• Journal of the Korea Society of Computer and Information
• /
• v.26 no.10
• /
• pp.19-26
• /
• 2021

The performance of deep learning-based malware detection and classification models depends largely on how to construct a feature set to be applied to training. In this paper, we propose an approach to select the optimal feature set to maximize detection performance for CNN-based Android malware detection. The features to be included in the feature set were selected through the Chi-Square test algorithm, which is widely used for feature selection in machine learning and deep learning. To validate the proposed approach, the CNN model was trained using 36 characteristics selected for the CICANDMAL2017 dataset and then the malware detection performance was measured. As a result, 99.99% of Accuracy was achieved in binary classification and 98.55% in multiclass classification.

• KIPS Transactions on Computer and Communication Systems
• /
• v.9 no.11
• /
• pp.273-280
• /
• 2020

Automatic Static Analysis Tools help developers to quickly find potential defects in source code with less effort. However, the tools reports a large number of false positive warnings which do not have to fix. In our study, we proposed an artificial neural network-based warning classification method using topic models of source code blocks. We collect revisions for fixing bugs from software change management (SCM) system and extract code blocks modified by developers. In deep learning stage, topic distribution values of the code blocks and the binary data that present the warning removal in the blocks are used as input and target data in an simple artificial neural network, respectively. In our experimental results, our warning classification model based on neural network shows very high performance to predict label of warnings such as true or false positive.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.6
• /
• pp.1499-1505
• /
• 2015

This study is about the patent information analysis of relevant companies and technologies based on International Patent Classification (IPC) code. 902 patent applications in the field of electronic commerce(G06Q) by NAVER, the biggest internet company in Korea, are the subjects of this study. First, we investigated the number of applications and registrations per IPC code so that we could analyze the core technology areas and the status of patent application. In addition, we examined the convergence of technologies by investigating interconnections between main and sub categories of IPC codes. Lastly, we looked into the changes in patent technologies by investigating the status of application per IPC code in accordance with year. By analyzing the IPC code based patent information used in this study, we could further expect the trends of companies and technologies.

• Journal of Internet Computing and Services
• /
• v.22 no.2
• /
• pp.1-9
• /
• 2021

Traditionally, most malicious codes have been analyzed using feature information extracted by domain experts. However, this feature-based analysis method depends on the analyst's capabilities and has limitations in detecting variant malicious codes that have modified existing malicious codes. In this study, we propose a ResNet-Variational AutoEncder-based variant malware classification method that can classify a family of variant malware without domain expert intervention. The Variational AutoEncoder network has the characteristics of creating new data within a normal distribution and understanding the characteristics of the data well in the learning process of training data provided as input values. In this study, important features of malicious code could be extracted by extracting latent variables in the learning process of Variational AutoEncoder. In addition, transfer learning was performed to better learn the characteristics of the training data and increase the efficiency of learning. The learning parameters of the ResNet-152 model pre-trained with the ImageNet Dataset were transferred to the learning parameters of the Encoder Network. The ResNet-Variational AutoEncoder that performed transfer learning showed higher performance than the existing Variational AutoEncoder and provided learning efficiency. Meanwhile, an ensemble model, Stacking Classifier, was used as a method for classifying variant malicious codes. As a result of learning the Stacking Classifier based on the characteristic data of the variant malware extracted by the Encoder Network of the ResNet-VAE model, an accuracy of 98.66% and an F1-Score of 98.68 were obtained.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.796-798
• /
• 2023

IoT 기기 사용량의 증가로 인해 해킹 사례도 함께 증가하며 보안의 중요성이 커지고 있다. 본 논문은 IoT 보안 취약점을 해결하기 위해 정상/악성코드의 데이터셋을 Grayscale로 변환하여 악성코드/정상코드로 분류하는 알고리즘을 개발해 IoT 기기에서 성능을 검증한다. 분류에 이용되는 딥러닝 알고리즘은 CNN(Convolutional Neural Network)으로 99.60%의 평균 정확도를 나타내며 IoT 기기(라즈베리파이)에서도 잘 작동됨을 확인할 수 있다.

