• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.7
• /
• pp.3756-3777
• /
• 2019

Recent internet development is helping malware researchers to generate malicious code variants through automated tools. Due to this reason, the number of malicious variants is increasing day by day. Consequently, the performance improvement in malware analysis is the critical requirement to stop the rapid expansion of malware. The existing research proved that the similarities among malware variants could be used for detection and family classification. In this paper, a Cross-Platform Malware Variant Classification System (CP-MVCS) proposed that converted malware binary into a grayscale image. Further, malicious features extracted from the grayscale image through Combined SIFT-GIST Malware (CSGM) description. Later, these features used to identify the relevant family of malware variant. CP-MVCS reduced computational time and improved classification accuracy by using CSGM feature description along machine learning classification. The experiment performed on four publically available datasets of Windows OS and Android OS. The experimental results showed that the computation time and malware classification accuracy of CP-MVCS was higher than traditional methods. The evaluation also showed that CP-MVCS was not only differentiated families of malware variants but also identified both malware and benign samples in mix fashion efficiently.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.7
• /
• pp.3654-3670
• /
• 2019

This paper proposes an Image Texture Median Filter (ITMF) to analyze and detect Android malware on Drebin datasets. We design a model of "ITMF" combined with Image Processing of Median Filter (MF) to reflect the similarity of the malware binary file block. At the same time, using the MAEVS (Malware Activity Embedding in Vector Space) to reflect the potential dynamic activity of malware. In order to ensure the improvement of the classification accuracy, the above-mentioned features(ITMF feature and MAEVS feature)are studied to train Restricted Boltzmann Machine (RBM) and Back Propagation (BP). The experimental results show that the model has an average accuracy rate of 95.43% with few false alarms. to Android malicious code, which is significantly higher than 95.2% of without ITMF, 93.8% of shallow machine learning model SVM, 94.8% of KNN, 94.6% of ANN.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.25 no.1
• /
• pp.23-29
• /
• 2022

As the application field of radar is expanded and the bandwidth increases, the number of radar sensors operating at the same frequency is continuously increasing. In this paper, we propose a method of analyzing interference when two pulse doppler radars are operated at the same frequency with different waveform which are designed independently. In addition, we show that even for a previously designed LFM waveforms, the interference can be suppressed without affecting the performance by changing the sign of the frequency slope by increasing/decreasing, or by modulating the pulses by the different codes. The interference suppression by different slopes is more effective for similar waveform and the suppression by the codes increases as the number of pulses increases. We expect this result can be extended to the cases where multiple radars are operated at the same frequency.

• Nuclear Engineering and Technology
• /
• v.56 no.6
• /
• pp.2208-2219
• /
• 2024

Kylin-2 is an advanced neutronics lattice code, developed by Nuclear Power Institute of China. High-precision multigroup cross section library is need for KYLIN-2 to carry out simulation of current pressurized water reactor (PWR) and advanced reactor. In this paper a multigroup cross section library generation system named TPAMS was developed, the methods in TPAMS dealing with resonance data such as subgroup parameters, lambda factor, resonance integral were discussed. Moreover, the depletion chain simplification method was studied. TPAMS can produce multigroup library in binary and ASIIC formats, including detailed data contents for resonance, transport and depletion calculations. A multigroup cross section library has been generated for KYLIN-2 based on TPAMS system. The multigroup cross section library was verified through the analysis of various criticality and burnup benchmarks, the values of multiplication factor and isotope density were compared with the experiment data. Numerical results demonstrate the accuracy of the multigroup cross section library and the reliability of the multigroup cross section library generation system TPAMS.

• Journal of Astronomy and Space Sciences
• /
• v.19 no.3
• /
• pp.187-196
• /
• 2002

We performed CCD photometric observations of the eclipsing binary Y Cam with a pulsating component, for 16 nights from November 2000 to May 2001 using a V filter attached to the 61-cm reflector at Sobaeksan Optical Astronomy Observatory. Our V light curve and Broglia & Marin's (1974) BV ones were analyzed with Mode 2 for a detached Roche model as well as Model 5 for a semi-detached one in the Wilson-Devinney code. From the analysis, we found the following results: 1) It is hardly discernible from only light curve synthesis which model between the detached and semi-detached ones is a real Roche model of Y Cam. 2) There exist the third light of about 2% and 3% in B and V light curves of Y Cam, respectively. 3) The light curve solution is immune from the light variation due to the pulsation of the primary component of Y cam. However, the detached model rather than the semi-detached one has slightly better fitted to the observations which were get rid of the pulsation effect. 4) The absolute dimensions of Y Cam were calculated for two Roche models.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.317-326
• /
• 2013

