• Journal of the Korea Society of Computer and Information
• /
• v.23 no.11
• /
• pp.85-93
• /
• 2018

In recent years, there has been an increasing number of ways to distribute document-based malicious code using vulnerabilities in document files. Because document type malware is not an executable file itself, it is easy to bypass existing security programs, so research on a model to detect it is necessary. In this study, we extract main features from the document structure and the JavaScript contained in the stream object In addition, when JavaScript is inserted, keywords with high occurrence frequency in malicious code such as function name, reserved word and the readable string in the script are extracted. Then, we generate a machine learning model that can distinguish between normal and malicious. In order to make it difficult to bypass, we try to achieve good performance in a black box type algorithm. For an experiment, a large amount of documents compared to previous studies is analyzed. Experimental results show 98.9% detection rate from three different type algorithms. SVM, which is a black box type algorithm and makes obfuscation difficult, shows much higher performance than in previous studies.

• The KIPS Transactions:PartD
• /
• v.18D no.1
• /
• pp.35-44
• /
• 2011

Memory errors can cause not only program malfunctions but also even unexpected system halt. Though a programmer checks memory errors, some memory errors with low occurrence frequency are missed to detect. In this paper, we propose a method for effectively detecting such memory errors using instruction transition diagrams through analyzing assembly codes obtained by disassembling an executable file. Out of various memory errors, local memory return errors, null pointer access errors and uninitialized pointer access errors are targeted for detection. When applying the proposed method to various programs including well-known open source programs such as Apache web server and PHP script interpreter, some potential memory errors are detected.

• Journal of the Korea Society of Computer and Information
• /
• v.19 no.7
• /
• pp.77-85
• /
• 2014

Recently, several environment damage caused by malicious or suspicious code is increasing. We study comprehensive response system actively for malware detection. Suspicious code is installed on your PC without your consent, users are unaware of the damage. Also, there are need to technology for realtime processing of Big Data. We must develope advanced technology for malware detection. We must analyze the static, dynamic of executable file for fundamentally malware detection in recently and verified by a reputation for verification. It is need to judgment of similarity for realtime response with big data. In this paper, we proposed realtime detection and verification technology using multiple filter. Our malware study suggests a new direction of realtime malware detection.

• Journal of The Korean Astronomical Society
• /
• v.38 no.4
• /
• pp.463-470
• /
• 2005

In this paper, we have made the component-based development of observational software for KASI solar imaging spectrograph (KSIS) that is able to obtain three-dimensional imaging spectrograms by using a scanning mirror in front of the spectrograph slit. Since 2002, the KASI solar spectrograph has been successfully operated to observe solar spectra for a given slit region as well as to inspect the response functions of narrow band filters. To improve its capability, we have developed the KSIS that can perform sequential observations of solar spectra by simultaneously controlling the scanning mirror and the CCD camera via Visual C++. Main task of this paper is to introduce the development of the component-based software for KSIS. Each component of the software is reusable on the level of executable file instead of source code because the software was developed by using CBD (component-based development) methodology. The main advantage of such a component-based software is that key components such as image processing component and display component can be applied to other similar observational software without any modifications. Using this software, we have successfully obtained solar imaging spectra of an active region (AR 10708) including a small sunspot. Finally, we present solar $H{\alpha}$ spectra ($6562.81{\AA}$) that were obtained at an active region and a quiet region in order to confirm the validity of the developed KSIS and its software.

• Transactions of the Korean Society of Mechanical Engineers
• /
• v.10 no.1
• /
• pp.25-33
• /
• 1986

In this paper, the frontal method based elastic-plastic F.E.M. program for mini-computer was developed. Since, the executable source program size was restricted by the system core memory size on the mini-computer, the active variables were memorized by the element base and the nonactive varables were memorized to the external disc file. The active variables of the finally developed program were reduced enough to execute about 1,000 freedom finite element on the mini-computer on which available variables were restricted as 32,767 integers. A modified CT fracture test specimen was examined to test the developed program. The calculated results were compared with experimental results concerning on the crack tip plastic deformation zone. Recrystallization technique was adopted to visualize the intensive plastic deformation regions. The Von-Mises criterion based calculation results were well agreed with the experimental results in the intensive plastic region which was over than 2% offset strain. The F.E.M. results using the developed program were well agreed with the theoritical plastic boundary which was calculated by the stress intensity factor as r$_{p}$=(K$_{1}$$^{2}$/2.pi..sigma.$_{y}$$^{2}$).f(.theta.).).).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.839-850
• /
• 2014

