• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.87-94
• /
• 2017

Microsoft Office is an office suite of applications developed by Microsoft. Recently users with malicious intent customize Office files as a container of the Malware because MS Office is most commonly used word processing program. To attack target system, many of malicious office files using a variety of skills and techniques like macro function, hiding shell code inside unused area, etc. And, people usually use two techniques to detect these kinds of malware. These are Signature-based detection and Sandbox. However, there is some limits to what it can afford because of the increasing complexity of malwares. Therefore, this paper propose methods to detect malicious MS office files in Computer forensics' way. We checked Macros and potential problem area with structural analysis of the MS Office file for this purpose.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.489-499
• /
• 2017

MS office is a office software which is widely used in the world. The OOXML format has been applied to the document structure from MS office 2007 to the newest version. In this regard, the method of data concealing, which is a representative anti-forensic act has been researched and developed, so the method of detecting concealed data is very important to the digital forensic investigation. In this paper, we present an improved data concealing method bypassing the previewers detecting methods for OOXML formatted MS office documents. In addition, we show concealment of the internal data like sheets and slides for MS office 2013 Excel and PowerPoint, and suggest an improved detecting algorithm against this data concealing.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.2
• /
• pp.387-393
• /
• 2014

In recent years, the spread of computers is increasing, and efficient processing effort for unstructured Big Data is required. In this paper, we are proposed a system to extract the data typed in a word processor quickly by user creating and XML mapping file after converting XML data that has been entered in the office file(HWP, MS-office). In addition, we proposed a system is able to lookup the necessary data from a database by entered form in advance and convert word processor document to office files by the application program. The unstructured big data will be available to be used.

• Electronics and Telecommunications Trends
• /
• v.29 no.4
• /
• pp.1-10
• /
• 2014

2014년 4월 8일 마이크로소프트(MS)가 2001년 출시한 윈도우XP와 오피스 2003에 대한 지원을 종료하면서 국내는 또다시 운영체제의 글로벌 기업 종속성에 대한 문제가 관심사로 대두되었다. 윈도우XP의 국내 시장점유율은 2013년 12월 기준 18.96%로 미국, 일본보다 높다. 기술지원 없는 운영체제는 공격대상이 되기 쉬워 국내 금융, 상하수도 시설 등 주요 시설에 사용되는 있는 국내 현황에 비추어 심각한 문제가 아닐 수 없다. 이와 같은 소프트웨어 종속성을 탈피하기 위해 운영체제 분야의 공개 SW인 리눅스의 활용이 또다시 대두되었다. 2000년대 데스크톱 운영체제를 리눅스로 교체하고자 하는 시도는 이용의 불편함 때문에 실패하였지만 최근 리눅스는 일반 사용자들이 쉽게 사용할 수 있도록 발전하였기 때문이다. 본 논문에서는 이러한 변화에 따라 리눅스의 데스크톱 운영체제의 도입 가능성 확인을 위해 최근 리눅스의 기술동향 및 대표적인 배포판 현황에 대해 살펴보고, 해외 공공기관에서 리눅스 도입사례에 대해 살펴본다.

• Journal of Korean Society of Archives and Records Management
• /
• v.12 no.3
• /
• pp.29-46
• /
• 2012

Electronic records are merely series of bits without understanding the formats of content files. There are numerous types of formats and also possibilities of extinction. For long term preservation, it is essential to understand and manage formats. In addition to managing format itself, accurate information on the format needs to be stored for electronic records. In this study, various types of electronic files, without checking with the naked eye, has developed a tool to extract the header information in the format of electronic files with the file extension validation tool to compare format and validate digital component.

• Korean Journal of Construction Engineering and Management
• /
• v.14 no.2
• /
• pp.141-149
• /
• 2013

This paper presents a scheduling technique that reflects various constraints in remodeling project of inhabited condition. The remodeling project of inhabited condition is required more detailed planning and control due to claims by noise, vibration, dust, smells, limited lift capacity, and limited temporary stock area. Because of the constraints, complexity in scheduling is increased and earlier completion is required to reduce the possibility of safety and environment accidents. Especially, in case of inhabited condition, the scheduling should be linked day-time/night-time/weekend work. This paper proposes a structured scheduling technique to incorporate those constraints in remodeling of inhabited condition. This scheduling technique considers not only remodeling process but also dismantling, newly-construction, and residents movement. Process expression method using MS-Project also presented to keep connectivity with existing scheduling system.

• The KIPS Transactions:PartA
• /
• v.19A no.3
• /
• pp.147-154
• /
• 2012

The higher thinking skills, such as creativity and problem-solving about a given problem, are difficult to assess and diagnose. For an accurate diagnosis of these higher thinking abilities, we need to fully observe learner's problem-solving process or learner's individual reports. However, in an online learning or virtual class environments, evaluation of learner's problem-solving process becomes more difficult to diagnose. The best way to solve this problem is through reporting by tracking learner's actions when he tries to solve a problem. In this study, we developed a module which can evaluate and diagnose student's problem-solving ability by tracking actions in MS-Office suite, which is used by students to solve a given problem. This module performs based on the learner's job history through user tracking. To evaluate the effectiveness of this diagnostic module, we conducted satisfaction survey from students who were preparing the actual MOS exams. As a result, eighty-one (81) of the participants were positive on the effectiveness of the learning system with the use of this module.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.5
• /
• pp.149-156
• /
• 2022

Recently, there have been many reports of document-type malicious code injecting malicious code into Microsoft Office files. Document-type malicious code is often hidden by encoding the malicious code in the document. Therefore, document-type malware can easily bypass anti-virus programs. We found that malicious code was inserted into the Visual Basic for Applications (VBA) macro, a function supported by Microsoft Office. Malicious codes such as shellcodes that run external programs and URL-related codes that download files from external URLs were identified. We selected 354 keywords repeatedly appearing in malicious Microsoft Office files and defined the number of times each keyword appears in the body of the document as a feature. We performed machine learning with SVM, naïve Bayes, logistic regression, and random forest algorithms. As a result, each algorithm showed accuracies of 0.994, 0.659, 0.995, and 0.998, respectively.

• The Journal of the Korea Contents Association
• /
• v.4 no.4
• /
• pp.123-131
• /
• 2004

Internet is absolutely contributed to information technology revolution nowadays. Internet services such as voice and data, etc. are provided home or small office via home gateway. The development of communication equipment via home gateway is implemented rapidly, and its product various. This paper presents the design and implementation of the VoIP equipment including the telephone function based on the embedded environment and being connected to the home gateway and the PC because of taking 2-ethernet LAN ports. As developing environment, the STLC1502 developed at ST Microelectronics as single chip solution, VxWorks as RTOS, and C language as coding mechanism are used. The verification of the developed systems for the voice test is carried out for the gatekeeper via Internet. The performance parameter is considered as the call processing capacity measuring the time of the call setup and clearing, and the data processing capacity for the file transfer. As a call setup and clearing is about 95ms, the call processing capacity is about 10 calls per second. The data processing capacity is 5.7Mbps in case of file transfer of server and client environment. Therefore the performance result is satisfied in the aspect of the call processing time and the data transfer time in Internet.