In this paper, we present an effective method for comparing control flow graphs which represent static structures of binary programs. To compare control flow graphs, we measure similarities by comparing instructions and syntactic information contained in basic blocks. In addition, we also consider similarities of edges, which represent control flows between basic blocks, by edge extension. Based on the comparison results of basic blocks and edges, we match most similar basic blocks in two control flow graphs, and then calculate the similarity between control flow graphs. We evaluate the proposed edge extension method in real world Java programs with respect to structural similarities of their control flow graphs. To compare the performance of the proposed method, we also performed experiments with a previous structural comparison for control flow graphs. From the experimental results, the proposed method is evaluated to have enough distinction ability between control flow graphs which have different structural characteristics. Although the method takes more time than previous method, it is evaluated to be more resilient than previous method in comparing control flow graphs which have similar structural characteristics. Control flow graph can be effectively used in program analysis and understanding, and the proposed method is expected to be applied to various areas, such as code optimization, detection of similar code, and detection of code plagiarism.

• Journal of KIISE:Computer Systems and Theory
• /
• v.36 no.2
• /
• pp.73-86
• /
• 2009

This paper proposes a new data hiding scheme for binary image authentication with minimizing the distortion of host image. Based on the Hamming-Code-Based data embedding algorithm, the proposed scheme makes it possible to embed authentication information into host image with only flipping small number of pixels. To minimize visual distortion, the proposed scheme only modifies the values of the flippable pixels that are selected based on Yang et al's flippablity criteria. In addition to this, by randomly shuffling the bit-order of the authentication information to be embedded, only the designated receiver, who has the secret key that was used for data embedding, can extract the embedded data. To show the superiority of the proposed scheme, the two measurement metrics, the miss detection rate and the number of flipped pixels by data embedding, are used for the comparison analysis between the proposed scheme and the previous schemes. As a result of analysis, it has been shown that the proposed scheme flips smaller number of pixels than the previous schemes to embed the authentication information of the same bit-length. Moreover, it has been shown that the proposed scheme causes smaller visual distortion and more resilient against recent steg-analysis attacks than the previous schemes by the experimental results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.537-544
• /
• 2020

Advances in detection techniques, such as mutation and obfuscation, are being advanced with the development of malware technology. In the malware detection technology, unknown malware detection technology is important, and a method for Malware Authorship Attribution that detects an unknown malicious code by identifying the author through distributed malware is being studied. In this paper, we try to extract the compiler information affecting the binary-based author identification method and to investigate the sensitivity of feature selection, probability and non-probability models, and optimization to classification efficiency between studies. In the experiment, the feature selection method through information gain and the support vector machine, which is a non-probability model, showed high efficiency. Among the optimization studies, high classification accuracy was obtained through feature selection and model optimization through the proposed framework, and resulted in 48% feature reduction and 53 faster execution speed. Through this study, we can confirm the sensitivity of feature selection, model, and optimization methods to classification efficiency.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.87-94
• /
• 2017

Microsoft Office is an office suite of applications developed by Microsoft. Recently users with malicious intent customize Office files as a container of the Malware because MS Office is most commonly used word processing program. To attack target system, many of malicious office files using a variety of skills and techniques like macro function, hiding shell code inside unused area, etc. And, people usually use two techniques to detect these kinds of malware. These are Signature-based detection and Sandbox. However, there is some limits to what it can afford because of the increasing complexity of malwares. Therefore, this paper propose methods to detect malicious MS office files in Computer forensics' way. We checked Macros and potential problem area with structural analysis of the MS Office file for this purpose.

• Journal of Institute of Control, Robotics and Systems
• /
• v.19 no.7
• /
• pp.646-652
• /
• 2013

EU's Galileo project is a market-based GNSS (Global Navigation Satellite System) that is under development. It is expected that Galileo will provide the positioning services based on new technologies in 2020s. Because Galileo E1 signal for OS (Open Service) shares the same center frequency with GPS L1 C/A signal, CBOC (Composite Binary Offset Carrier) modulation scheme is used in the E1 signal to guarantee interoperability between two systems. With E1 signal consisting of a data channel and a pilot channel at the same frequency band, there exist several options in designing signal acquisition for Assisted-Galileo receivers. Furthermore, compared to SNR worksheet of Assisted-GPS, some factors should be examined in Assisted-Galileo due to different correlation profile and code length of E1 signal. This paper presents SNR worksheets of Galileo E1 signals in E1-B and E1-C channel. Three implementation losses that are quite different from GPS are mainly analyzed in establishing SNR worksheets. In the worksheet, hybrid long integration of 1.5s is considered to acquire weak signal less than -150dBm. Simulation results show that the final SNR of E1-B signal with -150dBm is 19.4dB and that of E1-C signal is 25.2dB. Comparison of relative computation shows that E1-B channel is more profitable to acquire the strongest signal in weak signal environment. With information from the first satellite signal acquisition, fast acquisition of the weak signal around -155dBm can be performed with E1-C signal in the subsequent satellites.