• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.33 no.7
• /
• pp.98-105
• /
• 2005

In this paper, the decryption function of CCSDS telecommand of CTU EQM for the security of communications satellite was verified. In order to intensify the security level of DES CFB decryption algorithm applied to CTU EM, 3DES CFB decryption algorithm using three keys is implemented in the CTU EQM. As the decryption keys increased due to the 3DES algorithm, the keys and IV are stored in PROM memory, and used for the telecommand decryption by taking the keys and IVs corresponding to the selected key and IV indexes from the memory. The operation of the 3DES CFB is validated through the timing simulation of 3DES CFB algorithm, and then the 3DES CFB core implemented on the A54SX32 FPGA. The test environment for the telecommand decryption verification of the CTU EQM was built up. Through sending and decrypting the encrypted command, monitoring the opcodes, and confirming LED on/off by executing the opcodes, the 3DES CFB telecommand decryption function of the CTU EQM is verified.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.8 no.5
• /
• pp.1058-1067
• /
• 2004

Java virtual machine provides code compactness, simple execution engines, and platform-independence which are important features for small devices such as mobile or embedded device, but it has a big problem, such as low throughput due to stack-oriented operation. In this paper hardware lava accelerator targeted for mobile or embedded application is designed to eliminate the slow speed problem of lava virtual machine. The designed lava accelerator can execute 81 instructions of Java virtual machine(JVM)'s opcodes and be used as Java coprocessor of conventional 32-bit RISC processor with efficient coprocessor interface and instruction buffer. It consists of about 14,300 gates and its maximum operating frequency is about 50 Mhz under 0.35um CMOS technology.

• International Journal of Computer Science & Network Security
• /
• v.23 no.8
• /
• pp.49-62
• /
• 2023

There has been a rapid increase in the creation and alteration of new malware samples which is a huge financial risk for many organizations. There is a huge demand for improvement in classification and detection mechanisms available today, as some of the old strategies like classification using mac learning algorithms were proved to be useful but cannot perform well in the scalable auto feature extraction scenario. To overcome this there must be a mechanism to automatically analyze malware based on the automatic feature extraction process. For this purpose, the dynamic analysis of real malware executable files has been done to extract useful features like API call sequence and opcode sequence. The use of different hashing techniques has been analyzed to further generate images and convert them into image representable form which will allow us to use more advanced classification approaches to classify huge amounts of images using deep learning approaches. The use of deep learning algorithms like convolutional neural networks enables the classification of malware by converting it into images. These images when fed into the CNN after being converted into the grayscale image will perform comparatively well in case of dynamic changes in malware code as image samples will be changed by few pixels when classified based on a greyscale image. In this work, we used VGG-16 architecture of CNN for experimentation.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.8
• /
• pp.654-662
• /
• 2013

Android applications can be easily decompiled owing to their structural characteristics, in which applications are developed using Java and are self-signed so that applications modified in this way can be repackaged. It will be crucial that this inherent vulnerability may be used to an increasing number of Android-based financial service applications, including banking applications. Thus, code obfuscation techniques are used as one of solutions to protect applications against their forgery. Currently, many of applications distributed on Android market are using ProGuard as an obfuscation tool. However, ProGuard takes care of only the renaming obfuscation, and using this method, the original opcodes remain unchanged. In this paper, we thoroughly analyze obfuscation mechanisms applied in ProGuard, investigate its limitations, and give some direction about its improvement.

• Journal of Korea Multimedia Society
• /
• v.10 no.3
• /
• pp.411-419
• /
• 2007

Mounted on mobile device, set-top box, or digital TV, EVM is a virtual machine solution that can download and execute dynamic application programs. And the SIL(Standard Intermediate Language) is intermediate language of the EVM, which has a set of opcodes for object-oriented language and a sequential language. Since the C compiler used on each platform depends on the hardware, it converts C program to objective code, and then executes. To solve this problem, our research team developed ANSI C compiler and the EVM. Our ANSI C compiler outputs the SIL code based on stack machine. This paper presents the SIL-to-C decompiler in which converts the SIL code to three address code. Thus, the decompiler allows us to verify SIL code created by ANSI C compiler, and analyze a program from C language source level.

• Journal of KIISE
• /
• v.42 no.5
• /
• pp.558-565
• /
• 2015

Recently, the number of new malware and malware variants has dramatically increased. As a result, the time for analyzing malware and the efforts of malware analyzers have also increased. Therefore, malware classification helps malware analyzers decrease the overhead of malware analysis, and the classification is useful in studying the malware's genealogy. In this paper, we proposed a set of key opcode to classify the malware. In our experiments, we selected the top 10-opcode as key opcode, and the key opcode decreased the training time of a Supervised learning algorithm by 91% with preserving classification accuracy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.181-192
• /
• 2022

The emergence of new malware is incapacitating existing signature-based malware detection techniques., and applying various anti-analysis techniques makes it difficult to analyze. Recent studies related to signature-based malware detection have limitations in that malware creators can easily bypass them. Therefore, in this study, we try to build a machine learning model that can detect and classify the anti-analysis techniques of packers applied to malware, not using the characteristics of the malware itself. In this study, the n-gram opcodes are extracted from the malicious binary to which various anti-analysis techniques of the commercial packers are applied, and the features are extracted by using TF-IDF, and through this, each anti-analysis technique is detected and classified. In this study, real-world malware samples packed using The mida and VMProtect with multiple anti-analysis techniques were trained and tested with 6 machine learning models, and it constructed the optimal model showing 81.25% accuracy for The mida and 95.65% accuracy for VMProtect.