• Journal of Internet Computing and Services
• /
• v.21 no.2
• /
• pp.1-8
• /
• 2020

Recently, the number of APT(Advanced Persistent Threats) attack using malware has been increasing, and research is underway to prevent and detect them. While it is important to detect and block attacks before they occur, it is also important to make an effective response through an accurate analysis for attack case and attack type, these respond which can be determined by analyzing the attack group of such attacks. Therefore, this paper propose a framework based on genetic algorithm for analyzing malware and understanding attacker group's features. The framework uses decompiler and disassembler to extract related code in collected malware, and analyzes information related to author through code analysis. Malware has unique characteristics that only it has, which can be said to be features that can identify the author or attacker groups of that malware. So, we select specific features only having attack group among the various features extracted from binary and source code through the authorship clustering method, and apply genetic algorithm to accurate clustering to infer specific features. Also, we find features which based on characteristics each group of malware authors has that can express each group, and create profiles to verify that the group of authors is correctly clustered. In this paper, we do experiment about author classification using genetic algorithm and finding specific features to express author characteristic. In experiment result, we identified an author classification accuracy of 86% and selected features to be used for authorship analysis among the information extracted through genetic algorithm.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.47 no.7
• /
• pp.61-69
• /
• 2010

In this paper, an 1.2V 8b 800MSPS A/D Converter(ADC) with an odd number of folding block to overcome the asymmetrical boundary-condition error is described. The architecture of the proposed ADC is based on a cascaded folding architecture using resistive interpolation technique for low power consumption and high input frequency. The ADC employs a novel odd folding block to improve the distortion of signal linearity and to reduce the offset errors. In the digital block, furthermore, we use a ROM encoder to convert a none-$2^n$-period code into the binary code. The chip has been fabricated with an $0.13{\mu}m$ 1P6M CMOS technology. The effective chip area is $870{\mu}m\times980{\mu}m$. SNDR is 44.84dB (ENOB 7.15bit) and SFDR is 52.17dBc, when the input frequency is 10MHz at sampling frequency of 800MHz.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.9
• /
• pp.634-642
• /
• 2020

With the proliferation of Internet of Things (IoT) devices, using the Linux operating system in various architectures has increased. Also, security threats against Linux-based IoT devices are increasing, and malware variants based on existing malware are constantly appearing. In this paper, we propose a system where the binary data of a visualized Executable and Linkable Format (ELF) file is applied to Local Binary Pattern (LBP) image processing techniques and a median filter to classify malware in a Convolutional Neural Network (CNN). As a result, the original image showed the highest accuracy and F1-score at 98.77%, and reproducibility also showed the highest score at 98.55%. For the median filter, the highest precision was 99.19%, and the lowest false positive rate was 0.008%. Using the LBP technique confirmed that the overall result was lower than putting the original ELF file through the median filter. When the results of putting the original file through image processing techniques were classified by majority, it was confirmed that the accuracy, precision, F1-score, and false positive rate were better than putting the original file through the median filter. In the future, the proposed system will be used to classify malware families or add other image processing techniques to improve the accuracy of majority vote classification. Or maybe we mean "the use of Linux O/S distributions for various architectures has increased" instead? If not, please rephrase as intended.

• Smart Media Journal
• /
• v.7 no.1
• /
• pp.37-44
• /
• 2018

Utilizing sequence control and numerical computing, embedded devices are used in a variety of automated systems, including those at industrial sites, in accordance with their control program. Since embedded devices are used as a control system in corporate industrial complexes, nuclear power plants and public transport infrastructure nowadays, deliberate attacks on them can cause significant economic and social damages. Most attacks aimed at embedded devices are data-coded, code-modulated, and control-programmed. The control programs for industry-automated embedded devices are designed to represent circuit structures, unlike common programming languages, and most industrial automation control programs are designed with a graphical language, LAD, which is difficult to process static analysis. Because of these characteristics, the vulnerability analysis and security related studies for industry automation control programs have only progressed up to the formal verification, real-time monitoring levels. Furthermore, the static analysis of industrial automation control programs, which can detect vulnerabilities in advance and prepare for attacks, stays poorly researched. Therefore, this study suggests a method to present a discussion on an industry automation control program designed to represent the circuit structure to increase the efficiency of static analysis of embedded industrial automation programs. It also proposes a medium term translation technology exploiting LLVM IR to comprehensively analyze the industrial automation control programs of various manufacturers. By using LLVM IR, it is possible to perform integrated analysis on dynamic analysis. In this study, a prototype program that converts to a logical expression type of medium language was developed with regards to the S company's control program in order to verify our method.

• Spatial Information Research
• /
• v.20 no.3
• /
• pp.95-106
• /
• 2012

Recently, with increase and development of the wireless access network area, u-GIS Service is supported in various fields. Especially, spatio-temporal data is used in the mobile environment for the u-GIS service. However, there is no standard for the spatio-temporal data used in different spaces, spatio-temporal data processing technology is necessary to makes interoperability among mobile u-GIS services. Furthermore, it is also necessary to develop the system of gathering, storing, and managing the spatio-temporal data in consideration of small capacity and low performance of mobile devices. Therefore, in this paper, we designed and implemented a spatio-temporal query processing system based on GML to manage spatio-temporal data efficiently in the mobile environment. The spatio-temporal query processing system based on GML can offer a structured storage method which maps a GML schema to a storage table and a binary XML storage method which uses the Fast Infoset technique, so as to support interoperability that is an important feature of GML and increase storage efficiency. we can also provide spatio-temporal operators for rapid query processing of spatio-temporal data of GML documents. In addition, we proved that this system can be utilized for the u-GIS service to implement a virtual scenario.

