• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.16 no.3
• /
• pp.161-166
• /
• 2023

In recent years, new and variant hacking of binary codes has increased, and the limitations of techniques for detecting malicious codes in source programs and defending against attacks are often exposed. Advanced software security vulnerability detection technology using machine learning and deep learning technology for binary code and defense and response capabilities against attacks are required. In this paper, we propose a malware clustering method that groups malware based on the characteristics of the taint information after entering dynamic taint information by tracing the execution path of binary code. Malware vulnerability detection was applied to a three-layered Few-shot learning model, and F1-scores were calculated for each layer's CPU and GPU. We obtained 97~98% performance in the learning process and 80~81% detection performance in the test process.

• Nuclear Engineering and Technology
• /
• v.41 no.5
• /
• pp.747-752
• /
• 2009

A vulnerability assessment is essential for the efficient operation of a physical protection system (PPS). Previous assessment codes have used a simple model called an adversary sequence diagram. In this study, the use of a two-dimensional (2D) map of a facility as a model for a PPS is suggested as an alternative approach. The analysis of a 2D model, however, consumes a lot of time. Accordingly, a generalized heuristic algorithm has been applied to address this issue. The proposed assessment method was implemented to a computer code; Systematic Analysis of physical Protection Effectiveness (SAPE). This code was applied to a variety of facilities and evaluated for feasibility by applying it to various facilities. To help upgrade a PPS, a sensitivity analysis of all protection elements along a chosen path is proposed. SAPE will help to accurately and intuitively assess a PPS.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.3
• /
• pp.49-57
• /
• 2010

We extended a general attack tree to apply cyber attack model for network vulnerability analysis. We defined an extended cyber attack tree (E-CAT) which extends the general attack tree by associating each node of the tree with a transition of attack that could have contributed to the cyber attack. The E-CAT resolved the limitation that a general attack tree can not express complex and sophisticate attacks. Firstly, the Boolean expression can simply express attack scenario with symbols and codes. Secondary, An Attack Generation Probability is used to select attack method in an attack tree. A CONDITION-composition can express new and modified attack transition which a aeneral attack tree can not express. The E-CAT is possible to have attack's flexibility and improve attack success rate when it is applied to cyber attack model.

• Convergence Security Journal
• /
• v.12 no.4
• /
• pp.3-8
• /
• 2012

Smartphones have all the recent technology integration and NFC (Near Field Communication) Technology is one of them and become an essential these days. Despite using smartphones with NFC technology widely, not many security vulnerabilities have been discovered. This paper attempts to identify characteristics and various services in NFC technology, and to present a wide range of security vulnerabilities, prevention, and policies especially in NFC Contactless technology. We describe a security vulnerability and an possible threat based on human vulnerability and traditional malware distribution technic using Peer-to-Peer network on NFC-Enabled smartphones. The vulnerability is as follows: An attacker creates a NFC tag for distributing his or her malicious code to unspecified individuals and apply to hidden spot near by NFC reader in public transport like subway system. The tag will direct smartphone users to a certain website and automatically downloads malicious codes into their smartphones. The infected devices actually help to spread malicious code using P2P mode and finally as traditional DDoS attack, a certain target will be attacked by them at scheduled time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.869-879
• /
• 2022

Through this study, we discovered that among three types of compressed data blocks generated through the Deflate algorithm, No-Payload Non-Compressed Block type (NPNCB) which has no literal data can be randomly generated and inserted between normal compressed blocks. In the header of the non-compressed block, there is a data area that exists only for byte alignment, and we called this area as DBA (Disposed Bit Area), where an attacker can hide various malicious codes and data. Finally we found the vulnerability that hides malicious codes or arbitrary data through inserting NPNCBs with infected DBA between normal compressed blocks according to a pre-designed attack scenario. Experiments show that even though contaminated NPNCB blocks were inserted between normal compressed blocks, commercial programs decoded normally contaminated zip file without any warning, and malicious code could be executed by the malicious decoder.

• The KIPS Transactions:PartA
• /
• v.15A no.1
• /
• pp.45-52
• /
• 2008

In this paper we define a vulnerable code to symbolic link exploit and propose a technique to detect this using program analysis. The existing methods to solve symbolic link exploit is for protecting it, on accessing a temporary file they should perform an investigation whether the file is attacked by symbolic link exploit. If programmers miss the investigation, the program may be revealed to symbolic link exploit. Because our technique detects all the vulnerable codes to symbolic link exploit, it helps programmers keep the program safety. Our technique add two type qualifiers to the existing type system to analyze vulnerable codes to symbolic link exploit, it detects the vulnerable codes using type checking including the added type qualifiers. Our technique detects all the vulnerable codes to symbolic link exploit automatically, it has the advantage of saving costs of modifying and of overviewing all codes because programmers apply the methods protecting symbolic link exploit to only the detected codes as vulnerable. We experiment our analyzer with widely used programs. In our experiments only a portion of all the function fopen() is analyzed as the vulnerabilities to symbolic link exploit. It shows that our technique is useful to diminish modifying codes.

