• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.785-802
• /
• 2017

As cyber threats using malicious code continue to increase, many security and vaccine companies are putting a lot of effort into analysis and detection of malicious codes. However, obfuscation techniques that make software analysis more difficult are applied to malicious codes, making it difficult to respond quickly to malicious codes. In particular, commercial obfuscation tools can quickly and easily generate new variants of malicious codes so that malicious code analysts can not respond to them. In order for analysts to quickly analyze the actual malicious behavior of the new variants, reverse obfuscation(=de-obfuscation) is needed to disable obfuscation. In this paper, general analysis methodology is proposed to de-obfuscate the software used by a commercial obfuscation tool, Themida. First, We describe operation principle of Themida by analyzing obfuscated executable file using Themida. Next, We extract original code and data information of executable from obfuscated executable using Pintool, DBI(Dynamic Binary Instrumentation) framework, and explain the implementation results of automated analysis tool which can deobfuscate to original executable using the extracted original code and data information. Finally, We evaluate the performance of our automated analysis tool by comparing the original executable with the de-obfuscated executable.

• Journal of Korea Technology Innovation Society
• /
• v.17 no.4
• /
• pp.820-844
• /
• 2014

Various innovation theories, such as innovation system, innovation cluster, triple helix model, are different in their focus. However they all emphasize the interaction between innovation actors in order to generate, diffuse, and appropriate technological innovations successfully. This study analyzes how the interaction of innovation actors in Daedeok Innopolis has been changed since the introduction of innovation cluster policy like the designation of Daedeok Innopolis. Based on the analysis of survey data, Innopolis statistics, and patent joint-application data, we come to the conclusions that the Daedeok Innopolis has characteristics of multi-level governance structure, in which innovation cluster, i.e. Daedeok Innopolis, regional innovation system, and national innovation system directly overlap under the framework of innovation system. In addition, from the perspectives of triple helix model, we are able to verify that the inter-domain interactions between innovation actors, such as tri-lateral network, have been constantly increased in the Daedeok Innopolis. Based on our analysis, we identify some policy suggestions in order to strengthen the competitiveness of the Daedeok Innopolis as well as other innovation clusters in Korea. First, the network activities between innovation actors within innovation cluster should be strengthened based on the geographical accessibility. Second, private intermediate organizations should be established and their roles should be extended. Third, the entrepreneurial activities of universities within innovation cluster should be strengthened. In other words, the roles of universities within the Innopolis should be activated. Finally, the government should provide relevant policy supports to activate the interactions between innovation actors within innovation cluster.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.43-54
• /
• 2016

The occurrence of cyber crime is on the rise every year, and the security control center, which should play a crucial role in monitoring and early response against the cyber attacks targeting various information systems, its importance has increased accordingly. Every endeavors to prevent cyber attacks is being attempted by information security personnel of government and financial sector's security control center, threat response Center, cyber terror response center, Cert Team, SOC(Security Operator Center) and else. The ordinary method to monitor cyber attacks consists of utilizing the security system or the network security device. It is anticipated, however, to be insufficient since this is simply one dimensional way of monitoring them based on signatures. There has been considerable improvement of the security control system and researchers also have conducted a number of studies on monitoring methods to prevent threats to security. In accordance with the environment changes from ESM to SIEM, the security control system is able to be provided with more input data as well as generate the correlation analysis which integrates the processed data, by extraction and parsing, into the potential scenarios of attack or threat. This article shows case studies how to detect the threat to security in effective ways, from the initial phase of the security control system to current SIEM circumstances. Furthermore, scenarios based security control systems rather than simple monitoring is introduced, and finally methods of producing the correlation analysis and its verification methods are presented. It is expected that this result contributes to the development of cyber attack monitoring system in other security centers.

• Communications for Statistical Applications and Methods
• /
• v.15 no.5
• /
• pp.697-708
• /
• 2008

Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or external events. The advanced measurement approach proposed by Basel committee uses loss distribution approach(LDA) which quantifies operational loss based on bank's own historical data and measurement system. LDA involves two distribution fittings(frequency and severity) and then generates aggregate loss distribution by employing mathematical convolution. An objective validation for the operational risk measurement is essential because the operational risk measurement allows flexibility and subjective judgement to calculate regulatory capital. However, the methodology to verify the soundness of the operational risk measurement was not fully developed because the internal operational loss data had been extremely sparse and the modeling of extreme tail was very difficult. In this paper, we propose a methodology for the validation of operational risk measurement based on bootstrap confidence intervals of operational VaR(value at risk). We derived two methods to generate confidence intervals of operational VaR.

• Journal of the Korean Society for Nondestructive Testing
• /
• v.23 no.5
• /
• pp.464-474
• /
• 2003

Ultrasonic imaging of 3-D structures for nondestructive evaluation must provide readily recognizable images with enough details to clearly show various flaws that may or may not be present. Typical flaws that need to be detected are miniature cracks, for instance, in metal pipes having aged over years of operation in nuclear power plants; and these sub-millimeter cracks or flaws must be depicted in the final 3-D image for a meaningful evaluation. As a step towards improving conspicuity and thus detection of flaws, we propose a pulse-echo ultrasonic imaging technique to generate various 3-D views of the 3-D object under evaluation through strategic scanning and processing of the pulse-echo data. We employ a 2-D Wiener filter that filters the pulse-echo data along the plane orthogonal to the beam propagation so that ultrasonic beams can be sharpened. This three-dimensional processing and display coupled with 3-D manipulation capabilities by which users are able to pan and rotate the 3-D structure improve conspicuity of flaws. Providing such manipulation operations allow a clear depiction of the size and the location of various flaws in 3-D.

