• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.6
• /
• pp.155-164
• /
• 2018

Many malicious programs have been compressed or encrypted using various commercial packers to prevent reverse engineering, So malicious code analysts must decompress or decrypt them first. The OEP (Original Entry Point) is the address of the first instruction executed after returning the encrypted or compressed executable file back to the original binary state. Several unpackers, including PinDemonium, execute the packed file and keep tracks of the addresses until the OEP appears and find the OEP among the addresses. However, instead of finding exact one OEP, unpackers provide a relatively large set of OEP candidates and sometimes OEP is missing among candidates. In other words, existing unpackers have difficulty in finding the correct OEP. We have developed new tool which provides fewer OEP candidate sets by adding two methods based on the property of the OEP. In this paper, we propose two methods to provide fewer OEP candidate sets by using the property that the function call sequence and parameters are same between packed program and original program. First way is based on a function call. Programs written in the C/C++ language are compiled to translate languages into binary code. Compiler-specific system functions are added to the compiled program. After examining these functions, we have added a method that we suggest to PinDemonium to detect the unpacking work by matching the patterns of system functions that are called in packed programs and unpacked programs. Second way is based on parameters. The parameters include not only the user-entered inputs, but also the system inputs. We have added a method that we suggest to PinDemonium to find the OEP using the system parameters of a particular function in stack memory. OEP detection experiments were performed on sample programs packed by 16 commercial packers. We can reduce the OEP candidate by more than 40% on average compared to PinDemonium except 2 commercial packers which are can not be executed due to the anti-debugging technique.

• Journal of Intelligence and Information Systems
• /
• v.21 no.1
• /
• pp.29-45
• /
• 2015

Response modeling is a well-known research issue for those who have tried to get more superior performance in the capability of predicting the customers' response for the marketing promotion. The response model for customers would reduce the marketing cost by identifying prospective customers from very large customer database and predicting the purchasing intention of the selected customers while the promotion which is derived from an undifferentiated marketing strategy results in unnecessary cost. In addition, the big data environment has accelerated developing the response model with data mining techniques such as CBR, neural networks and support vector machines. And CBR is one of the most major tools in business because it is known as simple and robust to apply to the response model. However, CBR is an attractive data mining technique for data mining applications in business even though it hasn't shown high performance compared to other machine learning techniques. Thus many studies have tried to improve CBR and utilized in business data mining with the enhanced algorithms or the support of other techniques such as genetic algorithm, decision tree and AHP (Analytic Process Hierarchy). Ahn and Kim(2008) utilized logit, neural networks, CBR to predict that which customers would purchase the items promoted by marketing department and tried to optimized the number of k for k-nearest neighbor with genetic algorithm for the purpose of improving the performance of the integrated model. Hong and Park(2009) noted that the integrated approach with CBR for logit, neural networks, and Support Vector Machine (SVM) showed more improved prediction ability for response of customers to marketing promotion than each data mining models such as logit, neural networks, and SVM. This paper presented an approach to predict customers' response of marketing promotion with Case Based Reasoning. The proposed model was developed by applying different weights to each feature. We deployed logit model with a database including the promotion and the purchasing data of bath soap. After that, the coefficients were used to give different weights of CBR. We analyzed the performance of proposed weighted CBR based model compared to neural networks and pure CBR based model empirically and found that the proposed weighted CBR based model showed more superior performance than pure CBR model. Imbalanced data is a common problem to build data mining model to classify a class with real data such as bankruptcy prediction, intrusion detection, fraud detection, churn management, and response modeling. Imbalanced data means that the number of instance in one class is remarkably small or large compared to the number of instance in other classes. The classification model such as response modeling has a lot of trouble to recognize the pattern from data through learning because the model tends to ignore a small number of classes while classifying a large number of classes correctly. To resolve the problem caused from imbalanced data distribution, sampling method is one of the most representative approach. The sampling method could be categorized to under sampling and over sampling. However, CBR is not sensitive to data distribution because it doesn't learn from data unlike machine learning algorithm. In this study, we investigated the robustness of our proposed model while changing the ratio of response customers and nonresponse customers to the promotion program because the response customers for the suggested promotion is always a small part of nonresponse customers in the real world. We simulated the proposed model 100 times to validate the robustness with different ratio of response customers to response customers under the imbalanced data distribution. Finally, we found that our proposed CBR based model showed superior performance than compared models under the imbalanced data sets. Our study is expected to improve the performance of response model for the promotion program with CBR under imbalanced data distribution in the real world.

