Detection of Avionics Supply Chain Non-Control-Flow Malware Using Binary Decompilation and Wavelet Analysis

Date of Award


Degree Name

M.S. in Electrical and Computer Engineering


Department of Electrical and Computer Engineering


Temesguen Kebede


Non-control-flow Trojans pose a threat to decision-making data in embedded systems. By evading typical third party testing by remaining always-on and only effecting a small localized region of the input data, the output data is skewed just enough to have decisions made just sooner or just later than originally intended. Using the Ghidra decompiler and the discrete wavelet transform, the capability to extract a binary's functional behavior, represent it in a waveform, and uncover anomalies, aka localized behaviors, is posited. Using Ghidra, a sense of the functional behavior of a simple program is obtained, and a Monte Carlo simulation of phase shifted Bessel functions of the first kind with a Gaussian Trojan of random magnitude (aka amplitude), location (aka mean), and breadth (aka variance) is completed. The discrete wavelet transform is able to uncover highly-localized anomalies.


Computer Engineering, Computer Science, Electrical Engineering, non-control-flow Trojans, decompilation, Ghidra, wavelet analysis, discrete wavelet transform

Rights Statement

Copyright 2021, author