• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1327-1337
• /
• 2019

With the growth of the IoT market, malware security threats are steadily increasing for devices that use the linux architecture. However, except for the major malware causing serious security damage such as Mirai, there is no related technology or research of security community about linux malware. In addition, the diversity of devices, vendors, and architectures in the IoT environment is further intensifying, and the difficulty in handling linux malware is also increasing. Therefore, in this paper, we propose an analysis system based on ELF which is the main format of linux architecture, and a binary based analysis system considering IoT environment. The ELF-based analysis system can be pre-classified for a large number of malicious codes at a relatively high speed and a relatively low-speed binary-based analysis system can classify all the data that are not preprocessed. These two processes are supposed to complement each other and effectively classify linux-based malware.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1365-1373
• /
• 2019

Meltdown and Spectre are vulnerabilities that exploit out-of-order execution and speculative execution techniques to read memory regions that are not accessible with user privileges. OS patches were released to prevent this attack, but older systems without appropriate patches are still vulnerable. Currently, there are some research to detect Meltdown and Spectre attacks, but most of them proposed dynamic analysis methods. Therefore, this paper proposes a binary signature that can be used to detect Meltdown and Spectre malware without executing them. For this, we collected 13 malicious codes from GitHub and performed binary pattern analysis. Based on this, we proposed a static detection method for Meltdown and Spectre malware. Our results showed that the method identified all the 19 attack files with 0.94% false positive rate when applied to 2,317 normal files.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.3
• /
• pp.965-983
• /
• 2014

Concurrent behaviors of multithreaded programs cannot be described effectively by automata-based models. Thus, concurrent program intrusion attempts cannot be detected. To address this problem, we proposed the process algebra-based detection model for multithreaded programs (PADMP). We generate process expressions by static binary code analysis. We then add concurrency operators to process expressions and propose a model construction algorithm based on process algebra. We also present a definition of process equivalence and behavior detection rules. Experiments demonstrate that the proposed method can accurately detect errors in multithreaded programs and has linear space-time complexity. The proposed method provides effective support for concurrent behavior modeling and detection.

• Korean Chemical Engineering Research
• /
• v.47 no.2
• /
• pp.174-178
• /
• 2009

A mushy layer of dendritic crystals is often formed during solidification of a binary mixture. Natural convection in the mushy layer is analyzed by using the propagation theory we have developed. The critical Rayleigh numbers for the onset of convection are evaluated numerically using the self-similar stability equations based on Emms and Fowler's model. The present results approach those from quasi-static stability analysis in the limit of a large superheat or a small growth rate of the mushy layer.

• Proceedings of the Acoustical Society of Korea Conference
• /
• 1993.06a
• /
• pp.121-124
• /
• 1993

This paper is a study on the word recognition using neural network. A limited vocabulary, speaker independent, isolated word recognition system has been built. This system recognizes isolated word without performing segmentation, phoneme identification, or dynamic time wrapping. It needs a static pattern approach to recognize a spatio-temporal pattern. The preprocessing only includes preceding and tailing silence removal, and word length determination. A LPC analysis is performed on each of 24 equally spaced frames. The PARCOR coefficients plus 3 other features from each frame is extracted. In order to simplify a structure of neural network, we composed binary code form to decrease output nodes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.31-40
• /
• 2024

Recently, static analysis-based signature and pattern detection technologies have limitations due to the advanced IT technologies. Moreover, It is a compatibility problem of multiple architectures and an inherent problem of signature and pattern detection. Malicious codes use obfuscation and packing techniques to hide their identity, and they also avoid existing static analysis-based signature and pattern detection techniques such as code rearrangement, register modification, and branching statement addition. In this paper, We propose an LLVM IR image-based automated static analysis of malicious code technology using machine learning to solve the problems mentioned above. Whether binary is obfuscated or packed, it's decompiled into LLVM IR, which is an intermediate representation dedicated to static analysis and optimization. "Therefore, the LLVM IR code is converted into an image before being fed to the CNN-based transfer learning algorithm ResNet50v2 supported by Keras". As a result, we present a model for image-based detection of malicious code.

