• IEMEK Journal of Embedded Systems and Applications
• /
• v.12 no.3
• /
• pp.159-167
• /
• 2017

Software safety is a key issue in embedded system of automotive and aviation industries. Various software testing approaches have been proposed to achieve software safety like ISO26262 Part 6 in automotive environment. In spite of one of the classic and basic approaches, stack memory is hard to estimating exactly because of uncertainty of target code generated by compiler and complex nested interrupt. In this paper, we propose an approach of analyzing the maximum stack usage statically from target binary code rather than the source code that also allows nested interrupts for determining the exact stack memory size. In our approach, determining maximum stack usage is divided into three steps: data extraction from ELF file, construction of call graph, and consideration of nested interrupt configurations for determining required stack size from the ISR (Interrupt Service Routine). Experimental results of the estimation of the maximum stack usage shows proposed approach is helpful for optimizing stack memory size and checking the stability of the program in the embedded system that especially supports nested interrupts.

• Journal of Advanced Marine Engineering and Technology
• /
• v.34 no.8
• /
• pp.1172-1179
• /
• 2010

In this paper, we analyze and design requirements of Network Function block and System Function block of MiTS network protocol based on Light-Weight Ethernet, also implement and test the protocol and library files. Light-Weight Ethernet Protocol consists of Network Function block and System Function block. NF receives and sends datagram based on UDP multi-casting communication. SF processes messages after distinguished Sentence and Binary Image Data.

• KIPS Transactions on Software and Data Engineering
• /
• v.3 no.6
• /
• pp.215-218
• /
• 2014

In hashing-based methods for approximate nearest neighbors(ANN) search, by mapping data points to k-bit binary codes, nearest neighbors are searched in a binary embedding space. In this paper, we present a hashing method using a PCA-based clustering method, Principal Direction Divisive Partitioning(PDDP). PDDP is a clustering method which repeatedly partitions the cluster with the largest variance into two clusters by using the first principal direction. The proposed hashing method utilizes the first principal direction as a projective direction for binary coding. Experimental results demonstrate that the proposed method is competitive compared with other hashing methods.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.424-427
• /
• 2015

근래 들어 모바일 기기의 시스템을 장악하여 사용자의 기밀 정보를 빼내는 악성 행위의 한 방법으로 Code Reuse Attack (CRA)이 널리 사용되고 있다. 이와 같은 CRA를 막기 위하여 call-return이 일어날 때마다 이들 address를 비교해 보는 shadow stack과 branch에 대한 몇 가지 규칙을 두어 CRA 를 탐지하는 branch regulation과 같은 방식이 연구되었다. 우리는 shadow stack과 branch regulation을 종합하여 여러 종류의 CRA를 적은 성능 오버헤드로 탐지할 수 있는 CRA Detection System을 만들고자 한다. 이를 위하여 반드시 선행 되어야 할 연구인 바이너리 파일 분석과 meta-data 생성 및 압축 기술을 제안한다. 실험 결과 생성된 meta-data는 압축 기술을 적용하기 전보다 1/2에서 1/3 가량으로 그 크기가 줄어들었으며 CRA Detection System의 탐지가 정상적으로 동작하는 것 또한 확인할 수 있었다.

• Journal of IKEEE
• /
• v.25 no.3
• /
• pp.451-461
• /
• 2021

As various smart devices spread and the damage caused by malicious codes becomes more serious, malicious code detection technology using machine learning technology is attracting attention. However, if the training data of machine learning is constructed based on only the fragmentary characteristics of the code, it is still easy to create variants and new malicious codes that avoid it. To solve such a problem, a research using the function call relationship of malicious code as training data is attracting attention. In particular, it is expected that more advanced malware detection will be possible by measuring the similarity of graphs using GNN. This paper proposes an efficient method to generate a function call graph from binary code to utilize GNN for malware detection.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.25 no.1
• /
• pp.23-29
• /
• 2022

As the application field of radar is expanded and the bandwidth increases, the number of radar sensors operating at the same frequency is continuously increasing. In this paper, we propose a method of analyzing interference when two pulse doppler radars are operated at the same frequency with different waveform which are designed independently. In addition, we show that even for a previously designed LFM waveforms, the interference can be suppressed without affecting the performance by changing the sign of the frequency slope by increasing/decreasing, or by modulating the pulses by the different codes. The interference suppression by different slopes is more effective for similar waveform and the suppression by the codes increases as the number of pulses increases. We expect this result can be extended to the cases where multiple radars are operated at the same frequency.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.7
• /
• pp.1515-1521
• /
• 2013

AIS is a core service in the maritime safety domain. AIS Message type #6 and #8(for binary date) can be used for carrying any kind of MSI(Maritime Safety Information). The MSC(Maritime Safety Committee) approved SN/Circ. 289 on Guidance on the use of AIS Application-Specific Messages in 2010. The MSI that carried by AIS-ASM can support to reduce the maritime accidents. Since a new AIS-ASM service places an additional load on the VDL(VHF Data Link), there should be a deployment process for new AIS-ASM services. In this paper we analyze the AIS-ASM services and survey the extended functions and systems for each AIS-ASM service. We also present the survey of the statistical analysis of local AIS messages. and suggest preliminary research topics for the deployment of new AIS-ASM services. VDL monitoring system, system for detection and removal of malfunctioning AIS equipments, and value analysis process of the MSI services are required.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.253-266
• /
• 2023

The Null Pointer Dereference vulnerability is a significant vulnerability that can cause severe attacks such as denial-of-service. Previous research has proposed methods for detecting vulnerabilities, but large and complex programs pose a challenge to their efficiency. In this paper, we present a lightweight tool for detecting specific functions in large binaryprograms through symbolizing variables and emulating program execution. The tool detects vulnerabilities through data dependency analysis and heuristics in each execution path. While our tool had an 8% higher false positive rate than the bap_toolkit, it detected all existing vulnerabilities in our dataset.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.31-40
• /
• 2024

Recently, static analysis-based signature and pattern detection technologies have limitations due to the advanced IT technologies. Moreover, It is a compatibility problem of multiple architectures and an inherent problem of signature and pattern detection. Malicious codes use obfuscation and packing techniques to hide their identity, and they also avoid existing static analysis-based signature and pattern detection techniques such as code rearrangement, register modification, and branching statement addition. In this paper, We propose an LLVM IR image-based automated static analysis of malicious code technology using machine learning to solve the problems mentioned above. Whether binary is obfuscated or packed, it's decompiled into LLVM IR, which is an intermediate representation dedicated to static analysis and optimization. "Therefore, the LLVM IR code is converted into an image before being fed to the CNN-based transfer learning algorithm ResNet50v2 supported by Keras". As a result, we present a model for image-based detection of malicious code.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.707-724
• /
• 2024

Recently, Golang has been gaining attention in programming language rankings each year due to its cross-compilation capabilities and high code productivity. However, malware developers have also been increasingly using it to distribute malware such as ransomware and backdoors. Interestingly, Golang, being an open-source language, frequently changes the important values and configuration order of a crucial structure called Pclntab, which includes essential values for recovering deleted symbols whenever a new version is released. While frequent structural changes may not be an issue from a developer's perspective aiming for better code readability and productivity, it poses challenges in cybersecurity, as new versions with modified structures can be exploited in malware development. Therefore, this paper proposes GoAsap, a detection and analysis system for Golang executables targeting the new versions, and validates the performance of the proposed system by comparing and evaluating it against six existing binary analysis tools.