• The Korean Journal of Nuclear Medicine
• /
• v.36 no.6
• /
• pp.344-356
• /
• 2002

Purpose: RBC blood pool SPECT has been used to diagnose focal liver lesion such as hemangioma owing to its high specificity. However, low spatial resolution is a major limitation of this modality. Recently, ordered subset expectation maximization (OSEM) has been introduced to obtain tomographic images for clinical application. We compared this new modified iterative reconstruction method, OSEM with conventional filtered back projection (FBP) in imaging of liver hemangioma. Materials and Methods: Sixty four projection data were acquired using dual head gamma camera in 28 lesions of 24 patients with cavernous hemangioma of liver and these raw data were transferred to LINUX based personal computer. After the replacement of header file as interfile, OSEM was performed under various conditions of subsets (1,2,4,8,16, and 32) and iteration numbers (1,2,4,8, and 16) to obtain the best setting for liver imaging. The best condition for imaging in our investigation was considered to be 4 iterations and 16 subsets. After then, all the images were processed by both FBP and OSEM. Three experts reviewed these images without any information. Results: According to blind review of 28 lesions, OSEM images revealed at least same or better image quality than those of FBP in nearly all cases. Although there showed no significant difference in detection of large lesions more than 3 cm, 5 lesions with 1.5 to 3 cm in diameter were detected by OSEM only. However, both techniques failed to depict 4 cases of small lesions less than 1.5 cm. Conclusion: OSEM revealed better contrast and define in depiction of liver hemangioma as well as higher sensitivity in detection of small lesions. Furthermore this reconstruction method dose not require high performance computer system or long reconstruction time, therefore OSEM is supposed to be good method that can be applied to RBC blood pool SPECT for the diagnosis of liver hemangioma.

• Journal of Korea Water Resources Association
• /
• v.54 no.7
• /
• pp.535-544
• /
• 2021

Agricultural water occupies 48% of water demand, and management of agricultural reservoirs is essential for water resources management within agricultural basins. For more efficient use of agricultural water, monitoring the distribution of water resources in agricultural reservoirs and agricultural basins is required. Therefore, in this study, three threshold determination methods (i.e., fixed threshold, Otsu threshold, Kittler-Illingworth (KI) threshold) were compared to detect terrestrial water bodies using Sentinel-1 images for 3 years from 2018 to 2020. The purpose of this study was to evaluate methods for determining threshold values to more accurately estimate the reservoir area. In addition, by analyzing the relationship between the water surface and water storage at the Edong, Gosam, and Giheung reservoirs, water storage based on the SAR image was estimated and validated with observations. The thresholding method for detecting a waterbody was found to be the most accurate in the case of the KI threshold, and the water storage estimated by the KI threshold indicated a very high agreement (r = 0.9235, KGE' = 0.8691). Although the seasonal error characteristics were not observed, the problem of underestimation at high water levels may occur; the relationship between the water surface and the water storage could change rapidly. Therefore, it is necessary to understand the relationship between the water surface area and water storage through ground observation data for a more accurate estimation of water storage. If the use of SAR data through water resources satellites becomes possible in the future, based on the results of this study, it is judged that it will be beneficial for monitoring water storage and managing drought.

• Korean Journal of Remote Sensing
• /
• v.38 no.5_1
• /
• pp.497-510
• /
• 2022

Agricultural reservoirs are essential structures for water supplies during dry period in the Korean peninsula, where water resources are temporally unequally distributed. For efficient water management, systematic and effective monitoring of medium-small reservoirs is required. Synthetic Aperture Radar (SAR) provides a way for continuous monitoring of those, with its capability of all-weather observation. This study aims to evaluate the applicability of SAR in monitoring medium-small reservoirs using Sentinel-1 (10 m resolution) and Capella X-SAR (1 m resolution), at Chari (CR), Galjeon (GJ), Dwitgol (DG) reservoirs located in Ulsan, Korea. Water detected results applying Z fuzzy function-based threshold (Z-thresh) and Chan-vese (CV), an object detection-based segmentation algorithm, are quantitatively evaluated using UAV-detected water boundary (UWB). Accuracy metrics from Z-thresh were 0.87, 0.89, 0.77 (at CR, GJ, DG, respectively) using Sentinel-1 and 0.78, 0.72, 0.81 using Capella, and improvements were observed when CV was applied (Sentinel-1: 0.94, 0.89, 0.84, Capella: 0.92, 0.89, 0.93). Boundaries of the waterbody detected from Capella agreed relatively well with UWB; however, false- and un-detections occurred from speckle noises, due to its high resolution. When masked with optical sensor-based supplementary images, improvements up to 13% were observed. More effective water resource management is expected to be possible with continuous monitoring of available water quantity, when more accurate and precise SAR-based water detection technique is developed.

