• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.9B
• /
• pp.610-618
• /
• 2005

As developed Internet and Computer Capability, Many Users take the many information through the network. So requirement of User that use to network was rapidly increased and become various. But it spend much time to accept user requirement on current network, so studied such as Active network for solved it. This Active node on Active network have the capability that stored and processed execution code aside from capability of forwarding packet on current network. So required execution code for executed packet arrived in active node, if execution code should not be in active node, have to take by request previous Action node and Code Server to it. But if this execution code take from previous active node and Code Server, bring to time delay by transport execution code and increased traffic of network and execution time. So, As used execution code stored in cache on active node, it need to increase execution time and decreased number of request. So, our paper suggest ANC caching technique that able to decrease number of execution code request and time of execution code by efficiently store execution code to active node. ANC caching technique may decrease the network traffic and execution time of code, to decrease request of execution code from previous active node.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.519-529
• /
• 2019

Nowadays, intelligent Android malware applies anti-analysis techniques to hide malicious behaviors and make it difficult for anti-virus vendors to detect its presence. Malware can use background components to hide harmful operations, use activity-alias to get around with automation script, or wipe the logcat to avoid forensics. During our study, several static analysis tools can not extract these hidden components like main activity, and dynamic analysis tools also have problem with code coverage due to partial execution of android malware. In this paper, we design and implement a system to analyze intelligent malware that uses anti-analysis techniques to improve detection rate of evasive malware. It extracts the hidden components of malware, runs background components like service, and generates all the intent events defined in the app. We also implemented a real-time logging system that uses modified logcat to block deleting logs from malware. As a result, we improve detection rate from 70.9% to 89.6% comparing other container based dynamic analysis platform with proposed system.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.06d
• /
• pp.283-285
• /
• 2006

무선 센서 네트워크를 구성하는 센서 노드는 한번 배치되면 사람의 간섭 없이 오랜 기간 동안 동작하는 데 실행중인 소프트웨어를 수정 또는 추가를 할 필요가 있다. 그러나 센서 노드를 회수하기 어려운 경우가 있기 때문에 원격 코드 업데이트 기법이 필요하게 되고, 이를 위한 신뢰성 있는 코드 전송 프로토콜에 대한 연구가 활발하게 진행되고 있다. 하지만 신뢰성만을 고려한 코드 전송 프로토콜은 코드를 안정적으로 전송하기만을 고려하기 때문에 코드를 신속하게 전송한다는 관점에 대한 고려가 부족하다는 한계를 갖는다. 그 결과 긴 코드 전송시간에 의해 불필요한 에너지 소모를 발생함으로써 센서노드의 에너지 효율을 저하시키게 된다. 본 논문에서는 기존의 코드 전송 프로토콜들이 가지는 한계를 극복하는 FCPP(Fast code propagation protocol)을 제안하였다. FCPP는 신뢰성 있는 전송뿐만 아니라 신속함을 고려한 접근 방법을 제시하고 있다. 새로 제안한 알고리즘은 RTT기반의 전송률 조절과 NACK 억제 기법으로 네트워크 상태를 반영한 전송률 조절과 에러복구에 의한 불필요한 전송지연을 피하도록 하여 네트워크의 사용률을 최대화하여 신속한 코드 전송을 가능하게 한다. 또한 ns-2 시뮬레이터를 이용한 실험을 통해 제안한 FCPP가 센서 네트워크의 코드 전송에서 신뢰성 및 신속함을 모두 만족시킬 수 있음을 확인하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.05a
• /
• pp.181-182
• /
• 2021

악성코드 분석방법의 발전에 따라 악성코드의 분석우회기법도 나날이 발전하여 대량의 악성코드분석이 다양한 이유로 수행되지 않고 있다. 대부분의 악성코드는 소스코드가 없는 바이너리로 동적 분석이 동작하지 않는 원인을 파악하기 어렵다. 동적 분석이 실행되지 않는 악성코드들은 입력 값에 따라 악성코드가 동작하거나, 특정 시간대를 일치하는 등 다양한 트리거가 존재한다. 본 논문에서는 트리거가 필요한 악성코드에 대해 바이너리 리프팅(lifting) 기술을 활용한 새로운 동적 분석방법을 제안한다. 바이너리 리프팅 기술은 소스코드가 없는 바이너리를 LLVM IR 로 변환시키는 기술로서 이를 활용해 입력 값 유무에 따른 악성코드를 판별하고자 한다. 전달인자를 사용하는 코드와 사용하지 않는 코드간 LLVM IR 을 비교분석하여 전달인자에 따른 악성코드 동작 여부를 판별해 대량의 악성코드 동적 분석시스템의 분석률을 높이는 방안을 제안하고자 한다.