• The Journal of the Korea Contents Association
• /
• v.8 no.1
• /
• pp.246-258
• /
• 2008

The software industry is so important to the 21C information society Not only the digital content control but the technology of software source code for the intellectual property is so much mean to international competition. On occurring disputation property of software source code, we have to prove the fact, there is a problem to discriminate the original software source code. In this paper, we make a study of the digital licence prototype for discriminate the original source code. Reserved words of software source code by parsing express to XML file that have hierarchical structure. Then, we can express node pattern and architecture pattern of software source code by tree structure form instead of complex software source code. And we make a simulation of discrimination possibility of digital license and propose CRYPTEX model.

• KIISE Transactions on Computing Practices
• /
• v.21 no.3
• /
• pp.263-268
• /
• 2015

Malware variations could be defined as malicious executable files that have similar functions but different structures. In order to classify the variations, this paper analyzed sequence alignment, the method used in Bioinformatics. This method found common parts of the Malwares' API call information. This method's performance is dependent on the API call information's length; if the length is too long, the performance should be very poor. Therefore we removed the repeated patterns in API call information in order to improve the performance of sequence alignment analysis, before the method was applied. Finally the similarity between malware was analyzed using sequence alignment. The experimental results with the real malware samples were presented.

• Proceedings of the Korean Society for Emotion and Sensibility Conference
• /
• 2002.11a
• /
• pp.74-78
• /
• 2002

소비의 패턴이 이성소비에서 감성소비로 전환되면서 오감이 중요한 마케팅 요소로 등장하고 있다. 특히 시각적 요소는 인간이 사물을 인지하는데 있어서 83%정도의 영향력을 발휘하기 때문에 매우 중요하게 고려된다. 따라서 본 연구는 Color Code를 토대로 사용자의 성격을 분류하고 동시에 사용자가 선호하는 색상을 이용하여 색채배색을 제안하는 방법을 설명하고 있는데 성격을 RED, BLUE, WHITE, YELLOW의 4개의 컬러코드로 분류하기 위해서 ‘The Hartman Color Code Personality Profil’을 이용하였다. 조사결과 사용자의 컬러코드 중 가장 많은 코드는 BLUE코드였으며 선호도도 가장 높았다. 이러한 BLUE 코드의 특징 중 색채와 대응할 수 있는 감성어휘를 중심으로 색채배색안을 제시하고 이를 주택상품의 컬러마케팅에 이용하고자 하는 것이 본 연구의 목표이다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1245-1248
• /
• 2010

최근 급격하게 증가하고 있는 악성코드에 비해 이들을 분석하기 위한 전문 인력은 매우 부족하다. 다행히 양산되는 악성코드의 대부분은 기존의 것을 수정한 변종이기 때문에 이들에 대해서는 자동분석시스템을 활용해서 분석하는 것이 효율적이다. 악성코드 자동분석에는 동적 분석과 정적 분석 모두가 사용되지만 정적 분석은 여러 가지 한계점 때문에 아직까지도 개선된 연구를 필요로 한다. 본 논문은 문자열 비교를 통해 두 실행파일에 대한 유사도를 측정함으로써 악성코드 판별 및 분류를 도와주는 정적 분석기법을 제안한다. 제안된 방법은 비교 문자열의 수와 종류에 따라 그 성능이 결정되기 때문에 문자열들을 정제하는 과정이 선행된다. 또한 유사도 측정에 있어서 악성코드가 가지는 문자열들의 특성을 고려한 개선된 비교방법을 보인다.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.11
• /
• pp.41-49
• /
• 2021

All application programs, including malware, call the Application Programming Interface (API) upon execution. Recently, using those characteristics, attempts to detect and classify malware based on API Call information have been actively studied. However, datasets containing API Call information require a large amount of computational cost and processing time. In addition, information that does not significantly affect the classification of malware may affect the classification accuracy of the learning model. Therefore, in this paper, we propose a method of extracting a essential feature set after reducing the dimensionality of API Call information by applying various feature selection methods. We used CICAndMal2020, a recently announced Android malware dataset, for the experiment. After extracting the essential feature set through various feature selection methods, Android malware classification was conducted using CNN (Convolutional Neural Network) and the results were analyzed. The results showed that the selected feature set or weight priority varies according to the feature selection methods. And, in the case of binary classification, malware was classified with 97% accuracy even if the feature set was reduced to 15% of the total size. In the case of multiclass classification, an average accuracy of 83% was achieved while reducing the feature set to 8% of the total size.