• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.4
• /
• pp.788-797
• /
• 2003

Class library is one of the most crucial element of Java runtime environment in addition to Java virtual machine. In particular, embedded Java system depends heavily on the class library due to having a low bandwidth communication link and a small amount of memory which are a common restriction of embedded system. It is therefore quite necessary to find the characteristic of the class library for embedded Java system to build an efficient Java runtime environment. In this paper we have analyzed the characteristic of the class library for embedded system. The analysis includes sorts of classes in the library, typical size of the file which contains the class, and the composition of constant pool which is a major part of the file. We also have found typical number of field and method a class contains, the sizes of stack and local variable array each method requires, and the length of bytecode in the method. The result of this study can be used to estimate the startup time for class loading and the size of memory to create an instance of class which are a mandatory information to design an efficient embedded Java virtual machine.

• The KIPS Transactions:PartA
• /
• v.12A no.3 s.93
• /
• pp.223-228
• /
• 2005

Several researchers have pointed out that the energy consumption in memory takes a dominant fraction on the energy budget of a whole embedded system. This applies to the embedded Java virtual machine tn, and to develop a more energy-efficient JVM it is absolutely necessary to optimize the energy usage in Jana memory. In this paper we have analyzed the logical memory access pattern in JVM as it executes numerous number of bytecode instructions while running a Java program. The access pattern gives us an insight how to design and select a suitable memory technology for Java memory. We present the memory access pattern for the three logical data spaces of JVM: heap, operand stack, and local variable array. The result saws that operand stack is accessed most frequently and uniformly, whereas heap used least frequently and non-uniformly among the three. Both heap and local variable array are accessed mostly in read-only fashion, but no remarkable difference is found between read and write operations for operand stack usage.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.06a
• /
• pp.121-124
• /
• 2007

This paper describes the development of a brickwork game with three-dimensional computer graphics as one of web-based game contents. Client user using web can access and run lava applet program with the independence of hardware system. It consists of graphic user interface module, initial space generation module, event handler module, player control module, and thread control module. It uses 3-D array data structure for the 3-D graphic objects that are located in three-dimensional space for high-speed object searching and sorting. It enhances to compare with predetermined construction in three-dimensional space. We can use the developed racing game to inform game users of information for an advertisement like tourism information, and can apply the proposed 3-D drawing technology to 3-D game graphic engine core.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.2 s.46
• /
• pp.1-8
• /
• 2007

Although the Java bytecode has numerous advantages, there are also shortcomings such as slow execution speed and difficulty in analysis. Therefore, in order for the Java class file to be effectively executed under the execution environment such as the network, it is necessary to convert it into optimized code. We implements CTOC. In order to statically determine the value and type, CTOC uses the SSA Form which separates the variable according to assignment. Also, it uses a Tree Form for statements. But, due to insertion of the $\phi$-function in the process of conversion into the SSA Form, the number of nodes increased. This paper shows the dead code elimination to obtain a more optimized code in SSA Form. We add new live field in each node and achieve dead code elimination in tree structures. We can confirm after dead code elimination though test results that nodes decreases.

• Journal of the Korea Society of Computer and Information
• /
• v.11 no.1 s.39
• /
• pp.107-117
• /
• 2006

Java language creates class files through Java compiler. Class files include informations involved with achievement of program. We can do analysis and optimization for efficient codes by analyzing class files. This paper analyzes bytecodes using informations of Java class files. We translate stack-based Java bytecodes into 3-address codes. Then we translate into static single assignment form using the 3-address codes. Static single assignment form provides a compact representation of a variable's definition-use information. Static single assignment form is often used as an intermediate representation during code optimization. Static sing1e assignment form renames each occurrence of a variable such that each variable is defined only once.