• Korean Journal of Remote Sensing
• /
• v.38 no.5_3
• /
• pp.925-938
• /
• 2022

Agricultural reservoirs are an important water resource nationwide and vulnerable to abnormal climate effects such as drought caused by climate change. Therefore, it is required enhanced management for appropriate operation. Although water-level tracking is necessary through continuous monitoring, it is challenging to measure and observe on-site due to practical problems. This study presents an objective comparison between multiple AI models for water-body extraction using radar images that have the advantages of wide coverage, and frequent revisit time. The proposed methods in this study used Sentinel-1 Synthetic Aperture Radar (SAR) images, and unlike common methods of water extraction based on optical images, they are suitable for long-term monitoring because they are less affected by the weather conditions. We built four AI models such as Support Vector Machine (SVM), Random Forest (RF), Artificial Neural Network (ANN), and Automated Machine Learning (AutoML) using drone images, sentinel-1 SAR and DSM data. There are total of 22 reservoirs of less than 1 million tons for the study, including small and medium-sized reservoirs with an effective storage capacity of less than 300,000 tons. 45 images from 22 reservoirs were used for model training and verification, and the results show that the AutoML model was 0.01 to 0.03 better in the water Intersection over Union (IoU) than the other three models, with Accuracy=0.92 and mIoU=0.81 in a test. As the result, AutoML performed as well as the classical machine learning methods and it is expected that the applicability of the water-body extraction technique by AutoML to monitor reservoirs automatically.

• Korean Journal of Agricultural and Forest Meteorology
• /
• v.24 no.4
• /
• pp.295-304
• /
• 2022

The purpose of this study is to detect the sorghum panicle using YOLOv5 based on RGB images acquired by a unmanned aerial vehicle (UAV) system. The high-resolution images acquired using the RGB camera mounted in the UAV on September 2, 2022 were split into 512×512 size for YOLOv5 analysis. Sorghum panicles were labeled as bounding boxes in the split image. 2,000images of 512×512 size were divided at a ratio of 6:2:2 and used to train, validate, and test the YOLOv5 model, respectively. When learning with YOLOv5s, which has the fewest parameters among YOLOv5 models, sorghum panicles were detected with mAP@50=0.845. In YOLOv5m with more parameters, sorghum panicles could be detected with mAP@50=0.844. Although the performance of the two models is similar, YOLOv5s ( 4 hours 35 minutes) has a faster training time than YOLOv5m (5 hours 15 minutes). Therefore, in terms of time cost, developing the YOLOv5s model was considered more efficient for detecting sorghum panicles. As an important step in predicting sorghum yield, a technique for detecting sorghum panicles using high-resolution RGB images and the YOLOv5 model was presented.

• Korean Journal of Environment and Ecology
• /
• v.36 no.6
• /
• pp.592-602
• /
• 2022

This study aimed to check habitat distribution and analyze influencing factors by analyzing the mating calls of Auritibicen intermedius inhabiting limited locations in South Korea by applying bioacoustic detection techniques. The study sites were 20 protection areas nationwide. The mating call analysis period was 4 years from 2017 to 2021, excluding 2020. The bioacoustic recording system installed at each study site collected recordings of mating calls every day for 1 minute per hour. Climate data received from the Meteorological Agency, such as temperature, humidity, rainfall, cloudiness, and sunshine, were analyzed. The results of this study identified A. intermedius habitat only in four national parks in the highlands of Gangwon Province (Mt. Seorak, Mt. Odae, Mt. Chiak, and Mt. Taebak) out of 20 study sites. During the four years of study, the mating call period of A. intermedius was between August 5 and September 28, and the duration of the mating call was 31 to 52 days. The temperature analysis during the appearance period of A. intermedius showed that A. intermedius mainly produced mating calls at temperatures between 13.1℃ and 35.3℃, and the average temperature during the circadian cycle of mating calls (09:00 to 16:00) was 24.4 to 24.9℃. The analysis of the circadian cycle of mating calls at four study sites where A. intermedius appeared in 2019 showed that A. intermedius produced mating calls from 06:00 to 16:00 and that they peaked around 11:00 to 12:00. During the appearance period of A. intermedius, four species appeared in common: Hyalessa maculaticollis, Meimuna opalifera, Graptopsaltria nigrofuscata, and Suisha coreana. A logistic regression analysis confirmed that sunlight was the environmental factor affecting the mating call of A. intermedius. Regarding interspecific influence, it was confirmed that A. intermedius exchanged interspecific influence with 4 other common species (H. maculaticollis, M. opalifera, G. nigrofuscata, and S. coreana). The above results confirmed that A. intermedius habitats were limited in the highlands of Gangwon Province highlands in Korea and produced mating calls at a lower temperature compared to other species. These results can be used as basic data for future research on A. intermedius in Korea.

