• ETRI Journal
• /
• v.39 no.3
• /
• pp.406-416
• /
• 2017

Malware propagated via the World Wide Web is one of the most dangerous tools in the realm of cyber-attacks. Its methodologies are effective, relatively easy to use, and are developing constantly in an unexpected manner. As a result, rapidly detecting malware propagation websites from a myriad of webpages is a difficult task. In this paper, we present LoGos, an automated high-interaction dynamic analyzer optimized for a browser-based Windows virtual machine environment. LoGos utilizes Internet Explorer injection and API hooks, and scrutinizes malicious behaviors such as new network connections, unused open ports, registry modifications, and file creation. Based on the obtained results, LoGos can determine the maliciousness level. This model forms a very lightweight system. Thus, it is approximately 10 to 18 times faster than systems proposed in previous work. In addition, it provides high detection rates that are equal to those of state-of-the-art tools. LoGos is a closed tool that can detect an extensive array of malicious webpages. We prove the efficiency and effectiveness of the tool by analyzing almost 0.36 M domains and 3.2 M webpages on a daily basis.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.1
• /
• pp.454-475
• /
• 2018

This paper presents a novel Android malware classification model planned to classify and categorize Android malicious code at Drebin dataset. The amount of malicious mobile application targeting Android based smartphones has increased rapidly. In this paper, Restricted Boltzmann Machine and Deep Belief Network are used to classify malware into families of Android application. A texture-fingerprint based approach is proposed to extract or detect the feature of malware content. A malware has a unique "image texture" in feature spatial relations. The method uses information on texture image extracted from malicious or benign code, which are mapped to uncompressed gray-scale according to the texture image-based approach. By studying and extracting the implicit features of the API call from a large number of training samples, we get the original dynamic activity features sets. In order to improve the accuracy of classification algorithm on the features selection, on the basis of which, it combines the implicit features of the texture image and API call in malicious code, to train Restricted Boltzmann Machine and Back Propagation. In an evaluation with different malware and benign samples, the experimental results suggest that the usability of this method---using Deep Belief Network to classify Android malware by their texture images and API calls, it detects more than 94% of the malware with few false alarms. Which is higher than shallow machine learning algorithm clearly.

• The KSFM Journal of Fluid Machinery
• /
• v.14 no.4
• /
• pp.38-44
• /
• 2011

This paper deals with the detail rotordynamic analysis for BB5 eight stages pump as development of API 610 BB5 type pump. Dry-run analytical model, not considering operating fluid, and wet-run analytical model, considering operating fluid are established. In addition, plain circular and pressure dam bearings are chosen and it was discussed that each bearing has an effect on dynamic characteristics of pump rotor system. A rotordynamic analysis includes the critical speed map, Campbell diagram, stability, and unbalance response. As results, it was predicted that rated speed of the pump rotor passes through 1st critical speed in dry-run condition regardless of bearings, however, it was verified that, in wet-run condition, the rotor system doesn't have critical speeds even if more than twice rated speed. Hence the resonance problem caused by the critical speeds does not happen since actual operating is in wet-run condition including operating fluid. As a result of unbalance response analysis, the pump rotor has stable vibration response at rated speed, regardless of operating fluid and the proposed bearing types.

• Journal of Information Management
• /
• v.42 no.1
• /
• pp.63-83
• /
• 2011

Mashup service provides results by query in real time and responds to users' request in dynamic. In terms of size, each of NIKH(National Institute of Korean History)'s internal Information Systems is equal to individual library system. As adapting mashup for information convergence with external resources, it was accepted for internal integrated search in the same context. This study designated NIKH OpenAPI and proposed metadata format for internal integrated search of historical contents.

• ETRI Journal
• /
• v.37 no.2
• /
• pp.369-379
• /
• 2015

Fault management of virtualized network environments using user-driven network provisioning systems (NPSs) is crucial for guaranteeing seamless virtual network services irrespective of physical infrastructure impairment. The network service interface (NSI) of the Open Grid Forum reflects the need for a common standard management API for the reservation and provisioning of user-driven virtual circuits (VCs) across global networks. NSI-based NPSs (that is, network service agents) can be used to compose user-driven VCs for mission-critical applications in a dynamic multi-domain. In this article, we first attempt to outline the design issues and challenges faced when attempting to provide mission-critical applications using dynamic VCs with a protection that is both user-driven and trustworthy in a dynamic multi-domain environment, to motivate work in this area of research. We also survey representative works that address inter-domain VC protection and qualitatively evaluate them and current NSI against the issues and challenges.

