• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.23 no.6
• /
• pp.1490-1495
• /
• 1998

Call packing has been recognized as a routing scheme that significantly reduces the blocking probability of connection requests in a circuit-switched Clos multistage interconnection network. In this paper, for the first time, a general analytical model for the point-to-point blocking probability of the call-packing scheme applied to Clos networks is developed. By introducing a new parameter called the degree of call packing, the model can correctly estimate the blocking probability of both call-packing and random routing schemes. The model is verified by computer simulation for various size networks and traffic conditions.

• The KIPS Transactions:PartC
• /
• v.16C no.5
• /
• pp.555-562
• /
• 2009

In malware accident investigation, the most important thing is detection of malicious code. Signature based anti-virus softwares have been used in most of the accident. Malware can easily avoid signature based detection by using packing or encryption method. Because of this, packed file detection is also important. Detection methods can be divided into signature based detection and entropy based detection. Signature based detection can not detect new packing. And entropy based detection has a problem with false positive. We provides detection method using entropy statistics of entry point section and 'write' properties of essential characteristic of packed file. And then, we show packing detection tool and evaluate its performance.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06d
• /
• pp.130-135
• /
• 2010

실형코드의 역공학(reverse engineering) 을 방지하기 위해서 패킹기법을 많이 사용하고 있다. 패킹을 적용하면 본래의 코드는 실형 압축되어 감춰지기 때문에 언패킹 과정을 거쳐야 바이너리 분석이 가능하게 된다. 언패킹을 위해 패킹된 프로그램에 스텁코드를 삽입하는데 스텁코드는 언패킹하기 위한 코드와 원본 프로그램의 IAT(Import Address Table) 등 중요한 정보를 담고 있다. 스텁코드를 보호하기 위하여 본 논문에서는 중요한 함수의 코드를 별도의 2차 스텁파일에 저장하고 중요한 함수가 있던 1차 스텁코드에는 더미코드를 삽입하여 역공학 공격을 방지하였다. 또한 본 논문에서 제안하는 프레임워크를 구현하고 성능을 평가하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2005.07a
• /
• pp.46-48
• /
• 2005

본 논문에서는 병렬 컴퓨팅의 스케줄링 시스템인 EASY Backfilling 알고리즘에 기반한 작업 패킹 기법의 최적화에 대해 논의한다. 이를 위해 최적의 작업 집합을 구성하기 위한 탐색 기법으로 유전자 알고리즘을 활용하여 작업 패킹을 효율적으로 수행함과 동시에, 적은 노드를 요청한 작업에 가중치를 부여함으로써 다수 작업의 동시 실행을 우선 고려하게 하였다. 스케줄링 정책은 컴퓨터 성능에 직접적인 영향을 미치는 요소이기 때문에 시스템 부하별로 각 워크로드의 평균 대기 시간을 측정한 실험을 통해 제안 기법이 전반적인 병렬 컴퓨팅의 성능을 개선함을 확인하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1043-1053
• /
• 2023

Malware analysts work diligently to analyze and counteract malware, while developers persistently devise evasion tactics, notably through packing and obfuscation techniques. Although previous works have proposed general unpacking approaches, they inadequately address techniques like OEP obfuscation and API obfuscation employed by modern packers, leading to occasional failures during the unpacking process. This paper examines the OEP and API obfuscation techniques utilized by various packers and introduces a system designed to automatically de-obfuscate them. The system analyzes the memory of packed programs, detects trampoline codes, and identifies obfuscated information, for program reconstruction. Experimental results demonstrate the effectiveness of our system in de-obfuscating programs that have undergone OEP and API obfuscation techniques.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.4B
• /
• pp.278-287
• /
• 2012

In this paper, we propose an allocation scheme for variable message packings to increase efficiency of military operation using Link-16 which is well-known for tactical data link by delivering imagery information rapidly. We propose a variable message packing scheme using COC waveform to support variable data rate under some coverage limitation. Variety of message packing makes Link-16 vary transmission rate appropriately for tactical environment. We also propose a allocation scheme to assign message packing to time slot properly. Finally we verify the performance and superiority of proposed ideas by simulations.

