Title

Detection of Avionics Supply Chain Non-Control-Flow Malware Using Binary Decompilation and Wavelet Analysis

Date of Award

6-1-2021

Degree Name

M.S. in Electrical and Computer Engineering

Department

Department of Electrical and Computer Engineering

Advisor/Chair

Temesguen Kebede

Abstract

Non-control-flow Trojans pose a threat to decision-making data in embedded systems. By evading typical third party testing by remaining always-on and only effecting a small localized region of the input data, the output data is skewed just enough to have decisions made just sooner or just later than originally intended. Using the Ghidra decompiler and the discrete wavelet transform, the capability to extract a binary's functional behavior, represent it in a waveform, and uncover anomalies, aka localized behaviors, is posited. Using Ghidra, a sense of the functional behavior of a simple program is obtained, and a Monte Carlo simulation of phase shifted Bessel functions of the first kind with a Gaussian Trojan of random magnitude (aka amplitude), location (aka mean), and breadth (aka variance) is completed. The discrete wavelet transform is able to uncover highly-localized anomalies.

Keywords

Computer Engineering, Computer Science, Electrical Engineering, non-control-flow Trojans, decompilation, Ghidra, wavelet analysis, discrete wavelet transform

Rights Statement

Copyright 2021, author

Share

COinS