• Earthquakes and Structures
• /
• v.5 no.4
• /
• pp.379-394
• /
• 2013

Post-earthquake fire (PEF) can lead to a rapid collapse of buildings damaged partially as a result of prior earthquake. Almost all standards and codes for the design of structures against earthquake ignore the risk of PEF, and thus buildings designed using those codes could be too weak when subjected to a fire after an earthquake. An investigation based on sequential analysis inspired by FEMA356 is performed here on the Immediate Occupancy, Life Safety and Collapse Prevention performance levels of structures, designed to the ACI 318-08 code, after they are subjected to an earthquake level with PGA of 0.35g. This investigation is followed by a fire analysis of the damaged structures, examining the time taken for the damaged structures to collapse. As a point of reference, a fire analysis is also performed for undamaged structures and before the occurrence of earthquake. The results indicate that the vulnerability of structures increases dramatically when a previously damaged structure is exposed to PEF. The results also show that the damaging effects of post-earthquake fire are exacerbated when initiated from the second and third floor. Whilst the investigation is made for a certain class of structures (conventional buildings, intermediate reinforced structure, 3 stories), the results confirm the need for the incorporation of post-earthquake fire into the process of analysis and design, and provides some quantitative measures on the level of associated effects.

• Earthquakes and Structures
• /
• v.12 no.3
• /
• pp.359-374
• /
• 2017

The seismic events in Northern Italy, May 2012, have revealed the seismic vulnerability of typical Italian precast industrial buildings. The aim of this paper is to present a seismic fragility model for Italian RC precast buildings, to be used in earthquake loss estimation and seismic risk assessment by comparing two building typologies and three different codes: D.M. 3-03-1975, D.M. 16-01-1996 and current Italian building code that has been released in 2008. Based on geometric characteristics and design procedure applied, ten different building classes were identified. A Monte Carlo simulation was performed for each building class in order to generate the building stock used for the development of fragility curves trough analytical method. The probabilistic distributions of geometry were mainly obtained from data collected from 650 field surveys, while the material properties were deduced from the code in place at the time of construction or from expert opinion. The structures were modelled in 2D frameworks; since the past seismic events have identified the beam-column connection as the weakest element of precast buildings, two different modelling solutions were adopted to develop fragility curves: a simple model with post processing required to detect connection collapse and an innovative modelling solution able to reproduce the real behaviour of the connection during the analysis. Fragility curves were derived using both nonlinear static and dynamic analysis.

• The KIPS Transactions:PartC
• /
• v.15C no.4
• /
• pp.239-244
• /
• 2008

It is not enough to reduce damages of computer systems by just patching vulnerability codes after incidents occur. It is necessary to detect and block intrusions by boosting the durability of systems even if there are vulnerable codes in systems. This paper proposes a robust real-time intrusion detection method by monitoring root privileged processes instead of system administrators in Linux systems. This method saves IP addresses of users in the process table and monitors IP addresses of every root privileged process. The proposed method is verified to protect vulnerable programs against the buffer overflow by using KON program. A configuration protocol is proposed to manage systems remotely and host IP addresses are protected from intrusions safely through this protocol.

• Advances in concrete construction
• /
• v.1 no.1
• /
• pp.29-44
• /
• 2013

Post earthquake fire (PEF) can lead to the collapse of buildings that are partially damaged in a prior ground-motion that occurred immediately before the fire. The majority of standards and codes for the design of structures against earthquake ignore the possibility of PEF and thus buildings designed with those codes could be too weak when subjected to a fire after an earthquake. An investigation based on sequential analysis inspired by FEMA356 is performed here on the Life-Safety performance level of structures designed to the ACI 318-08 code after they are subjected to two different earthquake levels with PGA of 0.35 g and 0.25 g. This is followed by a four-hour fire analysis of the weakened structure, from which the time it takes for the weakened structure to collapse is calculated. As a benchmark, the fire analysis is also performed for undamaged structure and before occurrence of earthquake. The results show that the vulnerability of structures increases dramatically when a previously damaged structure is exposed to PEF. The results also show the damaging effects of post earthquake fire are exacerbated when initiated from second and third floor. Whilst the investigation is for a certain class of structures (regular building, intermediate reinforced structure, 3 stories), the results confirm the need for the incorporation of post earthquake fire in the process of analysis and design and provides some quantitative measures on the level of associated effects.