"Detection of Avionics Supply Chain Non-Control-Flow Malware Using Bina" by Jeremy Michael Olivar Hill

Graduate Theses and Dissertations

Title

Detection of Avionics Supply Chain Non-Control-Flow Malware Using Binary Decompilation and Wavelet Analysis

Author

Jeremy Michael Olivar Hill, University of Dayton

Date of Award

2021

Degree Name

M.S. in Electrical and Computer Engineering

Department

Department of Electrical and Computer Engineering

Advisor/Chair

Temesguen Kebede

Abstract

Non-control-flow Trojans pose a threat to decision-making data in embedded systems. By evading typical third party testing by remaining always-on and only effecting a small localized region of the input data, the output data is skewed just enough to have decisions made just sooner or just later than originally intended. Using the Ghidra decompiler and the discrete wavelet transform, the capability to extract a binary's functional behavior, represent it in a waveform, and uncover anomalies, aka localized behaviors, is posited. Using Ghidra, a sense of the functional behavior of a simple program is obtained, and a Monte Carlo simulation of phase shifted Bessel functions of the first kind with a Gaussian Trojan of random magnitude (aka amplitude), location (aka mean), and breadth (aka variance) is completed. The discrete wavelet transform is able to uncover highly-localized anomalies.

Keywords

Computer Engineering, Computer Science, Electrical Engineering, non-control-flow Trojans, decompilation, Ghidra, wavelet analysis, discrete wavelet transform

Rights Statement

Recommended Citation

Hill, Jeremy Michael Olivar, "Detection of Avionics Supply Chain Non-Control-Flow Malware Using Binary Decompilation and Wavelet Analysis" (2021). Graduate Theses and Dissertations. 7010.
https://ecommons.udayton.edu/graduate_theses/7010

Link to Full Text

COinS