<monospace>PoisonedGNN</monospace> Backdoor Attack on Graph Neural Networks-based Hardware Security Systems

Lilas Alrahis, Satwik Patnaik, Muhammad Abdullah Hanif, Muhammad Shafique, Ozgur Sinanoglu

Research output: Contribution to journalArticlepeer-review


Graph neural networks (GNNs) have shown great success in detecting intellectual property (IP) piracy and hardware Trojans (HTs). However, the machine learning community has demonstrated that GNNs are susceptible to data poisoning attacks, which result in GNNs performing abnormally on graphs with pre-defined backdoor triggers (realized using crafted subgraphs). Thus, it is imperative to ensure that the adoption of GNNs should not introduce security vulnerabilities in critical security frameworks. Existing backdoor attacks on GNNs generate random subgraphs with specific sizes/densities to act as backdoor triggers. However, for Boolean circuits, backdoor triggers cannot be randomized since the added structures should not affect the functionality of a design. We explore this threat and develop <italic><monospace>PoisonedGNN</monospace></italic> as the first backdoor attack on GNNs in the context of hardware design. We design and inject backdoor triggers into the register-transfer- or the gate-level representation of a given design without affecting the functionality to evade some GNN-based detection procedures. To demonstrate the effectiveness of <monospace>PoisonedGNN</monospace>, we consider two case studies: (i)&#x00A0;Hiding HTs and (ii)&#x00A0;IP piracy. Our experiments on TrustHub datasets demonstrate that <monospace>PoisonedGNN</monospace> can hide HTs and IP piracy from advanced GNN-based detection platforms with an attack success rate of up to <inline-formula><tex-math notation="LaTeX">$100\%$</tex-math></inline-formula>.

Original languageEnglish (US)
Pages (from-to)1-13
Number of pages13
JournalIEEE Transactions on Computers
StateAccepted/In press - 2023


  • Backdoor attacks
  • Graph neural networks
  • Graph neural networks
  • Hardware Trojans
  • Hardware security
  • IP networks
  • Intellectual property piracy
  • Logic gates
  • Machine learning
  • Peer-to-peer computing
  • Supply chains
  • Training
  • Trojan horses

ASJC Scopus subject areas

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computational Theory and Mathematics


Dive into the research topics of '<monospace>PoisonedGNN</monospace> Backdoor Attack on Graph Neural Networks-based Hardware Security Systems'. Together they form a unique fingerprint.

Cite this