• Journal of KIISE
• /
• v.42 no.7
• /
• pp.860-867
• /
• 2015

In the defense field, weapon systems are increasing in importance, as well as the weight of the weapon system embedded software development as an advanced technology. As the development of a network-centric warfare has become important to secure the reliability and quality of embedded software in modern weapons systems in battlefield situations. Also, embedded software problems are transferred to the production stage in the development phase and the problem gives rise to an enormous loss at the national level. Furthermore, development companies have not systematically constructed a software reliability test. This study suggests that approaches about a qualityverification- system establishment of embedded software, based on a variety of source code reliability test verification case analysis.

• Journal of KIISE:Information Networking
• /
• v.35 no.1
• /
• pp.1-10
• /
• 2008

Once the sensor node in wireless sensor networks is installed, it usually operates without human intervention for a long time. The remote code update scheme is required because it is difficult to recall the sensor node in many situations. Therefore, studies on the reliable and efficient transport protocol for code propagation in wireless sensor networks have been increasingly done. However, by considering only the stability aspect of transmission, most of previous works ignore the consideration on the fast code propagation. This results the energy inefficiency by consuming unnecessary energy due to the slow code propagation. In this paper, in order to overcome limitation of the previous code propagation protocols, we propose a new code propagation protocol called "FCPP(Fast Code Propagation Protocol)". The FCPP aims at improving the reliability at well as performance. For this purpose, the FCPP accomplishes the fast code propagation by using the RTT-based transmission rate control and NACK suppression scheme, which provides a better the network utilization and avoids a unnecessary transmission delay. Based on the ns-2 simulation result, we prove that the FCPP Improves significantly both reliability and performance.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.9
• /
• pp.2269-2279
• /
• 1997

SVLIW (Superscalar VLIW) processor, a family of VLIW processors schedules very long instruction words at runtime. If a very long instruction word that is to be issued occurs data dependence relations and/or resource conflicts with those words that were under execution, a long NOP word is issued instead of the word until all the data dependence relations and/or resource conflicts have been resolved. Thus, LNOPs can be removed in object codes for SVLIW processors. In this paper, we measure an improvement of the cache hit ratio caused by removing LNOPs in the object code. We also analyze an improvement of the processor performance due to higher cache hit ratio of the processor. Benchmark tests promise that the performance of SVLIW processors is improved more than 5% compared with that of traditional VLIW processors.

• The Transactions of the Korea Information Processing Society
• /
• v.5 no.8
• /
• pp.2164-2178
• /
• 1998

본 논문에서는 한 사이클에 여러 개의 명령들이 다중 이슈되어 명령어 수준에서 병렬처리되는 ILP 프로세서의 성능을 측정하고 평가하는 시스템을 개발한다. 개발되는 시스템은 C 컴파일러와 시뮬레이터로 구성된다. C 컴파일러는 C 소스 프로그램을 입력으로 받아 3-주소 코드형태의 중간언어를 생성한다. 생성된 중간언어는 ILP 프로세서의 환경 파라미터와 함께 시뮬레이터에 입력되어 시뮬레이션된 후 메모리 내용, 수행된 클럭 수 및 명령 트레이스, 수행된 명령들의 동적 빈도수, 분기명령의 예측률, profiling 정보 등을 생성한다. 개발된 성능측정 시스템의 동작 검증을 위하여 순차이슈 되어 정적으로 스케쥴링 되는 조건실행 방식의 성능과 분기처리 방식의 성능을 측정하여 분석한다.

• KIPS Transactions on Software and Data Engineering
• /
• v.8 no.7
• /
• pp.265-274
• /
• 2019

The reliability test performed when developing the weapon system software is classified into static test and dynamic test. In static test, checking the coding rules, vulnerabilities and source code metric are performed without executing the software. In dynamic test, its functions are verified by executing the actual software based on requirements and the code coverage is measured. The purpose of this static/dynamic test is to find out defects that exist in the software. However, there still exist defects that can't be detected only by the current reliability test on the weapon system software. In this paper, whether defects that may occur in the software can be detected by static test and dynamic test of the current reliability test on the weapon system is analyzed through experiments. As a result, we provide guidance on improving the reliability test of weapon system software, especially the dynamic test.

• Journal of Advanced Navigation Technology
• /
• v.16 no.3
• /
• pp.488-494
• /
• 2012

This paper classifies the self-defense techniques used by the malicious software based on their approaches, introduces the packing technique as one of the code protection methods and proposes a way to quickly analyze the packed malicious codes. Packing technique hides a malicious code and restore it at runtime. To analyze a packed code, it is initially required to find the entry point after restoration. To find the entry point, it has been used reversing the packing routine in which a jump instruction branches to the entry point. However, the reversing takes too much time because the packing routine is usually obfuscated. Instead of reversing the routine, this paper proposes an idea to search some features of the startup code in the standard library used to generate the malicious code. Through an implementation and a consequent empirical study, it is proved that the proposed approach is able to analyze malicious codes faster.