Detection of Avionics Supply Chain Non-Control-Flow Malware Using Binary Decompilation and Wavelet Analysis
Date of Award
M.S. in Electrical and Computer Engineering
Department of Electrical and Computer Engineering
Non-control-flow Trojans pose a threat to decision-making data in embedded systems. By evading typical third party testing by remaining always-on and only effecting a small localized region of the input data, the output data is skewed just enough to have decisions made just sooner or just later than originally intended. Using the Ghidra decompiler and the discrete wavelet transform, the capability to extract a binary's functional behavior, represent it in a waveform, and uncover anomalies, aka localized behaviors, is posited. Using Ghidra, a sense of the functional behavior of a simple program is obtained, and a Monte Carlo simulation of phase shifted Bessel functions of the first kind with a Gaussian Trojan of random magnitude (aka amplitude), location (aka mean), and breadth (aka variance) is completed. The discrete wavelet transform is able to uncover highly-localized anomalies.
Computer Engineering, Computer Science, Electrical Engineering, non-control-flow Trojans, decompilation, Ghidra, wavelet analysis, discrete wavelet transform
Copyright 2021, author
Hill, Jeremy Michael Olivar, "Detection of Avionics Supply Chain Non-Control-Flow Malware Using Binary Decompilation and Wavelet Analysis" (2021). Graduate Theses and Dissertations. 7010.