Näytä suppeat kuvailutiedot

dc.contributor.authorKairajärvi, Sami
dc.contributor.authorCostin, Andrei
dc.contributor.authorHämäläinen, Timo
dc.date.accessioned2020-03-31T06:21:26Z
dc.date.available2020-03-31T06:21:26Z
dc.date.issued2020
dc.identifier.citationKairajärvi, S., Costin, A., & Hämäläinen, T. (2020). ISAdetect : Usable Automated Detection of CPU Architecture and Endianness for Executable Binary Files and Object Code. In <i>CODASPY '20 : Proceedings of the 10th ACM Conference on Data and Application Security and Privacy</i> (pp. 376-380). ACM. <a href="https://doi.org/10.1145/3374664.3375742" target="_blank">https://doi.org/10.1145/3374664.3375742</a>
dc.identifier.otherCONVID_35068275
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/68398
dc.description.abstractStatic and dynamic binary analysis techniques are actively used to reverse engineer software's behavior and to detect its vulnerabilities, even when only the binary code is available for analysis. To avoid analysis errors due to misreading op-codes for a wrong CPU architecture, these analysis tools must precisely identify the Instruction Set Architecture (ISA) of the object code under analysis. The variety of CPU architectures that modern security and reverse engineering tools must support is ever increasing due to massive proliferation of IoT devices and the diversity of firmware and malware targeting those devices. Recent studies concluded that falsely identifying the binary code's ISA caused alone about 10% of failures of IoT firmware analysis. The state of the art approaches detecting ISA for executable object code look promising, and their results demonstrate effectiveness and high-performance. However, they lack the support of publicly available datasets and toolsets, which makes the evaluation, comparison, and improvement of those techniques, datasets, and machine learning models quite challenging (if not impossible). This paper bridges multiple gaps in the field of automated and precise identification of architecture and endianness of binary files and object code. We develop from scratch the toolset and datasets that are lacking in this research space. As such, we contribute a comprehensive collection of open data, open source, and open API web-services. We also attempt experiment reconstruction and cross-validation of effectiveness, efficiency, and results of the state of the art methods. When training and testing classifiers using solely code-sections from executable binary files, all our classifiers performed equally well achieving over 98% accuracy. The results are consistent and comparable with the current state of the art, hence supports the general validity of the algorithms, features, and approaches suggested in those works.en
dc.format.extent381
dc.format.mimetypeapplication/pdf
dc.languageeng
dc.language.isoeng
dc.publisherACM
dc.relation.ispartofCODASPY '20 : Proceedings of the 10th ACM Conference on Data and Application Security and Privacy
dc.rightsIn Copyright
dc.titleISAdetect : Usable Automated Detection of CPU Architecture and Endianness for Executable Binary Files and Object Code
dc.typeconferenceObject
dc.identifier.urnURN:NBN:fi:jyu-202003312612
dc.contributor.laitosInformaatioteknologian tiedekuntafi
dc.contributor.laitosFaculty of Information Technologyen
dc.contributor.oppiaineTietotekniikkafi
dc.contributor.oppiaineMathematical Information Technologyen
dc.type.urihttp://purl.org/eprint/type/ConferencePaper
dc.relation.isbn978-1-4503-7107-0
dc.type.coarhttp://purl.org/coar/resource_type/c_5794
dc.description.reviewstatuspeerReviewed
dc.format.pagerange376-380
dc.type.versionacceptedVersion
dc.rights.copyright© 2020 ACM
dc.rights.accesslevelopenAccessfi
dc.relation.conferenceACM Conference on Data and Applications Security and Privacy
dc.relation.grantnumber1758/31/2018
dc.subject.ysoprosessorit
dc.subject.ysoesineiden internet
dc.subject.ysohaittaohjelmat
dc.subject.ysotietoturva
dc.format.contentfulltext
jyx.subject.urihttp://www.yso.fi/onto/yso/p10874
jyx.subject.urihttp://www.yso.fi/onto/yso/p27206
jyx.subject.urihttp://www.yso.fi/onto/yso/p2837
jyx.subject.urihttp://www.yso.fi/onto/yso/p5479
dc.rights.urlhttp://rightsstatements.org/page/InC/1.0/?language=en
dc.relation.datasethttps://github.com/kairis/isadetect
dc.relation.doi10.1145/3374664.3375742
dc.relation.funderBusiness Finlanden
dc.relation.funderBusiness Finlandfi
jyx.fundingprogramResearch to Business (R2B), BFen
jyx.fundingprogramResearch to Business (R2B), BFfi
jyx.fundinginformationAuthors would like to acknowledge BINARE.IO [1] and APPIOTS (Business Finland project 1758/31/2018), as well as the grants of computer capacity from the Finnish Grid and Cloud Infrastructure (FGCI) (http:// urn./ urn:nbn::research-infras-2016072533).
dc.type.okmA4


Aineistoon kuuluvat tiedostot

Thumbnail

Aineisto kuuluu seuraaviin kokoelmiin

Näytä suppeat kuvailutiedot

In Copyright
Ellei muuten mainita, aineiston lisenssi on In Copyright