• KIPS Transactions on Computer and Communication Systems
• /
• v.10 no.11
• /
• pp.297-304
• /
• 2021

Commercial obfuscation tools (protectors) aim to create difficulties in analyzing the operation process of software by applying obfuscation techniques and Anti-reversing techniques that delay and interrupt the analysis of programs in software reverse engineering process. In particular, in case of virtualization detection and anti-debugging functions, the analysis tool exits the normal execution flow and terminates the program. In this paper, we analyze Anti-reversing techniques of executables with Debugger Detection and Viralization Tools Detection options through VMProtect 3.5.0, one of the commercial obfuscation tools (protector), and address bypass methods using Pin. In addition, we predicted the location of the applied obfuscation technique by finding out a specific program termination routine through API analysis since there is a problem that the program is terminated by the Anti-VM technology and the Anti-DBI technology and drew up the algorithm flowchart for bypassing the Anti-reversing techniques. Considering compatibility problems and changes in techniques from differences in versions of the software used in experiment, it was confirmed that the bypass was successful by writing the pin automation bypass code in the latest version of the software (VMProtect, Windows, Pin) and conducting the experiment. By improving the proposed analysis method, it is possible to analyze the Anti-reversing method of the obfuscation tool for which the method is not presented so far and find a bypass method.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.10
• /
• pp.363-372
• /
• 2022

Since the recent COVID-19 Pandemic, the ransomware fandom has intensified along with the expansion of remote work. Currently, anti-virus vaccine companies are trying to respond to ransomware, but traditional file signature-based static analysis can be neutralized in the face of diversification, obfuscation, variants, or the emergence of new ransomware. Various studies are being conducted for such ransomware detection, and detection studies using signature-based static analysis and behavior-based dynamic analysis can be seen as the main research type at present. In this paper, the frequency of ".text Section" Opcode and the Native API used in practice was extracted, and the association between feature information selected using K-means Clustering algorithm, Cosine Similarity, and Pearson correlation coefficient was analyzed. In addition, Through experiments to classify and detect worms among other malware types and Cerber-type ransomware, it was verified that the selected feature information was specialized in detecting specific ransomware (Cerber). As a result of combining the finally selected feature information through the above verification and applying it to machine learning and performing hyper parameter optimization, the detection rate was up to 93.3%.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.1
• /
• pp.9-16
• /
• 2023

Robots are expected to expand their scope of application to the military field and take on important missions such as surveillance and enemy detection in the coming future warfare. Swarm robots can perform tasks that are difficult or time-consuming for a single robot to be performed more efficiently due to the advantage of having multiple robots. Swarm robots require mutual recognition and collaboration. So they send and receive vast amounts of data, making it increasingly difficult to verify SW. Hardware-in-the-loop simulation used to increase the reliability of mission verification enables SW verification of complex swarm robots, but the amount of verification data exchanged between the HILS device and the simulator increases exponentially according to the number of systems to be verified. So communication overload may occur. In this paper, we propose a digital twin-based communication optimization technique to solve the communication overload problem that occurs in mission verification of swarm robots. Under the proposed Digital Twin based Multi HILS Framework, Network DT can efficiently allocate network resources to each robot according to the mission scenario through the Network Controller algorithm, and can satisfy all sensor generation rates required by individual robots participating in the group. In addition, as a result of an experiment on packet loss rate, it was possible to reduce the packet loss rate from 15.7% to 0.2%.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.2
• /
• pp.85-92
• /
• 2023

Respiratory infections such as COVID-19 mainly occur within enclosed spaces. The presence or absence of abnormal symptoms of respiratory infectious diseases is judged through initial symptoms such as fever, cough, sneezing and difficulty breathing, and constant monitoring of these early symptoms is required. In this paper, image matching correction was performed for the RGB camera module and the thermal imaging camera module, and the temperature of the thermal imaging camera module for the measurement environment was calibrated using a blackbody. To detection the target recommended by the standard, a deep learning-based object recognition algorithm and the inner canthus recognition model were developed, and the model accuracy was derived by applying a dataset of 100 experimenters. Also, the error according to the measured distance was corrected through the object distance measurement using the Lidar module and the linear regression correction module. To measure the performance of the proposed model, an experimental environment consisting of a motor stage, an infrared thermography temperature screening system and a blackbody was established, and the error accuracy within 0.28℃ was shown as a result of temperature measurement according to a variable distance between 1m and 3.5 m.

• Journal of the Korea Convergence Society
• /
• v.12 no.11
• /
• pp.99-107
• /
• 2021

We live in a myriad of data. Various data are created in all situations in which we work, and we discover the meaning of data through big data technology. Many efforts are underway to find meaningful data. This paper introduces an analysis technique that enables humans to make better choices through the trend and prediction of time series data as a principal component analysis technique. Principal component analysis constructs covariance through the input data and presents eigenvectors and eigenvalues that can infer the direction of the data. The proposed method computes a reference axis in a time series data set having a similar directionality. It predicts the directionality of data in the next section through the angle between the directionality of each time series data constituting the data set and the reference axis. In this paper, we compare and verify the accuracy of the proposed algorithm with LSTM (Long Short-Term Memory) through cryptocurrency trends. As a result of comparative verification, the proposed method recorded relatively few transactions and high returns(112%) compared to LSTM in data with high volatility. It can mean that the signal was analyzed and predicted relatively accurately, and it is expected that better results can be derived through a more accurate threshold setting.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.2
• /
• pp.67-72
• /
• 2022