• Journal of KIISE
• /
• v.42 no.1
• /
• pp.44-53
• /
• 2015

Control flow information is useful in the analysis and comparison of programs. Virtualization-obfuscation hides control structures of the original program by transforming machine instructions into bytecode. Direct examination of the resulting binary reveals only the structure of the interpreter. Recovery of the original instructions requires knowledge of the virtual machine architecture, which is randomly generated and hidden. In this paper, we propose a method to reconstruct original control flow using only traces generated from the obfuscated binary. We consider traces as strings and find an automaton that represents the strings. State transitions in the automaton correspond to the control transfers in the original program. We have shown the effectiveness of our method with commercial obfuscators.

• The KIPS Transactions:PartA
• /
• v.19A no.4
• /
• pp.187-194
• /
• 2012

This paper proposes a string analysis based system for classifying Android Apps that may access so called harmful sites, and shows an experiment result for real Android apps on the market. The system first transforms Android App binary codes into Java byte codes, it performs string analysis to compute a set of strings at all program points, and it classifies the Android App as bad ones if the computed set contains URLs that are classified because the sites provide inappropriate contents. In the proposed approach, the system performs such a classification in the stage of distribution before installing and executing the Apps. Furthermore, the system is suitable for the automatic management of Android Apps in the market. The proposed system can be combined with the existing methods using DNS servers or monitoring modules to identify harmful Android apps better in different stages.

• International Journal of Computer Science & Network Security
• /
• v.23 no.8
• /
• pp.177-189
• /
• 2023

Malware detection is an increasingly important operational focus in cyber security, particularly given the fast pace of such threats (e.g., new malware variants introduced every day). There has been great interest in exploring the use of machine learning techniques in automating and enhancing the effectiveness of malware detection and analysis. In this paper, we present a deep recurrent neural network solution as a stacked Long Short-Term Memory (LSTM) with a pre-training as a regularization method to avoid random network initialization. In our proposal, we use global and short dependencies of the inputs. With pre-training, we avoid random initialization and are able to improve the accuracy and robustness of malware threat hunting. The proposed method speeds up the convergence (in comparison to stacked LSTM) by reducing the length of malware OpCode or bytecode sequences. Hence, the complexity of our final method is reduced. This leads to better accuracy, higher Mattews Correlation Coefficients (MCC), and Area Under the Curve (AUC) in comparison to a standard LSTM with similar detection time. Our proposed method can be applied in real-time malware threat hunting, particularly for safety critical systems such as eHealth or Internet of Military of Things where poor convergence of the model could lead to catastrophic consequences. We evaluate the effectiveness of our proposed method on Windows, Ransomware, Internet of Things (IoT), and Android malware datasets using both static and dynamic analysis. For the IoT malware detection, we also present a comparative summary of the performance on an IoT-specific dataset of our proposed method and the standard stacked LSTM method. More specifically, of our proposed method achieves an accuracy of 99.1% in detecting IoT malware samples, with AUC of 0.985, and MCC of 0.95; thus, outperforming standard LSTM based methods in these key metrics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.643-653
• /
• 2018

Xamarin is a representative cross-platform development framework that allows developers to write mobile apps in C# for multiple mobile platforms, such as Android, iOS, or Windows Phone. Using Xamarin, mobile app developers can reuse existing C# code and share significant code across multiple platforms, reducing development time and maintenance costs. Meanwhile, malware authors can also use Xamarin to spread malicious apps on more platforms, minimizing the time and cost of malicious app creation. In order to cope with this problem, it is necessary to analyze and detect malware written with Xamarin. However, little studies have been conducted on static analysis methods of the apps written in Xamarin. In this paper, we examine the structure of Android apps written with Xamarin and propose a static analysis technique for the apps. We also demonstrate how to statically reverse-engineer apps that have been transformed using code obfuscation. Because the Android apps written with Xamarin consists of Java bytecode, C# based DLL libraries, and C/C++ based native libraries, we have studied static reverse engineering techniques for these different types of code.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.1487-1490
• /
• 2007

