• The KIPS Transactions:PartD
• /
• v.18D no.1
• /
• pp.35-44
• /
• 2011

Memory errors can cause not only program malfunctions but also even unexpected system halt. Though a programmer checks memory errors, some memory errors with low occurrence frequency are missed to detect. In this paper, we propose a method for effectively detecting such memory errors using instruction transition diagrams through analyzing assembly codes obtained by disassembling an executable file. Out of various memory errors, local memory return errors, null pointer access errors and uninitialized pointer access errors are targeted for detection. When applying the proposed method to various programs including well-known open source programs such as Apache web server and PHP script interpreter, some potential memory errors are detected.

• Journal of Korea Society of Industrial Information Systems
• /
• v.20 no.5
• /
• pp.13-23
• /
• 2015

This thesis proposes a method for effectively detecting memory errors with low occurrence frequency that may occur depending on runtime situation by analyzing assembly codes obtained by disassembling an executable file. When applying the proposed method to various programs having no compilation error, a total of about 750 potential errors taken about 90 seconds are detected among 1 million lines of assembly codes corresponding to a total of about 10 thousand functions.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.938-941
• /
• 2010

Though a compiler checks memory errors, it is difficult for the compiler to detect function pointer errors in code level. Thus, in this paper, we propose a method for effectively detecting Invalid function pointer access errors, by analyzing assembly codes that are obtained by disassembling an executable file. To detect the errors, assembly codes in disassembled files are checked out based on the instruction transition diagrams which are constructed through analyzing normal usage patterns of function pointer access. When applying the proposed method to various programs having no compilation error, a total of about 500 potential errors including the ones of well-known open source programs such as Apache web server and PHP script interpreter are detected among 1 million lines of assembly codes corresponding to a total of about 10 thousand functions.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.377-380
• /
• 2024

최근 악성코드 제작 기술의 고도화에 따라 악성코드의 변종이 전세계적으로 급격히 증가하고 있다. 이러한 대량의 악성코드를 신속하고 정확하게 탐지하기 위한 새로운 악성코드 탐지 기술에 관한 연구가 절실히 필요하다. 본 연구는 기존의 정적 분석과 동적 분석 방법의 한계를 극복하기 위한 방법을 제안한다. 신속한 데이터 수집을 위하여 정적 분석을 이용하여 사용자 정의 함수의 어셈블리어 데이터를 수집하고 BERT 로 임베딩하고 LSTM 으로 악성코드를 분류하는 모델을 제안한다. 분류 데이터는 행위가 정확한 랜섬웨어를 사용하였고 총 세 종류의 랜섬웨어를 분류하였고 다중 분류의 결과로 85.5%의 분류 정확도를 달성하였다.

• Journal of Software Assessment and Valuation
• /
• v.17 no.2
• /
• pp.39-46
• /
• 2021

To analyze and defend malware codes, reverse engineering is used as identify function location information. However, the stripped binary is not easy to find information such as function location because function symbol information is removed. To solve this problem, there are various binary analysis tools such as BAP and BitBlaze IDA Pro, but they are based on heuristics method, so they do not perform well in general. In this paper, we propose a technique to extract function information using LSTM-based models by applying algorithms of N-byte method that is extracted binaries corresponding to reverse assembling instruments in a recursive descent method. Through experiments, the proposed techniques were superior to the existing techniques in terms of time and accuracy.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.280-282
• /
• 2017

최근 소프트웨어에 내장된 취약점 분석을 위한 자동화 도구 개발 연구가 각 분야에서 활발히 연구되고 있다. 그 중 바이너리 코드를 대상으로 바로 보안취약점을 분석하는 방법이 아닌 중간언어를 활용하여 분석하는 방법이 대두되고 있으며 이를 위한 다양한 중간언어가 제시되었다. 그 중 하이레벨 언어 수준의 내용의 기술이 가능하며 명령어 자체적으로 자료형을 유지하여 보안 취약점 분석에 효과적인 언어로 SIL 중간언어가 재조명 받고 있다. 따라서 본 논문에서는 이룰 위해서 x86/64 기반 어셈블리어를 SIL 로 효과적으로 변환하며 프로그램의 의미가 변하지 않는 것을 확인하기 위해서 프로그램의 제어흐름을 시각화하는 기능을 가진 시스템을 제안한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.3
• /
• pp.699-707
• /
• 2016

This paper proposes a low-complexity central processing unit (CPU) that is suitable for deeply embedded systems, including Internet of things (IoT) applications. The core features a 16-bit instruction set architecture (ISA) that leads to high code density, as well as a multicycle architecture with a counter-based control unit and adder sharing that lead to a small hardware area. A co-processor, instruction cache, AMBA bus, internal SRAM, external memory, on-chip debugger (OCD), and peripheral I/Os are placed around the core to make a system-on-a-chip (SoC) platform. This platform is based on a modified Harvard architecture to facilitate memory access by reducing the number of access clock cycles. The SoC platform and CPU were simulated and verified at the C and the assembly levels, and FPGA prototyping with integrated logic analysis was carried out. The CPU was synthesized at the ASIC front-end gate netlist level using a $0.18{\mu}m$ digital CMOS technology with 1.8V supply, resulting in a gate count of merely 7700 at a 50MHz clock speed. The SoC platform was embedded in an FPGA on a miniature board and applied to deeply embedded IoT applications.