| dc.contributor.advisor | Costin, Andrei | |
| dc.contributor.author | Kairajärvi, Sami | |
| dc.date.accessioned | 2019-04-18T06:17:57Z | |
| dc.date.available | 2019-04-18T06:17:57Z | |
| dc.date.issued | 2019 | |
| dc.identifier.uri | https://jyx.jyu.fi/handle/123456789/63543 | |
| dc.description.abstract | This thesis explores how architecture and endianness of executable code can be identified using binary file contents, as falsely identifying the architecture caused about 10% of failures of firmware analysis in a recent study by Costin et al. (2014) . A literature review was performed to identify the current state-of-the-art methods and how they could be improved in terms of algorithms, performance, data sets, and support tools. The thorough review identified methods presented by Clemens (2015) and De Nicolao et al. (2018) as the state-of-the-art and found that they had good results. However, these methods were found lacking essential tools to acquire or build the data sets as well as requiring more comprehensive comparison of classifier performance on full binaries. An experimental evaluation was performed to test classifier performance on different situations. For example, when training and testing classifiers with only code sections from executable files, all the classifiers performed equally well achieving over 98% accuracy. On samples with very small code sections 3-nearest neighbors and SVM had the best performance achieving 90% accuracy at 128 bytes. At the same time, random forest classifier performed the best classifying full binaries when trained with code sections at 90% accuracy and 99.2% when trained using full binaries. | en |
| dc.format.extent | 74 | |
| dc.format.mimetype | application/pdf | |
| dc.language.iso | en | |
| dc.subject.other | Firmware Analysis | |
| dc.subject.other | Supervised Machine Learning | |
| dc.subject.other | Classification | |
| dc.subject.other | Binary Code | |
| dc.title | Automatic identification of architecture and endianness using binary file contents | |
| dc.identifier.urn | URN:NBN:fi:jyu-201904182217 | |
| dc.type.ontasot | Pro gradu -tutkielma | fi |
| dc.type.ontasot | Master’s thesis | en |
| dc.contributor.tiedekunta | Informaatioteknologian tiedekunta | fi |
| dc.contributor.tiedekunta | Faculty of Information Technology | en |
| dc.contributor.laitos | Informaatioteknologia | fi |
| dc.contributor.laitos | Information Technology | en |
| dc.contributor.yliopisto | Jyväskylän yliopisto | fi |
| dc.contributor.yliopisto | University of Jyväskylä | en |
| dc.contributor.oppiaine | Tietotekniikka | fi |
| dc.contributor.oppiaine | Mathematical Information Technology | en |
| dc.rights.copyright | Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty. | fi |
| dc.rights.copyright | This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited. | en |
| dc.type.publication | masterThesis | |
| dc.contributor.oppiainekoodi | 602 | |
| dc.format.content | fulltext | |
| dc.relation.dataset | https://github.com/kairis/isadetect | |
| dc.relation.dataset | https://etsin.fairdata.fi/dataset/80fa69af-addb-4f9a-b45c-c16011bae366 | |
| dc.type.okm | G2 | |
