• The Transactions of the Korea Information Processing Society
• /
• v.1 no.4
• /
• pp.479-489
• /
• 1994

At the present time, it is an important problem that we are to select a transmission line code for the very-high speed optical transmission system which can confidentially transfer the original information signal sequence efficiently, as it is to be the large capacity and the economization for the optical digital transmission system to transfer the information signal sequence at the very-high speed. Therefore, this paper is to select first the proper transmission line codes for the high speed(more than Mb/s) optical transmission system of the proposed two-level unipolar transmission line codes up to date, and to decide a mBIZ (m Binary with One Zero insertion) code as an optimal transmission line code for the very-high speed optical transmission system, resulting from analyzing the performance at the requirements of the transmission line code, such as the maximum consecutive identical digits, the transmission delay time, the increasing rate of clock, the mark rate, the circuit complexity, the supervision of transmission line error, and power spectrum among the selected transmission line codes.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.10
• /
• pp.129-139
• /
• 2013

Java bytecodes are executed not on target machine but on the Java virtual machines. Since this bytecodes use a higher level representation than binary code, it is possible to decompile most bytecodes back to Java source. Obfuscation is the technique of obscuring code and it makes program difficult to understand. However, most of the obfuscation techniques make the code size and the performance of obfuscated program bigger and slower than original program. In this paper, we proposed an effective Java obfuscation techniques using assignment statements merging that make the source program difficult to understand. The basic approach is to merge assignments statements to append side effects of statement. An additional benefit is that the size of the bytecode is reduced.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.443-454
• /
• 2020

The JavaScript engine is a module that receives JavaScript code as input and processes it, among many functions that are loaded into web browsers and display web pages. Many fuzzing test studies have been conducted as vulnerabilities in JavaScript engines could threaten the system security of end-users running JavaScript through browsers. Some of them have increased fuzzing efficiency by guiding test coverage in JavaScript engines, but no coverage guided fuzzing of optimized, dynamically generated machine code was attempted. Optimized JavaScript codes are difficult to perform sufficient iterative testing through fuzzing due to the function of runtime guards to free the code in the event of exceptional control flow. To solve these problems, this paper proposes a method of performing fuzzing tests on optimized machine code by avoiding deoptimization. In addition, we propose a method to measure the coverage of runtime-guards by the dynamic binary instrumentation and to guide increment of runtime-guard coverage. In our experiment, our method has outperformed the existing method at two measures: runtime coverage and iteration by time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.31-40
• /
• 2024

Recently, static analysis-based signature and pattern detection technologies have limitations due to the advanced IT technologies. Moreover, It is a compatibility problem of multiple architectures and an inherent problem of signature and pattern detection. Malicious codes use obfuscation and packing techniques to hide their identity, and they also avoid existing static analysis-based signature and pattern detection techniques such as code rearrangement, register modification, and branching statement addition. In this paper, We propose an LLVM IR image-based automated static analysis of malicious code technology using machine learning to solve the problems mentioned above. Whether binary is obfuscated or packed, it's decompiled into LLVM IR, which is an intermediate representation dedicated to static analysis and optimization. "Therefore, the LLVM IR code is converted into an image before being fed to the CNN-based transfer learning algorithm ResNet50v2 supported by Keras". As a result, we present a model for image-based detection of malicious code.

• Journal of Astronomy and Space Sciences
• /
• v.23 no.4
• /
• pp.311-318
• /
• 2006

High-precision photometric observations were performed in BVI bandpasses using Am robotic telescope at Mt. Lemmon Observatory for two binary stars, which are reclassified as W UMa-type systems from ROTSE(Robotic Optical Transient Search Experiment) follow-up observations and show peculiar light variations. In order to analyze W UMa-type eclipsing binaries systematically, the light curve analysis script using 2005 version of Wilson-Devinney binary code is constructed. The orbital inclinations of GSC2S84-1731 and GSC2576-0319 are $43.^{\circ}5\;and\;57.^{\circ}6$ from light-curve analysis, respectively. Spot model is applied to explain the asymmetric light curve for GSC2S84-1731 and the spot parameters are derived.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.75-84
• /
• 2015