• Proceedings of the Korean Information Science Society Conference
• /
• 1999.10b
• /
• pp.265-267
• /
• 1999

XML 언어로 설계된 SMIL(Synchronized Multimedia Integration Language)은 멀티미디어 객체들의 순차적 혹은 병렬적 동기화를 효율적으로 할 수 있는 마크업 언어로써, web을 이용한 원격 강의나 홍보 등을 더욱 생성하고 dynamic하게 보여 줄 수 있어, 그 사용이 확대될 전망이다. 본 논문에서는 각종 웹 단말기에 손쉽게 embedding 될 수 있는 SMIL 프로세서에 대한 설계가 제안된다. 웹 응용을 위해, 속도의 개선과 시스템 독립적인 function들로 구성되는 parser와 응용에 적합한 API의 설계에 주안점을 두었으며, 추후 XML parser function들과 API 설계를 위해 가능한 적은 수정을 통하여 재사용이 가능하도록 하는데 또한 주안점을 두고 있다.

• Proceedings of the Korean Society for Noise and Vibration Engineering Conference
• /
• 1997.10a
• /
• pp.50-57
• /
• 1997

A 600HP class high-speed gear driven 3-stage turbo-compressor (IGCC : Integrally Geared Centrifugal Compressor) driven by a 3600 rpm AC induction motor has been designed, of which low speed pinion runs at 35000 rpm and high speed pinion at 50000 rpm nominally. Due to its high speed operation, the system requires very reliable bearing selection and design as well as accurate rotordynamic analysis and prediction of its dynamic behavior to secure the operating reliability. Rotordaynamic analyses of the IGCC rotor-bearing system predicted that the low speed pinion rotor mounted on 5-pad tilting pad bearings has two critical speeds before its design speed and high speed pinion rotor only one critical speed, and estimated critical speeds of both pinion shafts are away from the continuous operating speed enough to satisfy the corresponding API requirement. The forced response analysis with API specified maximum allowable unbalances also showed that unbalance responses are small enough for smooth operation of the system.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.1
• /
• pp.52-62
• /
• 2008

As various types of embedded devices are widely used, a technology that supports reuse of applications on multiple platforms is needed in order for time-to-market development of the applications. The interface middleware is one of such technology and it hides platform dependency from application programmers. Existing interface middleware such as the MT project, Xenomai and Legacy2linux have limitation in that the APIs provided by each of these middleware are fixed to a specific operating system, and the middleware does not provide dynamic expansion of its API set. In this paper, we propose a middleware which hides operating system dependencies and enables porting of applications on various operating systems. In addition, the middleware has scalable structure so that it is suitable for resource-limited embedded systems. The overhead of the middleware, i.e., the time delay occurred by the middleware is between $0.3{\mu}sec\;and\;5{\mu}sec$ in most cases. We believe that the amount of overhead is reasonable and does not hurt the performance of applications.

• Journal of KIISE
• /
• v.41 no.9
• /
• pp.707-714
• /
• 2014

In general, the benign apps transmit privacy information to the external to provide service to users as the malicious app does. In other words, the behavior of benign apps is similar to the one of malicious apps. Thus, the benign app can be easily manipulated for malicious purposes. Therefore, the malicious apps as well as the benign apps should notify the users of the possibility of privacy information leakage before installation to prevent the potential malicious behavior. In this paper, We propose the method to detect leakage of privacy information on the android app by analyzing API inter-dependency and shortest distance. Also, we present LeakDroid which detects leakage of privacy information on Android with the above method. Unlike dynamic approaches, LeakDroid analyzes Android apps on market site. To verify the privacy information leakage detection of LeakDroid, we experimented the well-known 250 malicious apps and the 1700 benign apps collected from Android Third party market. Our evaluation result shows that LeakDroid reached detection rate of 96.4% in the malicious apps and detected 68 true privacy information leakages inside the 1700 benign apps.

• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.5
• /
• pp.304-313
• /
• 2010

There are several methods for malware analyses. However, it is difficult to detect malware exactly with existing detection methods. Especially, malware with strong anti-debugging facilities can detect analyzer and disturb their analyses. Furthermore, it takes too much time to analyze malware. In order to resolve these problems of current analyzers, more improved analysis scheme is required. This paper suggests a dynamic binary instrumentation which supports the instruction analysis and the memory access tracing. Additionally, by supporting the API call tracing with the DLL loading analysis, our system establishes the foundation for analyzing various executable codes. Based on Xen, full-virtualization environment is built using Intel's VT technology. Windows XP can be used as a guest. We analyze representative malware using several functions of our system, and show the accuracy and efficiency enhancements in binary analyses capability of our system.