Detection of Avionics Supply Chain Non-Control-Flow Malware Using Binary Decompilation and Wavelet Analysis
Date of Award
2021
Degree Name
M.S. in Electrical and Computer Engineering
Department
Department of Electrical and Computer Engineering
Advisor/Chair
Temesguen Kebede
Abstract
Non-control-flow Trojans pose a threat to decision-making data in embedded systems. By evading typical third party testing by remaining always-on and only effecting a small localized region of the input data, the output data is skewed just enough to have decisions made just sooner or just later than originally intended. Using the Ghidra decompiler and the discrete wavelet transform, the capability to extract a binary's functional behavior, represent it in a waveform, and uncover anomalies, aka localized behaviors, is posited. Using Ghidra, a sense of the functional behavior of a simple program is obtained, and a Monte Carlo simulation of phase shifted Bessel functions of the first kind with a Gaussian Trojan of random magnitude (aka amplitude), location (aka mean), and breadth (aka variance) is completed. The discrete wavelet transform is able to uncover highly-localized anomalies.
Keywords
Computer Engineering, Computer Science, Electrical Engineering, non-control-flow Trojans, decompilation, Ghidra, wavelet analysis, discrete wavelet transform
Rights Statement
Copyright © 2021, author
Recommended Citation
Hill, Jeremy Michael Olivar, "Detection of Avionics Supply Chain Non-Control-Flow Malware Using Binary Decompilation and Wavelet Analysis" (2021). Graduate Theses and Dissertations. 7010.
https://ecommons.udayton.edu/graduate_theses/7010
