• Journal of Advanced Navigation Technology
• /
• v.16 no.3
• /
• pp.488-494
• /
• 2012

This paper classifies the self-defense techniques used by the malicious software based on their approaches, introduces the packing technique as one of the code protection methods and proposes a way to quickly analyze the packed malicious codes. Packing technique hides a malicious code and restore it at runtime. To analyze a packed code, it is initially required to find the entry point after restoration. To find the entry point, it has been used reversing the packing routine in which a jump instruction branches to the entry point. However, the reversing takes too much time because the packing routine is usually obfuscated. Instead of reversing the routine, this paper proposes an idea to search some features of the startup code in the standard library used to generate the malicious code. Through an implementation and a consequent empirical study, it is proved that the proposed approach is able to analyze malicious codes faster.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.5
• /
• pp.9-17
• /
• 2015

The development of wireless communication technology and change in the ICT market has led to the development of the M2M service and technology. Under these circumstances, the M2M environment has been the focus of communication environment construction between machines without control or direct intervention of human being. With characteristics of wireless communication environment, the possibility of being exposed to numerous security threats and safe communication security technology have becoming an issue an important requirements for problems such as data exposure, forgery, modulation, deletion, and privacy. This research analyzes requirements of trapdoor collision hash, generates keys between groups under the M2M environment by using the specificity of trapdoor, and suggests technology to exchange keys with session keys. Further, it also suggests techniques to confirm authentication of device and gateway in accordance with group key generation. The techniques herein suggested are confirmed as safe methods in that they have attack resistance such as Masquerade Attack, Man-in-the-Middle Attack, and Replay Attack in the group communication block by using the speciality of collision message and collision hash.

• Journal of Digital Convergence
• /
• v.13 no.4
• /
• pp.235-246
• /
• 2015

Understanding the various unspecified hacking and repeated cyber DDoS attacks, finally was able to find a solution in the methods of attacks. Freely researching approach that combines the attacker and defender, offensive and defensive techniques can be called a challenge to discover the potential in whimsy. In this paper we test and evaluate "KWON-GA", global white hackers team has made by many years of experiences in infiltration and diagnosis under guise of offence is the best defence. And it is knowledge information ICT Convergence security solution which is developed for the purpose of defence, it provide customization policy that can be fit to customer's system environment with needed techniques and it is processed with unique proprietary technology so that it's not possible to scan. And even if it has leaked internally it's impossible to analyze so hackers can't analyze vulnerability, also it can't be abused as hacking tools.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.1
• /
• pp.133-140
• /
• 2011

Recently, Web applications, such as Stock Image and Image Library, are developed to provide the integrated management for user's images. Image hash techniques are used for the image registration, management and retrieval as the identifier and many researches have been performed to raise the hash performance. This paper proposes GLOCAL image hashing method utilizing the hierarchical histogram which based on histogram bin population method. So far, many researches have proven that image hashing techniques based on histogram are robust image processing and geometrical attack. We modified existing image hashing method developed by our research team. The main idea is that it makes more fluent hash string if we have histogram bin of specific length as shown in the body of paper. Finally, we can raise the magnitude of hash string within same context or feature and strengthen the robustness of hash.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.11-18
• /
• 2015

The new environments arrive such as ICT convergence, cloud computing, and big data, etc., how to take advanta ge of the existing software engineering technologies has become an important key. In addition, the importance of re quirement analysis for secure software and design phase has been shown in the IoT environment While the existing studies have focused on the utilization of the technique applied to IoT environment, the studies for enhancing analys is and design, the prerequisite steps for safely appling these techniques to the site, have been insufficient. So, we tr y to organize research trends based on software engineering and analyze their relationship in this paper. In detail, w e classify the research trends of software engineering to perform research trends meta-analysis, and analyze an ann ual development by years. The flow of the major research is identified by analyzing the correlation of the key word s. We propose the strategies for enhancing the utilization of software engineering techniques to develop high-quality software in the IoT environment.

