Näytä suppeat kuvailutiedot

dc.contributor.advisorCostin, Andrei
dc.contributor.authorKairajärvi, Sami
dc.date.accessioned2019-04-18T06:17:57Z
dc.date.available2019-04-18T06:17:57Z
dc.date.issued2019
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/63543
dc.description.abstractThis thesis explores how architecture and endianness of executable code can be identified using binary file contents, as falsely identifying the architecture caused about 10% of failures of firmware analysis in a recent study by Costin et al. (2014) . A literature review was performed to identify the current state-of-the-art methods and how they could be improved in terms of algorithms, performance, data sets, and support tools. The thorough review identified methods presented by Clemens (2015) and De Nicolao et al. (2018) as the state-of-the-art and found that they had good results. However, these methods were found lacking essential tools to acquire or build the data sets as well as requiring more comprehensive comparison of classifier performance on full binaries. An experimental evaluation was performed to test classifier performance on different situations. For example, when training and testing classifiers with only code sections from executable files, all the classifiers performed equally well achieving over 98% accuracy. On samples with very small code sections 3-nearest neighbors and SVM had the best performance achieving 90% accuracy at 128 bytes. At the same time, random forest classifier performed the best classifying full binaries when trained with code sections at 90% accuracy and 99.2% when trained using full binaries.en
dc.format.extent74
dc.format.mimetypeapplication/pdf
dc.language.isoen
dc.subject.otherFirmware Analysis
dc.subject.otherSupervised Machine Learning
dc.subject.otherClassification
dc.subject.otherBinary Code
dc.titleAutomatic identification of architecture and endianness using binary file contents
dc.identifier.urnURN:NBN:fi:jyu-201904182217
dc.type.ontasotPro gradu -tutkielmafi
dc.type.ontasotMaster’s thesisen
dc.contributor.tiedekuntaInformaatioteknologian tiedekuntafi
dc.contributor.tiedekuntaFaculty of Information Technologyen
dc.contributor.laitosInformaatioteknologiafi
dc.contributor.laitosInformation Technologyen
dc.contributor.yliopistoJyväskylän yliopistofi
dc.contributor.yliopistoUniversity of Jyväskyläen
dc.contributor.oppiaineTietotekniikkafi
dc.contributor.oppiaineMathematical Information Technologyen
dc.rights.copyrightJulkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.fi
dc.rights.copyrightThis publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.en
dc.type.publicationmasterThesis
dc.contributor.oppiainekoodi602
dc.format.contentfulltext
dc.relation.datasethttps://github.com/kairis/isadetect
dc.relation.datasethttps://etsin.fairdata.fi/dataset/80fa69af-addb-4f9a-b45c-c16011bae366
dc.type.okmG2


Aineistoon kuuluvat tiedostot

Thumbnail

Aineisto kuuluu seuraaviin kokoelmiin

Näytä suppeat kuvailutiedot