As the social and financial damages caused by APT attack such as 3.20 cyber terror are increased, the technical solution against APT attack is required. It is, however, difficult to protect APT attack with existing security equipments because the attack use a zero-day malware persistingly. In this paper, we propose a host based anomaly detection method to overcome the limitation of the conventional signature-based intrusion detection system. First, we defined 39 features to identify between normal and abnormal behavior, and then collected 8.7 million feature data set that are occurred during running both malware and normal executable file. Further, each process is represented as 83-dimensional vector that profiles the frequency of appearance of features. the vector also includes the frequency of features generated in the child processes of each process. Therefore, it is possible to represent the whole behavior information of the process while the process is running. In the experimental results which is applying C4.5 decision tree algorithm, we have confirmed 2.0% and 5.8% for the false positive and the false negative, respectively.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.938-941
• /
• 2010

Though a compiler checks memory errors, it is difficult for the compiler to detect function pointer errors in code level. Thus, in this paper, we propose a method for effectively detecting Invalid function pointer access errors, by analyzing assembly codes that are obtained by disassembling an executable file. To detect the errors, assembly codes in disassembled files are checked out based on the instruction transition diagrams which are constructed through analyzing normal usage patterns of function pointer access. When applying the proposed method to various programs having no compilation error, a total of about 500 potential errors including the ones of well-known open source programs such as Apache web server and PHP script interpreter are detected among 1 million lines of assembly codes corresponding to a total of about 10 thousand functions.

• Journal of the Korea Convergence Society
• /
• v.10 no.1
• /
• pp.61-69
• /
• 2019

As smartphones become widespread, numerous applications are developed and social issues related to software copyright are emerging. Software watermarking is digital watermarking technology applied to software and is a technology that can be used to recognize copyright owners. Generally, Java language is used to develop applications on the Android environment. The Java is an object-oriented language that supports method overloading and overriding. In this paper, we propose and implement a method generation based watermarking technique. As a result of evaluating the overhead due to the watermark, it was confirmed that the increase of the executable file size and the decrease of the execution speed are not large. Using the watermarking technique proposed in this paper, it is expected that copyright information can be verified when illegal copying is suspected or actual program is stolen, and piracy attempts will be prevented in advance.

• Journal of KIISE:Computing Practices and Letters
• /
• v.11 no.1
• /
• pp.15-25
• /
• 2005

Embedded systems have a set of tasks to execute. These tasks can be implemented either on application specific hardware or as software running on a specific processor. The design of an embedded system involves the selection of hardware software resources, Partition of tasks into hardware and software, and performance evaluation. An accurate estimation of execution time for extreme cases (best and worst case) is important for hardware/software codesign. A tighter estimation of the execution time bound nay allow the use of a slower processor to execute the code and may help lower the system cost. In this paper, we consider an ARM-based embedded system and developed a tool to estimate the tight boundary of execution time of a task with loop bounds and any additional program path information. The tool we developed is based on an exiting timing analysis tool named 'Cinderella' which currently supports i960 and m68k architectures. We add a module to handle ARM ELF object file, which extracts control flow and debugging information, and a module to handle ARM instruction set so that the new tool can support ARM processor. We validate the tool by comparing the estimated bound of execution time with the run-time execution time measured by ARMulator for a selected bechmark programs.

• Journal of the Korean Society for Railway
• /
• v.15 no.4
• /
• pp.323-328
• /
• 2012

The purpose of this study is to develop automated structural design and analysis aided-program of aluminum extrusion carbody structures for railway vehicle. This developed program is called "AUTO-RAP" and could perform simultaneously structural design and verification for railway carbody structures made of aluminum extrusion independent of expertise and experience of design engineers. Design engineers are able to conduct the knowledge-based design by providing database of existing aluminum extrusion or user-defined function. The design verification is automatically programmed to evaluate its structural integrity according to Korean Railway Safety Law or Urban Transit Safety Law. In addition, this program could automatically generate an executable file of various commercial finite element programs such as ANSYS and ABAQUS and CAD files such as .stp and .iges by GUI environment applications using MFC(Microsoft Foundation Classes). In conclusion, it is expected to contribute to reduce product design cost and time of carbody structures aluminum extrusions in railway industry.