• Journal of IKEEE
• /
• v.24 no.3
• /
• pp.783-790
• /
• 2020

In this paper, the human detecting radar system for indoor security applications is proposed, and its FPGA-based implementation results are presented. In order to minimize the complexity and memory requirements of the computation, the top half of the spectrogram was used to extract features, excluding the feature extraction techniques that require complex computation, feature extraction techniques were proposed considering classification performance and complexity. In addition, memory requirements were minimized by designing a pipeline structure without storing the entire spectrogram. Experiments on human, dog and robot cleaners were conducted for classification, and 96.2% accuracy performance was confirmed. The proposed system was implemented using Verilog-HDL, and we confirmed that a low-area design using 1140 logics and 6.5 Kb of memory was possible.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.31-38
• /
• 2017

As the cyber-attacks through the networks advance, it is difficult for the intrusion detection system based on the simple rules to detect the novel type of attacks such as Advanced Persistent Threat(APT) attack. At present, many types of research have been focused on the application of machine learning techniques to the intrusion detection system in order to detect previously unknown attacks. In the case of using the machine learning techniques, the performance of the intrusion detection system largely depends on the feature set which is used as an input to the system. Generally, more features increase the accuracy of the intrusion detection system whereas they cause a problem when fast responses are required owing to their large elapsed time. In this paper, we present a network intrusion detection system based on artificial neural network, which adopts a multi-objective genetic algorithm to satisfy the both requirements: accuracy, and fast response. The comparison between the proposing approach and previously proposed other approaches is conducted against NSL_KDD data set for the evaluation of the performance of the proposing approach.

• Convergence Security Journal
• /
• v.8 no.2
• /
• pp.63-70
• /
• 2008

In order not to make the malwares be easily analyzed, the hackers apply various anti-reversing and obfuscation techniques to the malwares. However, as the more anti-revering techniques are applied to the malwares the more abnormal characteristics in the PE file's header which are not shown in the normal PE file, could be observed. In this letter, a new malware detection technique is proposed based on this observation. For the malware detection, we define the Characteristics Vector(CV) which can represent the characteristics of a PE file's header. In the learning phase, we calculate the average CV(ACV) of malwares(ACVM) and normal files(ACVN). To detect the malwares we calculate the 2 Weighted Euclidean Distances(WEDs) from a file's CV to ACVs and they are used to decide whether the file is a malware or not. The proposed technique is very fast and detection rate is fairly high, so it could be applied to the network based attack detection and prevention devices. Moreover, this technique is could be used to detect the unknown malwares because it does not utilize a signature but the malware's characteristics.

• Convergence Security Journal
• /
• v.13 no.6
• /
• pp.25-33
• /
• 2013

Digital certificate must be used for electronic financial transactions in Korea. But because digital certificate is based ActiveX of Internet Explorer, it is difficult to use digital certificate in other web browsers. It interrupts a development of various authentication technology and a growth of related industry. Also digital certificate can be leaked because of being stored in harddisk or USB. The government eased obligatory use of digital certificate and opened doors to other authentication techniques. But any other authentication techniques are not used because they are not approved as alternative technology. The revised bills with digital certificate abolition as the main agenda have been submitted to the National Assembly. Whether the revised bills pass or not will be decided by a regular session of the National Assembly depending on the calculation and dynamics composition of related industry. In this paper, a controversy over obligatory use of digital certificate is examined and measures are found.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.1013-1022
• /
• 2014

Correlation Power Analysis (CPA) is a type of Side-Channel Analysis (SCA) that extracts the secret key using the correlation coefficient both side-channel information leakage by cryptography device and intermediate value of algorithms. Attack performance of the CPA is affected by noise and temporal synchronization of power consumption leaked. In the recent years, various researches about the signal processing have been presented to improve the performance of power analysis. Among these signal processing techniques, compression techniques of the signal based on Principal Component Analysis (PCA) has been presented. Selection of the principal components is an important issue in signal compression based on PCA. Because selection of the principal component will affect the performance of the analysis. In this paper, we present a method of selecting the principal component by using the correlation of the principal components and the power consumption is high and a CPA technique based on the principal component that utilizes the feature that the principal component has different. Also, we prove the performance of our method by carrying out the experiment.