• Journal of Broadcast Engineering
• /
• v.22 no.6
• /
• pp.713-723
• /
• 2017

Since the panoramic image can overcome the limitation of the viewing angle of the camera and have a wide field of view, it has been studied effectively in the fields of computer vision and stereo camera. In order to generate a panoramic image, stitching images taken by a plurality of general cameras instead of using a wide-angle camera, which is distorted, is widely used because it can reduce image distortion. The image stitching technique creates descriptors of feature points extracted from multiple images, compares the similarities of feature points, and links them together into one image. Each feature point has several hundreds of dimensions of information, and data processing time increases as more images are stitched. In particular, when a panorama is generated on the basis of an image photographed by a plurality of unspecified cameras with respect to an object, the extraction processing time of the overlapping feature points for similar images becomes longer. In this paper, we propose a preprocessing process to efficiently process stitching based on an image obtained from a number of unspecified cameras for one object or environment. In this way, the data processing time can be reduced by pre-grouping images based on camera sensor information and reducing the number of images to be stitched at one time. Later, stitching is done hierarchically to create one large panorama. Through the grouping preprocessing proposed in this paper, we confirmed that the stitching time for a large number of images is greatly reduced by experimental results.

• Journal of Korea Water Resources Association
• /
• v.45 no.8
• /
• pp.839-851
• /
• 2012

When we evaluate the water supply capacity of a river basin, it is a common practice to gradually increase the water demand and check if the water demands are met. This practice is not only used in the simulation approach, but also in the optimization approach. However, this trial and error approach is a tedious task. Hence, we propose a two-phase method. In the first phase, by assuming that the decision maker has complete information on inflow data, we use a goal programming model that can generate the maximum water supply capacity at one time. In the second phase, we simulate the real-time operation for the critical period by utilizing the water supply capacity given by the goal programming model under the condition that there is no foresight of inflow. We applied the two-phase method to the Geum-River basin, where multi-purpose weirs were newly constructed. By comparing the results of the goal programming model with those of the real-time simulation model we could comprehend and estimate the effect of perfect inflow data on the water supply capacity.

• The KIPS Transactions:PartB
• /
• v.9B no.6
• /
• pp.775-782
• /
• 2002

As electronic commerce systems have been widely used, the necessity of adaptive e-commerce agent systems has been increased. These kinds of agents can monitor customer's purchasing behaviors, clutter them in similar categories, and induce customer's preference from each category. In order to implement our adaptive e-commerce agent system, we focus on following 3 components-the monitor agent which can monitor customer's browsing/purchasing data and abstract them, the conceptual cluster agent which cluster customer's abstract data, and the customer profile agent which generate profile from cluster, In order to infer more accurate customer's preference, we propose a 2 layered structure consisting of conceptual cluster and inductive profile generator. Many systems have been suffered from errors in deriving user profiles by using a single structure. However, our proposed 2 layered structure enables us to improve the qualify of user profile by clustering user purchasing behavior in advance. This approach enables us to build more user adaptive e-commerce system according to user purchasing behavior.

• The KIPS Transactions:PartB
• /
• v.19B no.3
• /
• pp.165-176
• /
• 2012

In recent years, due to rapidly increasing user-created internet contents coupled with the development of community-based websites, the internet resource recommendation systems are attracting attentions of the users. However, most of the systems have failed in properly reflecting users' characteristics and thus they have difficulty in recommending appropriate resources to users. In this paper, we propose an internet resource recommendation method using FOAF and SNA which fully reflects the characteristics of users. In our method, 1) we extract the data about user characteristics and tags using FOAF; 2) we generate graphs representing users, user characteristics and tags after inserting data into 3 matrixes and integrating them; 3) we recommend the appropriate internet resources after selecting common characteristics of the recommended items and Hot tags by analyzing social network. For verification of our proposed method, we implemented our method to establish and analyze an experimental social group. We verified through our experiments that the more users added in the social network, the higher quality of recommendation result we got than the item-based recommendation method. By using the suggested idea in this paper, we can make a more appropriate recommendation of resources to users while effectively retrieving explosively increasing internet resources.

• Korean Journal of Remote Sensing
• /
• v.34 no.3
• /
• pp.545-552
• /
• 2018

Grounding line is used as evidence of the mass balance showing the vulnerability of Antarctic glaciers and ice shelves. In this research, we utilized a high resolution digital elevation model of glacier surface derived by recently launched satellites to estimate the position of grounding line of Campbell Glacier in East Antarctica. TanDEM-X and TerraSAR-X data in single-pass interferometry mode were acquired on June 21, 2013 and September 10, 2016 and CryoSat-2 radar altimeter data were acquired within 15 days from the acquisition date of TanDEM-X. The datasets were combined to generate a high resolution digital elevation model which was used to estimate the grounding line position. During the 3 years of observation, there weren't any significant changes in grounding line position. Since the average density of ice used in estimating grounding line is not accurately known, the variations of the grounding line was analyzed with respect to the density of ice. There was a spatial difference from the grounding line estimated by DDInSAR whereas the estimated grounding line using the characteristics of the surface of the optical satellite images agreed well when the ice column density was about $880kg/m^3$. Although the reliability of the results depends on the vertical accuracy of the bathymetry in this study, the hydrostatic ice thickness has greater influence on the grounding line estimation.