RELIC-GNN: Efficient State Registers Identification with Graph Neural Network for Reverse Engineering
Weitao Pan, Meng Dong, Zhiliang Qiu, Jianlei Yang, Zhixiong Di, Yiming Gao
TL;DR
RELIC-GNN tackles the problem of efficient state-register identification in gate-level netlists to facilitate robust FSM extraction for reverse engineering. It models register path structures as directed graphs and uses a Graph Attention Auto-Encoder to learn register embeddings, followed by a clustering-based classifier to distinguish state from data registers. The approach shows improved recall and competitive accuracy over prior methods, with notable runtime benefits on large designs and the ability to handle millions of gates. This graph-based framework enhances scalability and could impact hardware security tasks such as Trojan detection and IP piracy countering. The method bridges netlist analysis and non-Euclidean graph learning to enable faster, scalable reverse engineering of complex circuits.
Abstract
Reverse engineering of gate-level netlist is critical for Hardware Trojans detection and Design Piracy counteracting. The primary task of gate-level reverse engineering is to separate the control and data signals from the netlist, which is mainly realized by identifying state registers with topological comparison.However, these methods become inefficient for large scale netlist. In this work, we propose RELIC-GNN, a graph neural network based state registers identification method, to address these issues. RELIC-GNN models the path structure of register as a graph and generates corresponding representation by considering node attributes and graph structure during training. The trained GNN model could be adopted to find the registers type very efficiently. Experimental results show that RELIC-GNN could achieve 100% in recall, 30.49% in precision and 88.37% in accuracy on average across different designs, which obtains significant improvements than previous approaches.