• Journal of Advanced Navigation Technology
• /
• v.16 no.3
• /
• pp.488-494
• /
• 2012

This paper classifies the self-defense techniques used by the malicious software based on their approaches, introduces the packing technique as one of the code protection methods and proposes a way to quickly analyze the packed malicious codes. Packing technique hides a malicious code and restore it at runtime. To analyze a packed code, it is initially required to find the entry point after restoration. To find the entry point, it has been used reversing the packing routine in which a jump instruction branches to the entry point. However, the reversing takes too much time because the packing routine is usually obfuscated. Instead of reversing the routine, this paper proposes an idea to search some features of the startup code in the standard library used to generate the malicious code. Through an implementation and a consequent empirical study, it is proved that the proposed approach is able to analyze malicious codes faster.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.9
• /
• pp.2294-2304
• /
• 1999

Our research purpose in this paper is to improve the performance of query processing in GIS(Geographic Information System) by enhancing the I/O performance exploiting parallel I/O and efficient disk access. By packing adjacent spatial data, which are very likely to be referenced concurrently, into one block or continuous disk blocks, the number of disk accesses and the disk access overhead for query processing can be decreased, and this eventually leads to the I/O time decrease. So, in this paper, we proposes EPR(Enhanced Parallel R-tree) indexing method which integrates the parallel I/O method of the previous Parallel R-tree method and a packing-based clustering method. The major characteristics of EPR method are as follows. First, EPR method arranges spatial data in the increasing order of proximity by using Hilbert space filling curve, and builds a packed R-tree by bottom-up manner. Second, with packing-based clustering in which arranged spatial data are clustered into continuous disk blocks, EPR method generates spatial data clusters. Third, EPR method distributes EPR index nodes and spatial data clusters on multiple disks through round-robin striping. Experimental results show that EPR method achieves up to 30% or more gains over PR method in query processing speed. In particular, the larger the size of disk blocks is and the smaller the size of spatial data objects is, the better the performance of query processing by EPR method is.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2019.11a
• /
• pp.206-207
• /
• 2019

MPEG 에서는 최대 6 자유도(6DoF)를 가지는 몰입형 미디어의 압축 표준화를 진행하고 있다. 360 비디오에 움직임 시차(parallax)를 추가한 것으로 정의되는 3DoF+의 가상 공간에서, 원하는 위치의 장면을 제공하려면 다른 위치에서 찍은 여러 비디오를 사용하여 임의의 원하는 시점의 뷰(view)를 렌더링 해야 한다. MPEG-I Visual 그룹에서는 이러한 3DoF+ 비디오의 효율적인 부호화 및 전송을 위한 표준화가 진행되고 있으며, 최근 시험모델(TMIV)을 개발하고 있다. 본 논문은 TMIV 에서 패치(patch)를 아틀라스(atlas)에 효율적으로 패킹하여 부호화 성능을 향상시킬 수 있는 패치 패킹 방법을 제안한다. 제안 방식은 패킹되는 패치들 간에 보호 대역(Guard Band)를 적용하여 패치간의 거리를 둠으로써 부호화로 인해 발생할 수 있는 아티팩트(artifact)를 줄여 최종 복원 뷰의 화질을 향상시킨다.

• Informatization Policy
• /
• v.24 no.4
• /
• pp.68-78
• /
• 2017

Malicious codes are currently becoming more complex and diversified, causing various problems spanning from simple information exposure to financial or psychologically critical damages. Even though many researches have studied using reverse engineering to detect these malicious codes, malicious code developers also utilize bypassing techniques against the code analysis to cause obscurity in code understanding. Furthermore, rootkit techniques are evolving to utilize such bypassing techniques, making it even more difficult to detect infection. Therefore, in this paper, we design the analysis process as a more agile countermeasure to malicious codes that bypass analysis techniques. The proposed analysis process is expected to be able to detect these malicious codes more efficiently.