• Journal of Korea Multimedia Society
• /
• v.12 no.9
• /
• pp.1309-1315
• /
• 2009

This research goal of developing and producing a tool that finds security weakness that may happen when a usual program is executed. The analyzing tool for security weakness has the major functions as follows. In case that a part of anticipated security weakness are in execution, it traces a machine language to a part in execution. And Monitoring System calls and DLL(API) calls when a program is in execution. The result of this study will enable to contribute to use as educational materials for security service in companies and related agencies and to prevent from hacking of external information invaders in the final analysis.

• Bulletin of the Korean Chemical Society
• /
• v.27 no.5
• /
• pp.718-724
• /
• 2006

The heterogeneous association behaviour of various concentration binary mixtures of mono alkyl ethers of ethylene glycol with ethyl alcohol were investigated by dielectric measurement in benzene solutions over the entire concentration range at 25 ${^{\circ}C}$. The values of static dielectric constant $\epsilon_0$ of the mixtures were measured at 1 MHz using a four terminal dielectric liquid test fixture and precision LCR meter. The high frequency limiting dielectric constant $\epsilon_\infty$ values were determined by measurement of refractive index $n_D$ ($\epsilon_\infty\;=\;n_D\;^2$). The measured values of $\epsilon_0$ and $\epsilon_\infty$ were used to evaluate the values of excess dielectric constant $\epsilon^E$, effective Kirkwood correlation factor $g^{eff}$ and corrective correlation factor $g_f$ of the binary polar mixtures to obtain qualitative and quantitative information about the H-bond complex formation. The non-linear behaviour of the observed $\epsilon_0$ values of the polar molecules and their mixtures in benzene solvent confirms the variation in the associated structures with change in polar mixture constituents concentration and also by dilution in non-polar solvents. Appearance of the maximum in $\epsilon^E$ values at different concentration of the polar mixtures suggest the formation of stable adduct complex, which depends on the molecular size of the mono alkyl ethers of ethylene glycol. Further, the observed $\epsilon^E$ < 0 also confirms the heterogeneous H-bond complex formation reduces the effective number of dipoles in these polar binary mixtures. In benzene solutions these polar molecules shows the maximum reduce in effective number of dipoles at 50 percent dilutions. But ethyl alcohol rich binary polar mixtures in benzene solvent show the maximum reduce in effective number of dipoles in benzene rich solutions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1039-1048
• /
• 2019

Symbolic execution, an automatic search method for vulnerability verification, has been technically improved over the last few years. However, it is still not practical to analyze the program using only the symbolic execution itself. One of the biggest reasons is that because of the path explosion problem that occurs during program analysis, there is not enough memory, and you can not find the solution of all paths in the program using symbolic execution. Thus, it is practical for the analyst to construct a path for symbolic execution to a target with vulnerability rather than solving all paths. In this paper, we propose a static analysis - based backward CFG(Control Flow Graph) generation technique that can be used in symbolic execution for program analysis. With the creation of a backward CFG, an analyst can select potential vulnerable points, and the backward path generated from that point can be used for future symbolic execution. We conducted experiments with Linux binaries(x86), and indeed showed that potential vulnerability selection and backward CFG path generation were possible in a variety of binary situations.

• Nuclear Engineering and Technology
• /
• v.19 no.4
• /
• pp.279-291
• /
• 1987

The event tree/fault tree techniques used in the current probabilistic risk assessment (PRA) of nuclear power plants are based on the binary and static description of the components and the system. While these techniques Bay be adequate in most of the safety studies, more advanced techniques, e.g., the Markov reliability analysis, are required to accurately study such problems as the plant availability assessments and technical specifications evaluations that are becoming increasingly important. This paper describes a Markov model for the Reactor Protection System of a pressurized water reactor and presents results of model evaluations for two testing policies in technical specifications.