• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04c
• /
• pp.133-135
• /
• 2003

본 연구에서는 자바 코드로부터 UML 클래스 다이어그램을 추출하는 역공학방법을 제시하였다. 파서를 이용하여 자바 코드로부터 AST를 생성하고 이를 순회하면서 클래스다이어그램 생성에 필요한 정보를 추출하였다. 이를 위해 구조정보와 관계정보를 정의하였는데, 구조정보에서는 클래스 몸체를 구성하는 정보를 표현하였다. 관계정보에서는 클래스들 간의 연관관계를 결정하기 위해 필요한 정보를 표현하였으며, 얻어진 관계정보를 통해 연관관계를 유추하는 방법을 제시하였다. 특히 클래스들간의 연관관계를 추출하기 위한 규칙들을 정의하고, 이를 통해 얻어진 관계정보를 이용하여 연관관계를 유출하는 과정을 설명하였다.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.11 no.6
• /
• pp.724-731
• /
• 2018

Code obfuscation is a technology that makes programs difficult to understand for the purpose of interpreting programs or preventing forgery or tampering. Inverse reading is a technology that analyzes the meaning of origin through reverse engineering technology by receiving obfuscated programs as input. This paper is an analysis of obfuscation and reverse-toxicization technologies for binary code in a virtualized-based environment. Based on VMAttack, a detailed analysis of static code analysis, dynamic code analysis, and optimization techniques were analyzed specifically for obfuscation and reverse-dipidization techniques before obfuscating and reverse-dipulation techniques. Through this thesis, we expect to be able to carry out various research on virtualization and obfuscation. In particular, it is expected that research from stack-based virtual machines can be attempted by adding capabilities to enable them to run on register-based virtual machines.

• Journal of the Computational Structural Engineering Institute of Korea
• /
• v.15 no.1
• /
• pp.137-146
• /
• 2002

The predictions of the loading characteristics was performed by the neural networks which use the results through structural analysis. The momentum backperpagtion which can be modified the teaming rate and momentum coefficient, was developed. Input patterns of the neural networks are the 9 strains which positioned at the side of the shell and output layers is the loading characteristics. Hidden layers were increased from 1 layers to 3 layers. Developed program which were trained by 9 strains predict the loading characteristics under 0.5%. Inverse engineering can be applicable to the composite laminated cylindrical shells with developed neural networks.

• Proceedings of the KAIS Fall Conference
• /
• 2006.05a
• /
• pp.457-461
• /
• 2006

디지털 융합(Digital Convergence)이 모든 분야에서 급속히 전개됨으로서 기업들은 전략적으로 IT를 전사적으로 활용하면서 글로벌 시대의 경쟁 기업들에 비해 보다 빠른 신기술 습득을 적용함으로써 생존 경쟁의 우위 확보 전략이 점차 강화되고 있는 실정이다. IT 기술의 발전 방향도 전사적 데이터 및 비즈니스 프로세스의 통합을 통하여 전 영역에 걸쳐 신기술을 이용하여 표준화와 통합화로 진보되고 있다. 그러나 글로벌 경쟁체제인 세계화가 가속화 되고 있는 기업들의 품질 경영 활동이 실시간으로 처리되지 못함에 따라 각종 경영혁신 활동에 대한 통제/관리와 비용 절감 노력이 기업 역량 강화에 유기적인 효과를 거두지 못하고 있는 실정이다. 따라서 본 연구에서 일반적으로 제조 부문이나 사무간접(관리)부문에서도 적용 가능한 6시그마 추진 방법론을 기반으로 목표관리 및 방침관리인 Top-Down 프로세스인 순공학 품질경영 활동인 뿐만 아니라, 현장의 창의적인 품질경영 활동을 통한 Bottom-Up 프로세스인 역공학 품질경영 활동에서도 적용 가능한 실시간 동시공학적인 품질경영 활동의 프레임워크를 설계하도록 한다. 또한 가치 흐름 분석을 통해 낭비 요인을 철저하게 제거하고, 프로세스의 흐름을 최적화하여 원하는 품질경영 활동이 프로젝트로 발전하여 기업경영에 실시간으로 반영될 수 있는 전사적 통합 품질경영 활동 시스템을 제안하도록 한다.

