p>
    <p>Federated Learning-based Security frameworks: Allow secure multi-party IC verification without sacrificing design confidentiality, thus showing up supply chain security <xref ref-type="bibr" rid="scirp.142296-16">
      [16]
     </xref>.</p>
    <p>This paper offers:</p>
    <p>A comprehensive hardware Trojan detection scheme based on artificial intelligence, incorporating AI to deliver low-cost detection and location results.</p>
    <p>An in-depth evaluation of these latest AI models, giving their comparative accuracy, scalability, and robustness against adversarial attacks.</p>
    <p>A hardware security strategy for the future based on AI, including its concentration on architectures immune to quantum attacks, the use of adversarial training methods, and approaches to federated learning.</p>
    <p>Future Horizons</p>
    <p>For the next phase of research, we should take account of the following trends:</p>
    <p>1. A cryptographic architecture combining post-quantum encryption with PUFs.</p>
    <p>2. Real-time AI adversarial training to counteract covert Trojan attacks.</p>
    <p>Integration with cloud-based EDA platforms for scalable and distributed security verification.</p>
    <p>3. Establish a framework for detecting AI-powered anomalous behavior on a post-silicon level.</p>
    <p>This research lays the foundation for next-generation hardware security solutions, built on the latest advances in AI and cryptography. These advancements contribute to the credibility of semiconductor security, making them viable for critical applications such as defense and healthcare. Instead, they will be equally worthy today in autonomous cars tomorrow, serving on all fronts!</p>
   </sec>
   <sec id="s6">
    <title>Acknowledgements</title>
    <p>I would like to acknowledge the authors of the numerous research papers referenced in this paper, whose contributions have significantly advanced the field of RTL design in FPGA and ASIC.</p>
   </sec>
  </sec>
 </body><back>
  <ref-list>
   <title>References</title>
   <ref id="scirp.142296-ref1">
    <label>1</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Chattopadhyay, A., Bisariya, S. and Sutrakar, V.K. (2025) Identification of Hardware Trojan Locations in Gate-Level Netlist Using Nearest Neighbour Approach Integrated with Machine Learning Technique. arXiv: 2501.16347. &gt;https://doi.org/10.48550/arXiv.2501.16347 
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref2">
    <label>2</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Mahfuz, T., Gaikwad, P., Suha, T., Bhunia, S. and Chakraborty, P. (2025) SALTY: Explainable Artificial Intelligence Guided Structural Analysis for Hardware Trojan Detection. arXiv: 2502.14116. &gt;https://doi.org/10.48550/arXiv.2502.14116 
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref3">
    <label>3</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Parikh, R. and Parikh, K. (2025) Survey on Hardware Security: PUFs, Trojans, and side-Channel Attacks. Preprints. &gt;https://doi.org/10.20944/preprints202501.1559.v1
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref4">
    <label>4</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Sengupta, A., Anshul, A., Chourasia, V. and Bhui, N. (2025) Security Vulnerability (Backdoor Trojan) during Machine Learning Accelerator Design Phases. IT Professional, 27, 65-72. &gt;https://doi.org/10.1109/mitp.2024.3519632
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref5">
    <label>5</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Reimann, L.M., Rezunov, E., Germek, D., Collini, L., Pilato, C., Karri, R. and Leupers, R. (2025) The Impact of Logic Locking on Confidentiality: An Automated Evaluation. arXiv: 2502.01240. &gt;https://doi.org/10.48550/arXiv.2502.01240
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref6">
    <label>6</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Nasr, A., Mohamed, K., Elshenawy, A. and Zaki, M. (2024) A Siamese Deep Learning Framework for Efficient Hardware Trojan Detection Using Power Side-Channel Data. Scientific Reports, 14, Article No. 13013. &gt;https://doi.org/10.1038/s41598-024-62744-2
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref7">
    <label>7</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Parikh, R.,&amp;Parikh, K. (2025) AI-Driven Security in Streaming Scan Net-Works (SSN) for Design-for-Test (DFT). Preprints. &gt;https://doi.org/10.20944/preprints202503.0503.v1
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref8">
    <label>8</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Fan, R., Tang, Y., Sun, H., Liu, J. and Li, H. (2024) An Efficient ML-Based Hardware Trojan Localization Framework for RTL Security Analysis. 2024 ACM/IEEE 6th Symposium on Machine Learning for CAD (MLCAD), Salt Lake City, 9-11 September 2024, 1-7. &gt;https://doi.org/10.1109/mlcad62225.2024.10740223
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref9">
    <label>9</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Wang, F., Wang, Q., Alrahis, L., Fu, B., Jiang, S., Zhang, X., Sinanoglu, O., Ho, T.-Y., Young, E.F.Y. and Knechtel, J. (2024). TroLLoc: Logic Locking and Layout Hardening for IC Security Closure against Hardware Trojans. arXiv:2405.05590. &gt;https://doi.org/10.48550/arXiv.2405.05590 
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref10">
    <label>10</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Hemavathy, S., Jagadeesh, K. and Bhaaskaran, V.S.K. (2025) Unified Security Framework Using Device-Specific Fingerprint: Mitigating Hardware Trojans and Authenticating Firmware Updates. IEEE Access, 13, 26897-26914. &gt;https://doi.org/10.1109/access.2025.3538936
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref11">
    <label>11</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Sutikno, S., Putra, S.D., Wijitrisnanto, F. and Aminanto, M.E. (2023) Detecting Unknown Hardware Trojans in Register Transfer Level Leveraging Verilog Conditional Branching Features. IEEE Access, 11, 46073-46083. &gt;https://doi.org/10.1109/access.2023.3272034
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref12">
    <label>12</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Su, H., Hu, W., Zhang, X., Zhu, D. and Wu, L. (2025) Towards Precise and Explainable Hardware Trojan Localization at LUT Level. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems. &gt;https://doi.org/10.1109/tcad.2025.3527377
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref13">
    <label>13</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Ma, P., Li, J., Liu, H., Shi, J., Zhang, S., Pan, W. and Hao, Y. (2023) Hardware Trojan Detection Methods for Gate-Level Netlists Based on Graph Neural Networks. IEEE Transactions on Computers, 74, 1470-1481. &gt;https://doi.org/10.1109/TC.2025.3533085 
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref14">
    <label>14</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Parikh, R. and Parikh, K. (2025) Mathematical Foundations of AI-Based Secure Physical Design Verification. Preprints. &gt;https://doi.org/10.20944/preprints202502.1831.v1
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref15">
    <label>15</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Tauhid, A., Xu, L., Rahman, M. and Tomai, E. (2023) A Survey on Security Analysis of Machine Learning-Oriented Hardware and Software Intellectual Property. High-Confidence Computing, 3, Article 100114. &gt;https://doi.org/10.1016/j.hcc.2023.100114
    </mixed-citation>
   </ref>
   <ref id="scirp.142296-ref16">
    <label>16</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Ghimire, A., Alkurdi, M., Amsaad, F., Rahman, M.T. and Jhanjhi, N.Z. (2024) AI-Enabled Hardware Trojan Detection for Secure and Trusted Context-Aware Embedded Systems. Preprints. &gt;https://doi.org/10.36227/techrxiv.170630749.99115711/v1
    </mixed-citation>
   </ref>
  </ref-list>
 </back>
</article>