• The Korean Journal of Nuclear Medicine Technology
• /
• v.13 no.3
• /
• pp.175-180
• /
• 2009

Purpose: Detection of TSH-binding inhibitor immunoglobulin (TBII) in patients with hyperthyroidism is an important result of Graves' disease (GD) and hyperthyroidism treatment. This has been made out an inspection by commercial radio-receptor assays. To increase the sensitivity and the specificity of the assay, many results of the assay were reported. In this study we evaluated the clinical usetulness of TBII assays by the Comparative method. Material and Methods: We were measured by using healthy control group (n=30, male=20, female=10) of Seoul National University Hospital Healthcare System Gangnam Center from January to March in 2009. Similarly, We were measured by using hyperthyroid (TSH<$0.05\;{\mu}IU/mL$, FT4>1.80 ng/dL) experimental group (n=58, male=14, female=44) of division of endocrinology and metabolism department of internal medicine Seoul National University Hospital from January to March in 2009. We made a comparative study of each two assays from the first generation to the third generation. We were used of TSAb assay as a measurement of GD diagnostic technique. Results: The specificity of healthy control group was 100% according to the generation. (Specificity=100%, n=30) The sensitivity of hyperthyroid experimental group were the first generation RSR<%> (79.3%, n=58), RSR (51.7%, n=58), the second generation RSR-CT (93.1%, n=58), BRAHMSCT (98.3%, n=58), the third generation ELISA (94.6%, n=56), ECLIA (97.7%, n=58) and TS-Ab<%> (93.5%, n=46). Conclusion: We were used of TSAb assay as a measurement of GD diagnostic technique, The result of data showed a high correlation between the third generation TBII assay and the second generation TBII assay ($R^2$=0.923). Instead of the first generation assay, the second generation assay can be more useful in clincal diagnosis.

• Journal of Intelligence and Information Systems
• /
• v.21 no.2
• /
• pp.131-150
• /
• 2015

Omission of noun phrases for obligatory cases is a common phenomenon in sentences of Korean and Japanese, which is not observed in English. When an argument of a predicate can be filled with a noun phrase co-referential with the title, the argument is more easily omitted in Encyclopedia texts. The omitted noun phrase is called a zero anaphor or zero pronoun. Encyclopedias like Wikipedia are major source for information extraction by intelligent application systems such as information retrieval and question answering systems. However, omission of noun phrases makes the quality of information extraction poor. This paper deals with the problem of developing a system that can restore omitted noun phrases in encyclopedia documents. The problem that our system deals with is almost similar to zero anaphora resolution which is one of the important problems in natural language processing. A noun phrase existing in the text that can be used for restoration is called an antecedent. An antecedent must be co-referential with the zero anaphor. While the candidates for the antecedent are only noun phrases in the same text in case of zero anaphora resolution, the title is also a candidate in our problem. In our system, the first stage is in charge of detecting the zero anaphor. In the second stage, antecedent search is carried out by considering the candidates. If antecedent search fails, an attempt made, in the third stage, to use the title as the antecedent. The main characteristic of our system is to make use of a structural SVM for finding the antecedent. The noun phrases in the text that appear before the position of zero anaphor comprise the search space. The main technique used in the methods proposed in previous research works is to perform binary classification for all the noun phrases in the search space. The noun phrase classified to be an antecedent with highest confidence is selected as the antecedent. However, we propose in this paper that antecedent search is viewed as the problem of assigning the antecedent indicator labels to a sequence of noun phrases. In other words, sequence labeling is employed in antecedent search in the text. We are the first to suggest this idea. To perform sequence labeling, we suggest to use a structural SVM which receives a sequence of noun phrases as input and returns the sequence of labels as output. An output label takes one of two values: one indicating that the corresponding noun phrase is the antecedent and the other indicating that it is not. The structural SVM we used is based on the modified Pegasos algorithm which exploits a subgradient descent methodology used for optimization problems. To train and test our system we selected a set of Wikipedia texts and constructed the annotated corpus in which gold-standard answers are provided such as zero anaphors and their possible antecedents. Training examples are prepared using the annotated corpus and used to train the SVMs and test the system. For zero anaphor detection, sentences are parsed by a syntactic analyzer and subject or object cases omitted are identified. Thus performance of our system is dependent on that of the syntactic analyzer, which is a limitation of our system. When an antecedent is not found in the text, our system tries to use the title to restore the zero anaphor. This is based on binary classification using the regular SVM. The experiment showed that our system's performance is F1 = 68.58%. This means that state-of-the-art system can be developed with our technique. It is expected that future work that enables the system to utilize semantic information can lead to a significant performance improvement.