• The KIPS Transactions:PartD
• /
• v.10D no.6
• /
• pp.999-1010
• /
• 2003

Program slicing is s method to extract the statements from the program which have an influence on the value of a variable at a paricular point of the program. Program slicing is applied for many applications, such as program degugging, program testing, program integration, parallel program execution, software metrics, reverse engineering, and software maintenance, etc. This paper is the study to create the exact slice in the presence of Object Reference State Graph to generate more exactly static analysis information of objects in the program of the presence of complicated data structure.

• Journal of Software Assessment and Valuation
• /
• v.17 no.1
• /
• pp.41-50
• /
• 2021

Many game and financial apps have emulator detection functionality to defend against dynamic reverse engineering attacks. However, existing Android emulator detection methods have limitations in detecting the latest mobile game emulators that are similar to actual devices. Therefore, in this paper, we propose a method to effectively detect Android emulators for mobile games based on Houdini module and strings of a library. The proposed method detects the two emulators, Nox and LD Player through specific strings included in libc.so of bionic, and an analysis of the system call execution process and memory mapping associated with the Houdini module.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.61-70
• /
• 2024

As users use various services along with the rapid increase in Internet services, it may be difficult to manage accounts. To solve these difficulties, various password management applications are emerging. From a forensic point of view, password management applications can provide clues to obtain criminal evidence. The purpose of this paper is to acquire the data stored by the user in the password management application. To this end, we propose a better way to decrypt the encrypted data through reverse engineering, evaluate the security of the application to be analyzed, and safely store the data.

• Journal of Advanced Navigation Technology
• /
• v.16 no.3
• /
• pp.488-494
• /
• 2012

This paper classifies the self-defense techniques used by the malicious software based on their approaches, introduces the packing technique as one of the code protection methods and proposes a way to quickly analyze the packed malicious codes. Packing technique hides a malicious code and restore it at runtime. To analyze a packed code, it is initially required to find the entry point after restoration. To find the entry point, it has been used reversing the packing routine in which a jump instruction branches to the entry point. However, the reversing takes too much time because the packing routine is usually obfuscated. Instead of reversing the routine, this paper proposes an idea to search some features of the startup code in the standard library used to generate the malicious code. Through an implementation and a consequent empirical study, it is proved that the proposed approach is able to analyze malicious codes faster.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.45-55
• /
• 2019

DEX file and share objects (also known as the SO file) are important components that define the behaviors of an Android application. DEX file is implemented in Java code, whereas SO file under ELF file format is implemented in native code(C/C++). The two layers - Java and native can communicate with each other at runtime. Malicious applications have become more and more prevalent in mobile world, they are equipped with different evasion techniques to avoid being detected by anti-malware product. To avoid static analysis, some applications may perform malicious behavior in native code that is difficult to analyze. Existing researches fail to extract the call relationship which includes both Java code and native code, or can not analyze multi-DEX application. In this study, we design and implement a system that effectively extracts the call relationship between Java code and native code by analyzing DEX file and SO file of Android application.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.4
• /
• pp.25-29
• /
• 2021

The strip binary is a binary from which debug symbol information has been deleted, and therefore it is difficult to analyze the binary through techniques such as reverse engineering. Traditional binary analysis tools rely on debug symbolic information to analyze binaries, making it difficult to detect or analyze malicious code with features of these strip binaries. In order to solve this problem, the need for a technology capable of effectively extracting the information of the strip binary has emerged. In this paper, focusing on the fact that the byte code of the binary file is generated very differently depending on compiler version, optimazer level, etc. For effective compiler version extraction, the entire byte code is read and imaged as the target of the stripped binaries and this is applied to the convolution neural network. Finally, we achieve an accuracy of 93.5%, and we provide an opportunity to analyze stripped binary more effectively than before.