• Smart Media Journal
• /
• v.8 no.1
• /
• pp.19-26
• /
• 2019

At the opening ceremony of 2018 Winter Olympics in PyeongChang, an unknown cyber-attack occurred. The malicious code used in the attack is based on in-memory malware, which differs from other malicious code in its concealed location and is spreading rapidly to be found in more than 140 banks, telecommunications and government agencies. In-memory malware accounts for more than 15% of all malicious codes, and it does not store its own information in a non-volatile storage device such as a disk but resides in a RAM, a volatile storage device and penetrates into well-known processes (explorer.exe, iexplore.exe, javaw.exe). Such characteristics make it difficult to analyze it. The most recently released in-memory malicious code bypasses the endpoint protection and detection tools and hides from the user recognition. In this paper, we propose a method to efficiently extract the payload by unpacking injection through IDA Pro debugger for Dorkbot and Erger, which are in-memory malicious codes.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.2
• /
• pp.247-251
• /
• 2010

Using SCM in storage systems introduce new potentials for improving I/O performance and reliability. In this paper, we study the use of SCM as a buffer cache that guarantees transactional unit writes. Our proposed method can improve storage system reliability and performance at the same time and can recover the storage system immediately upon a system crash. The Proposed method is based on the LINUX JBD(Journaling Block Device), thus reliability is equivalent to JBD. In our experiments, the file system that adopts our method shows better I/O performance even while guaranteeing high reliability and shows fast file system recovery time (about 0.2 seconds).

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.8
• /
• pp.23-30
• /
• 2010

Flash memory is non-volatile and can retain data even after system is powered off. Besides, it has many other features such as fast access speed, low power consumption, attractive shock resistance, small size, and light-weight. As its price decreases and capacity increases, the flash memory is expected to be widely used in consumer electronics, embedded systems, and mobile devices. Flash storage systems generally adopt a software layer, called FTL. In this research, we proposed a new FTL mechanism for overcoming the major drawback of conventional block mapping algorithm. In addition to the block mapping table, a index block mapping table with a small size is used to indicate sector location. The proposed indexed block mapping algorithm by adding a small size. By the simulation result, the proposed FTL provides an enhanced speed than a conventional hybrid mapping algorithm by around 45% in average, and the requirement of mapping memory is also reduced by around 12%.