디지털 위성방송의 시작과 더불어 본격적인 데이터 방송의 시대가 열렸다. 데이터방송이 시작 되면서 데이터방송용 양방향 콘텐츠에 대한 수요가 급속하게 증가하고 있다. 하지만 양방향 콘텐츠 개발에 필요한 저작 도구 및 검증 시스템은 아주 초보적인 수준에 머물러 있는 것이 현실이다. 그러나 방송의 특성상 콘텐츠 상에서의 오류는 방송 사고에까지 이를 수 있는 심각한 상황이 연출 될 수 있다. 본 연구 팀은 이러한 DTV 콘텐츠 개발 요구에 부응하여, 개발자의 콘텐츠 개발 및 사업자 또는 기관에서의 콘텐츠 검증이 원활이 이루어 질수 있도록 하는 양방향 콘텐츠 검증 시스템을 개발 중이다. 양방향 콘텐츠 검증 시스템은 Java 컴파일러, 디버거, 미들웨어, 가상머신, 그리고 IDE 등으로 구성된다. 본 논문에서 제시한 자바 컴파일러는 양방향 콘텐츠 검증 시스템에서 데이터 방송용 자바 애플리케이션(Xlet)을 컴파일하여 에뮬레이팅 하거나 런타임 상에서 디버깅이 가능하도록 하는 바이너리형태의 class 파일을 생성한다. 이를 위해 Java 컴파일러는 *.java 파일을 입력으로 받아 어휘 분석과 구문 분석 과정을 거친 후 SDT(syntax-directed translation)에 의해 AST(Abstract Syntax Tree)를 생성한다. 클래스링커는 생성된 AST를 탐색하여 동적으로 로딩 되는 파일들을 연결하여 AST를 확장한다. 의미 분석과정에서는 확장된 AST를 입력으로 받아 참조된 명칭의 사용이 타당한지 등을 검사하고 코드 생성이 용이하도록 AST를 변형하고 부가적인 정보를 삽입하여 ST(Semantic Tree)를 생성한다. 코드 생성 단계에서는 ST를 입력으로 받아 이미 정해 놓은 패턴에 맞추어 Bytecode를 출력한다.ovoids에서도 각각의 점들에 대한 선량을 측정하였다. SAS와 SSAS의 직장에 미치는 선량차이는 실제 임상에서의 관심 점들과 가장 가까운 25 mm(R2)와 30 mm(R3)거리에서 각각 8.0% 6.0%였고 SAS와 FWAS의 직장에 미치는 선량차이는 25 mm(R2) 와 30 mm(R3)거리에서 각각 25.0% 23.0%로 나타났다. SAS와 SSAS의 방광에 미치는 선량차이는 20 m(Bl)와 30 mm(B2)거리에서 각각 8.0% 3.0%였고 SAS와 FWAS의 방광에 미치는 선량차이는 20 mm(Bl)와 30 mm(B2)거리에서 각각 23.0%, 17.0%로 나타났다. SAS를 SSAS나 FWAS로 대체하였을 때 직장에 미치는 선량은 SSAS는 최대 8.0 %, FWAS는 최대 26.0 %까지 감소되고 방광에 미치는 선량은 SSAS는 최대 8.0 % FWAS는 최대 23.0%까지 감소됨을 알 수 있었고 FWAS가 SSAS 보다 차폐효과가 더 좋은 것으로 나타났으며 이 두 종류의 shielded applicator set는 부인암의 근접치료시 직장과 방광으로 가는 선량을 감소시켜 환자치료의 최적화를 이룰 수 있을 것으로 생각된다.)한 항균(抗菌) 효과(效果)를 나타내었다. 이상(以上)의 결과(結果)로 보아 선방활명음(仙方活命飮)의 항균(抗菌) 효능(效能)은 군약(君藥)인 대황(大黃)의 성분(成分) 중(中)의 하나인 stilbene 계열(系列)의 화합물(化合物)인 Rhapontigenin과 Rhaponticin의 작용(作用)에 의(依)한 것이며, 이는 한의학(韓醫學) 방제(方劑) 원리(原理)인 군신좌사(君臣佐使) 이론(理論)에서 군약(君藥)이 주증(主症)에 주(主)로 작용(作用)하는 약물(藥物)이라는 것을 밝혀주는 것이라고