• Spatial Information Research
• /
• v.22 no.3
• /
• pp.89-99
• /
• 2014

The aim of this study is to represent the residential population distribution in Seoul, Korea more precisely through the dasymetric mapping method. Dasymetric mapping can be defined as a mapping method to calculate details from truncated spatial distribution of main statistical data by using ancillary data which is spatial data related to the main data. In this research, there are two types of data used for dasymetric mapping: the population data (2010) based on a output area survey in Seoul as the main data and the building footprint data including register information as ancillary spatial data. Using the binary method, it extracts residential buildings as actual areas where residents do live in. After that, the regression method is used for calculating the weights on population density by considering the building types and their gross floor areas. Finally, it can be reproduced three-dimensional density of residential population and drew a detailed dasymetric map. As a result, this allows to extract a more realistic calculating model of population distribution and draw a more accurate map of population distribution in Seoul. Therefore, this study has an important meaning as a source which can be applied in various researches concerning regional population in the future.

• Journal of the Korean Society for Marine Environment & Energy
• /
• v.17 no.2
• /
• pp.116-121
• /
• 2014

In order to study the improvement of the multi stage regeneration cycles, muti-stage processes were applied to the cycles, respectively or together. The kinds of the cycles are multi stage reheater cycle (MS) and multi stage reheater regeneration cycle (MSR). Working fluid used was R134a and R245fa. Temperature of the heat source was $65^{\circ}C$, $75^{\circ}C$, and $85^{\circ}C$, and temperature of the heat sink was $5^{\circ}C$. Optimization simulation was conducted for improving the gross power and efficiency with multi stage reheater regeneration cycle for ocean thermal energy conversion(OTEC) with changing of a heat source, kind of the working fluid, and type of the cycle. Performance analysis of the various components was simulated by using the Aspen HYSYS for analysis of the thermodynamic cycle. R245fa shows better performance than R134a. This paper showed the most suitable working fluid with changing of a heat source and the kinds of working cycle. Compared to each other, MS showed better performance at gross power and MSR showed higher cycle efficiency.

• Journal of KIISE:Software and Applications
• /
• v.27 no.2
• /
• pp.180-192
• /
• 2000

Recently, the component technology has played a main role in software reuse. It has changed the code-based reuse into the binary code-based reuse, because components can be easily combined into the developing software only through component interfaces. Since components and component users have increased rapidly, it is necessary that the users of components search for the most proper components for HTML among the enormous number of components on the Internet. It is desirable to use web-document-typed specifications for component specifications on the Internet. This paper proposes to use XML component specifications instead of HTML specifications, because it is impossible to represent the semantics of contexts using HTML. We also propose the XML context-search method based on XML component specifications. Component users use the contexts for the component properties and the terms for the values of component properties in their queries for searching components. The index structure for the context-based search method is the inverted file indexing structure of term-context-component specification. Not only an XML context-based search method but also a variety of search methods based on context-based search, such as keyword, search, faceted search, and browsing search method, are provided for the convenience of users. We use the 3-layer architecture, with an interface layer, a query expansion layer, and an XML search engine layer, of the search engine for the efficient index scheme. In this paper, an XML DTD(Document Type Definition) for component specification is defined and the experimental results of comparing search performance of XML with HTML are discussed.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.317-326
• /
• 2013

In this paper, we present an effective method for comparing control flow graphs which represent static structures of binary programs. To compare control flow graphs, we measure similarities by comparing instructions and syntactic information contained in basic blocks. In addition, we also consider similarities of edges, which represent control flows between basic blocks, by edge extension. Based on the comparison results of basic blocks and edges, we match most similar basic blocks in two control flow graphs, and then calculate the similarity between control flow graphs. We evaluate the proposed edge extension method in real world Java programs with respect to structural similarities of their control flow graphs. To compare the performance of the proposed method, we also performed experiments with a previous structural comparison for control flow graphs. From the experimental results, the proposed method is evaluated to have enough distinction ability between control flow graphs which have different structural characteristics. Although the method takes more time than previous method, it is evaluated to be more resilient than previous method in comparing control flow graphs which have similar structural characteristics. Control flow graph can be effectively used in program analysis and understanding, and the proposed method is expected to be applied to various areas, such as code optimization, detection of similar code, and detection of code plagiarism.

• Korean Journal of Optics and Photonics
• /
• v.33 no.6
• /
• pp.267-274
• /
• 2022

In this paper, we report the design and fabrication of binary diffractive optical elements (DOEs) for random-dot-pattern projection for Schlieren imaging. We selected the binary phase level and a pitch of 10 ㎛ for the DOE, based on cost effectiveness and ease of manufacture. We designed the binary DOE using an iterative Fourier-transform algorithm with binary phase optimization. During initial optimization, we applied a computer-generated pseudorandom dot pattern of uniform intensity as a target pattern, and found significant intensity nonuniformity across the field. Based on the evaluation of the initial optimization, we weighted the target random dot pattern with Gaussian profiles to improve the intensity uniformity, resulting in the improvement of uniformity from 52.7% to 90.8%. We verified the design performance by fabricating the designed binary DOE and a beam projector, to which the same was applied. The verification confirmed that the projector produced over 10,000 random dot patterns over 430 mm × 430 mm at a distance of 5 meters, as designed, but had a slightly less uniformity of 84.5%. The fabrication errors of the DOE, mainly edge blurring and spacing errors, were strong possibilities for the difference.