• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.171-179
• /
• 2022

Self-Modifying-Code is a code that changes the code by itself during execution time. This technique is particularly abused by malicious code to bypass static analysis. Therefor, in order to effectively detect such malicious codes, it is important to identify self-modifying-codes. In the meantime, Self-modify-codes have been analyzed using dynamic analysis methods, but this is time-consuming and costly. If static analysis can detect self-modifying-code it will be of great help to malicious code analysis. In this paper, we propose a static analysis method to detect self-modified code for binary executable programs converted to LLVM IR and apply this method by making a self-modifying-code benchmark. As a result of the experiment in this paper, the designed static analysis method was effective for the standardized LLVM IR program that was compiled and converted to the benchmark program. However, there was a limitation in that it was difficult to detect the self-modifying-code for the unstructured LLVM IR program in which the binary was lifted and transformed. To overcome this, we need an effective way to lift the binary code.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.10 no.1
• /
• pp.39-50
• /
• 2010

In this paper, we analyze and simulate the performance of a tactics mobile communication system based on ultra wide band (UWB) in multi-user interference (MUI) environments. This system adopts a double binary turbo code for forward error correction (FEC). Wireless channel is modeled a modified Saleh and Valenzuela (SV) model. We employ a space time block coding (STBC) scheme for enhancing system performance. System performance is evaluated in terms of bit error probability. From the simulation results, it is confirmed that the tactics mobile communication system based on UWB, which is encoded with the double binary turbo code, can achieve a remarkable coding gain with reasonable encoding and decoding complexity in multi-user interference environments. It is also known that the bit error probability performance of the tactics mobile communication system based on UWB can be substantially improved by increasing the number of iterations in the decoding process for a fixed cod rate. Besides, we can demonstrate that the double binary turbo coding scheme is very effective for increasing the number of simultaneous users for a given bit error probability requirement.

• Journal of the Korea Computer Industry Society
• /
• v.3 no.8
• /
• pp.963-980
• /
• 2002

Software reengineering is making various research for solutions against problem of maintain existing systems. Reengineering has a meaning of development of software on exizting systems through the reverse engineering auf forward engineering. Most of the important concepts used in reengineering is composition that is restructuring of the existing objects. Is there a compiler that can compile a program written in a traditional procedural language (like C or Pascal) and generate a Java bytecode, rather than an executable code that runs oかy on the machine it was compiled (such as an a.out file on a Unix machine)\ulcorner This type of compiler may be very handy for today's computing environment of heterogeneous networks. In this paper we present a software system that does this job at the binary-to-binary level. It takes the compiled binary code of a procedural language and translates it into Java bytecode. To do this, we first translate into an assembler code called Jasmin [7] that is a human-readable representation of Java bytecode. Then the Jasmin assembler converts it into real Java bytecode. The system is not a compiler because it does not start at the source level. We believe this kind of translator is even more useful than a compiler because most of the executable code that is available for sharing does not come with source programs. Of course, it works only if the format of the executable binary code is known. This translation process consists of three major stages: (1) analysis stage that identifies the language constructs in the given binary code, (2) initialization stage where variables and objects are located, classified, and initialized, and (3) mapping stage that maps the given binary code into a Jasmin assembler code that is then converted to Java bytecode.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.2C
• /
• pp.219-228
• /
• 2010

In this paper, performance of RS (Reed-Solomon), turbo and LDPC (low density parity check) code in the binary symmetric erasure channel is investigated. When the average erasure length is reduced, the frequency of short erasures is increased. The RS code shows serious performance degradation in such an environment since decoding is carried out symbol-by-symbol. As the erasure length is increased, however, the RS code shows much improved en-or performance. On the other hand, the message and corresponding parity symbols of the turbo code can be erased at the same time for the long erasures. Accordingly, iterative decoding of the turbo code can not improve error performance any more for such a long erasure. The LDPC code shows little difference in error performance with respect to the variation of the average erasure length due to the virtual interleaving effect. As a result, the LDPC code has much better erasure decoding performance than the RS and turbo code.