In an "NTFS Index Record Data Hiding" method messages are hidden by using file names. Windows NTFS file naming convention has some forbidden ASCII characters for a file name. When inputting Hangul with the Roman alphabet, if the forbidden characters for the file name and binary data are used, the codes are convert to a designated unicode point to avoid a file creation error due to unsuitable characters. In this paper, the problem of a file creation error due to non-admittable characters for the file name is fixed, which is used in the index record data hiding method. Using Hangul with Roman alphabet the characters cause a file creation error are converted to an arbitrary unicode point except Hangul and Roman alphabet area. When it comes to binary data, all 256 codes are converted to designated unicode area except an extended unicode(surrogate pairs) and ASCII code area. The results of the two cases, i.e. the Hangul with Roman alphabet case and the binary case, show the applicability of the proposed method.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.3
• /
• pp.609-616
• /
• 2014

Large linear span makes difficult to predict, so this study is important to the security and code system. It has been studied about the non-linear binary sequences having low correlation values and large linear span. In this paper we analyze the linear span of $S^r_a(t)=Tr^m_1\{[Tr^n_m(a{\alpha}^t+{\alpha}^{dt})]^r\}$ ($a{\in}GF(2^m)$, $0{\leq}t{\leq}2^m-2$) where n=2m and $d=2^{m-2}(2^m+3)$.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.6
• /
• pp.541-547
• /
• 2019

Recent developments in hacking technology are continuing to increase the number of new security vulnerabilities. Approximately 80,000 new vulnerabilities have been registered in the Common Vulnerability Enumeration (CVE) database, which is a representative vulnerability database, from 2010 to 2015, and the trend is gradually increasing in recent years. While security vulnerabilities are growing at a rapid pace, responses to security vulnerabilities are slow to respond because they rely on manual analysis. To solve this problem, there is a need for a technology that can automatically detect and patch security vulnerabilities and respond to security vulnerabilities in advance. In this paper, we propose the technology to extract the features of the vulnerability-discovery target binary through complexity analysis, and select a vulnerability-discovery strategy suitable for the feature and automatically explore the vulnerability. The proposed technology was compared to the AFL, ANGR, and Driller tools, with about 6% improvement in code coverage, about 2.4 times increase in crash count, and about 11% improvement in crash incidence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1043-1052
• /
• 2020

Signature-based malicious code detection methods share a common limitation; it is very hard to detect modified malicious codes or new malware utilizing zero-day vulnerabilities. To overcome this limitation, many studies are actively carried out to classify malicious codes using N-gram. Although they can detect malicious codes with high accuracy, it is difficult to identify malicious codes that uses very short codes such as Spectre. We propose a function level N-gram comparison algorithm to effectively identify the Spectre binary. To test the validity of this algorithm, we built N-gram data sets from 165 normal binaries and 25 malignant binaries. When we used Random Forest models, the model performance experiments identified Spectre malicious functions with 99.99% accuracy and its f1-score was 92%.

• Journal of the Institute of Convergence Signal Processing
• /
• v.19 no.2
• /
• pp.47-53
• /
• 2018

This paper proposes a method to express an MP3 audio file by a series of color QR codes which can be printed on the paper. Moreover, the method can compress the data considerably. Firstly, an MP3 file is divided into many small files which have maximum capacity of binary file of a QR code. Secondly, the multiple files are converted to multiple black-and-white QR codes. Lastly, every three QR codes are combined into color QR codes. When combining, each of three black-and-white QR codes are regarded as red, green, blue components respectively. In this method, the areas of a color QR code where two QR codes are overlapped are expressed by the colors Cyan, Magenta and Yellow. And the areas where three components are overlapped are expressed by white color. Contrarily, the areas that no components are overlapped are expressed by white color. Experimentation result shows that an MP3 file with 8.5MB the original MP3 files are compressed with the compression rate around 15.7. This method has the advantage that can be used in the environments that the internet access is impossible.