Buinevich M.orcid-id, Izrailov K. orcid-id
Identification of Processor’s Architecture of Executable Code Based on Machine Learning. Part 1. Frequency Byte ModelЖурнала ТУЗС - Том 6, №1, 2020

  • Abstract: This article shows us the study results of a method for identifying the processor architecture of an executable code based on machine learning. In the first part of the article we see an overview of existing solutions for machine code identifying and we see how the author makes a new method assumption. The author considers features of the machine code instructions and build its frequency-byte model. There is a processor architecture identification scheme, which is based on this model. Apart from that we see the frequency signatures which are provided for the following Top 10 processor architectures: amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x.
  • Keywords: information security, machine code, processor architecture, machine learning, frequency-byte model, code signature