• The Journal of the Korea Contents Association
• /
• v.10 no.5
• /
• pp.70-79
• /
• 2010

We perform static program analysis for the binary code. The reason you want to analyze at the level of binary code, installed on your local computer, run the executable file without source code. And the reason we want to perform static analysis, static program analysis is to understand what actions to perform on your local computer. In this paper, execution flow graph representing information such as the execution order among functions and the flow of control is generated. Using graph, User can find execution flow of binary file and calls of insecure functions at the same time, and the graph should facilitate the analysis of binary files. In addition, program to be run is ensured the safety by providing an automated way to search the flow of execution, and program to be downloaded and installed from outside is determined whether safe before running.

• Journal of IKEEE
• /
• v.22 no.3
• /
• pp.850-853
• /
• 2018

In this paper, we propose a decoding method using a balanced binary tree and a canonical Huffman tree for efficient decoding of Huffman codes. The balanced binary tree scheme reduces the number of searches by lowering the height of the tree and binary search. However, constructing a tree based on the value of the code instead of frequency of symbol is a drawback of the balanced binary tree. In order to overcome these drawbacks, a balanced binary tree is reconstructed according to the occurrence probability of symbols at each level of the tree and binary search is performed for each level. We minimize the number of searches using a canonical Huffman tree to find level of code to avoid searching sequentially from the top level to bottom level.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.4
• /
• pp.25-29
• /
• 2021

The strip binary is a binary from which debug symbol information has been deleted, and therefore it is difficult to analyze the binary through techniques such as reverse engineering. Traditional binary analysis tools rely on debug symbolic information to analyze binaries, making it difficult to detect or analyze malicious code with features of these strip binaries. In order to solve this problem, the need for a technology capable of effectively extracting the information of the strip binary has emerged. In this paper, focusing on the fact that the byte code of the binary file is generated very differently depending on compiler version, optimazer level, etc. For effective compiler version extraction, the entire byte code is read and imaged as the target of the stripped binaries and this is applied to the convolution neural network. Finally, we achieve an accuracy of 93.5%, and we provide an opportunity to analyze stripped binary more effectively than before.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.2 no.4
• /
• pp.511-517
• /
• 1998

In this paper a new technique to generate spreading code sequences in the CDMA communication is introduced. It is an effective method to generate optimal code sequences using the orthogonality of wavelet packet basis set of subspaces. With a three-stage Quadrature Mirror Filter(QMF), generation of optimal code sequences has been demonstrated. Since these generated optimal code sequences are non-binary and have an arbitrary waveform which is different from that of the conventional PN-based Gold code sequences, a strong security against the intended interceptor is feasible. Encouraging good correlation properties are also achieved with this new method.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.1C
• /
• pp.123-129
• /
• 2010

In this paper, we analyze the code tracking biases of single and double early-minus-late processing schemes which are widely used code tracking method for global navigation satellite systems. The code tracking bias which results from the distortion in symmetry of correlation values is arisen in the presence of multipath signals. To analyze them, two civil signals which are spreading signals modulated by binary phase shift keying and binary offset carrier are considered.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.5
• /
• pp.91-103
• /
• 2015

This paper presents "The 3-User NOR switching channel based on interference decoding with receiver cooperation" in succession to "Jeju Jong Nang channel code I, II". The Jeju Jong Nang code is considered as one of the earliest human binary coded communication (HBCC) in the world with a definite "1" or "0" binary symbolic analysis of switching circuits. In this paper, we introduce a practical example of interference decoding with receiver cooperation based on the three user Jong Nang NOR switching channel. The proposed system models are the three user Jong Nang (TUJN) NOR logic switching on-off, three-user injective deterministic NOR switching channel and Gaussian interference channel (GIC) with receiver cooperation. Therefore, this model is well matched to Shannon binary symmetric and erasure channel capacity. We show the applications of three-user Gaussian interference decoding to obtain deterministic channels which means each receiver cooperation helps to adjacent others in order to increase degree of freedom. Thus, the optimal sum rate of interference mitigation through adjacent receiver cooperation achieves 7 bits.