Recently, various intelligent application services using artificial intelligence are being actively developed. In particular, research on artificial intelligence-based real-time prediction services is being actively conducted in the manufacturing industry, and the demand for artificial intelligence services that can detect and predict fire and odors is very high. However, most of the existing detection and prediction systems do not predict the occurrence of fires and odors, but rather provide detection services after occurrence. This is because AI-based prediction service technology is not applied in existing systems. In addition, fire prediction, odor detection and odor level prediction services are services with ultra-low delay characteristics. Therefore, in order to provide ultra-low-latency prediction service, edge computing technology is combined with artificial intelligence models, so that faster inference results can be applied to the field faster than the cloud is being developed. Therefore, in this paper, we propose an LSTM algorithm-based learning model that can be used for fire prediction and odor detection/prediction, which are most required in the manufacturing industry. In addition, the proposed learning model is designed to be implemented in edge devices, and it is proposed to receive real-time sensor data from the IoT terminal and apply this data to the inference model to predict fire and odor conditions in real time. The proposed model evaluated the prediction accuracy of the learning model through three performance indicators, and the evaluation result showed an average performance of over 90%.

• Journal of the Korean Society of Marine Environment & Safety
• /
• v.27 no.7
• /
• pp.1098-1105
• /
• 2021

The International Maritime Organization has steadily strengthened environmental regulations on nitrogen oxides and carbon dioxide emitted from marine vessels. Consequently, the demand for electric propulsion vessels based on eco-friendly elements has increased. To this end, research and development has been steadily conducted for various vessels. In electric propulsion systems, a redundancy configuration is typically adopted to increase reliability and facilitate the onboard arrangement. Furthermore, studies have been actively conducted to ensure the safety of electric propulsion systems through the combination with digital twin technology. A digital twin can be used to predict outcomes in advance by implementing real-world equipment or space in a virtual world like twins, integrating real-world information and data with the virtual world, and performing computer simulations of situations that can occur in a real environment. In this study, we perform failure modes and effects analysis (FMEA) to validate the electric power management system (PMS) redundancy scheme for the digital twin technology development of electric propulsion vessels. Then, we propose the role and algorithm of PMS as a compensation function for preventing primary and secondary damages caused by a single equipment failure of the PMS and preventing additional damages by analyzing the impact on the entire system under real vessel operating conditions based on the redundancy FMEA suggested for the ship classification and certification. We verified the improvement in propulsion conservation through tests.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.5
• /
• pp.171-182
• /
• 2022

The safe use of a structure requires it to be maintained in an undamaged state. Thus, a typical factor that determines the safety of a structure is a crack in it. In addition, cracks are caused by various reasons, damage the structure in various ways, and exist in different shapes. Making matters worse, if these cracks are unattended, the risk of structural failure increases and proceeds to a catastrophe. Hence, recently, methods of checking structural damage using deep learning and computer vision technology have been introduced. These methods usually have the premise that there should be a large amount of training image data. However, the amount of training image data is always insufficient. Particularly, this insufficiency negatively affects the performance of deep learning crack detection algorithms. Hence, in this study, a method of augmenting crack image data based on the image translation technique was developed. In particular, this method obtained the crack image data for training a deep learning neural network model by transforming a specific case of a asphalt crack image into a concrete crack image or vice versa . Eventually, this method expected that a robust crack detection algorithm could be developed by increasing the diversity of its training data.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.22 no.3
• /
• pp.163-169
• /
• 2022

According to the Credit Information Act, in order to protect customer information by relationship of credit information subjects, it is destroyed and stored separately in two stages according to the period after the financial transaction effect is over. However, there is a limitation in that the destruction of personal credit information of customers whose financial transaction effect has expired cannot be collectively destroyed when the transaction has been terminated, depending on the nature of the financial product and transaction. To this end, the IT person in charge is developing a computerized program according to the target and order of destruction by investigating the business relationship by transaction type in advance. In this process, if the identification of the upper relation between tables is unclear, a compliance issue arises in which personal credit information cannot be destroyed or even information that should not be destroyed because it depends on the subjective judgment of the IT person in charge. Therefore, in this paper, we propose a model and algorithm for identifying the referenced table based on SQL executed in the computer program, analyzing the upper relation between tables with the primary key information of the table, and visualizing and objectively selecting the range to be destroyed. presented and implemented.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.21 no.5
• /
• pp.274-286
• /
• 2022

Multi-object tracking has been studied for a long time under computer vision and plays a critical role in applications such as autonomous driving and driving assistance. Multi-object tracking techniques generally consist of a detector that detects objects and a tracker that tracks the detected objects. Various publicly available datasets allow us to train a detector model without much effort. However, there are relatively few publicly available datasets for training a tracker model, and configuring own tracker datasets takes a long time compared to configuring detector datasets. Hence, the detector is often developed separately with a tracker module. However, the separated tracker should be adjusted whenever the former detector model is changed. This study proposes a system that can train a model that performs detection and tracking simultaneously using only the detector training datasets. In particular, a Siam network with augmentation is used to compose the detector and tracker. Experiments are conducted on public datasets to verify that the proposed algorithm can formulate a real-time multi-object tracker comparable to the state-of-the-art tracker models.