• Journal of KIISE
• /
• v.41 no.11
• /
• pp.892-899
• /
• 2014

Dynamic binary instrumentation is a code insertion technique for debugging a program without scattering its execution flow, while the program is running. Most dynamic instrumentations are implemented using dynamic binary translation techniques. Existing studies translated program codes dynamically by parsing the machine code stream to intermediate representation (IR) and then applying compilation techniques for IRs. However, they have high overhead during translation, which is a major cause of difficulty in applying the dynamic binary translation technique to the program which requires high responsiveness. In this paper, we introduce a light-weight dynamic binary instrumentation framework based on a novel dynamic binary translation technique which has low overhead while translating the program code. In order to reduce the translation overhead, our approach adopts a tabular-based address translation and exploits a translation bypassing scheme, which stores the translated address of a frequently called library function in advance. It then accesses the translated address and executes function codes without code translation when calling the function. Our experiment results demonstrated that the proposed approach outperforms the prior dynamic binary translation techniques from 2% up to 65%.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.755-758
• /
• 2016

In this paper, binary in the program function is to be called binary explain the function in any way to call with in the binary. And the functions required during the call to the elements and their dynamic links in the compilation process and its elements and C-language file describes the concept of 'linker' that connects, and static links and dynamic link Compare analysis differences. Also Do an experiment on Return To Dynamic Linker exploit.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.2304-2308
• /
• 2003

Ocean thermal energy conversion (OTEC) is an effective method of power generation, which has a small impact on the environment and can be utilized semi-permanently. This paper describes a dynamic model for a pilot OTEC plant built by the Institute of Ocean Energy, Saga University, Japan. This plant is based on Uehara cycle, in which binary mixtures of ammonia and water is used as the working fluid. Some simulation results attained by this model and the analysis of the results are presented. The developed computer simulation can be used to actual practice effectively, such as stable control in a steady operation, optimal determination of the plant specifications for a higher thermal efficiency and evaluation of the economic prospects and off-line training for the operators of OTEC plant.

• Journal of KIISE:Computer Systems and Theory
• /
• v.37 no.5
• /
• pp.304-313
• /
• 2010

There are several methods for malware analyses. However, it is difficult to detect malware exactly with existing detection methods. Especially, malware with strong anti-debugging facilities can detect analyzer and disturb their analyses. Furthermore, it takes too much time to analyze malware. In order to resolve these problems of current analyzers, more improved analysis scheme is required. This paper suggests a dynamic binary instrumentation which supports the instruction analysis and the memory access tracing. Additionally, by supporting the API call tracing with the DLL loading analysis, our system establishes the foundation for analyzing various executable codes. Based on Xen, full-virtualization environment is built using Intel's VT technology. Windows XP can be used as a guest. We analyze representative malware using several functions of our system, and show the accuracy and efficiency enhancements in binary analyses capability of our system.

• International Journal of Computer Science & Network Security
• /
• v.23 no.11
• /
• pp.21-31
• /
• 2023

In this paper, we focused on the problem of evaluating multi-class classification accuracy and simulation of multiple classifier performance metrics. Multi-class classifiers for sentiment analysis involved many challenges, whereas previous research narrowed to the binary classification model since it provides higher accuracy when dealing with text data. Thus, we take inspiration from the non-linear Support Vector Machine to modify the algorithm by embedding dynamic hyperplanes representing multiple class labels. Then we analyzed the performance of multi-class classifiers using macro-accuracy, micro-accuracy and several other metrics to justify the significance of our algorithm enhancement. Furthermore, we hybridized Enhanced Convolution Neural Network (ECNN) with Dynamic Support Vector Machine (DSVM) to demonstrate the effectiveness and efficiency of the classifier towards multi-class text data. We performed experiments on three hybrid classifiers, which are ECNN with Binary SVM (ECNN-BSVM), and ECNN with linear Multi-Class SVM (ECNN-MCSVM) and our proposed algorithm (ECNNDSVM). Comparative experiments of hybrid algorithms yielded 85.12 % for single metric accuracy; 86.95 % for multiple metrics on average. As for our modified algorithm of the ECNN-DSVM classifier, we reached 98.29 % micro-accuracy results with an f-score value of 98 % at most. For the future direction of this research, we are aiming for hyperplane optimization analysis.

• Journal of KIISE
• /
• v.41 no.10
• /
• pp.859-869
• /
• 2014

In recent years, the obfuscation techniques are commonly exploited to protect malwares, so obfuscated malwares have become a big threat. Especially, it is extremely hard to analyze virtualization-obfuscated malwares based on unusual virtual machines, because the original program is hidden by the virtual machine as well as its semantics is mixed with the semantics of the virtual machine. To confront this threat, we suggest a framework to analyze virtualization-obfuscated programs based on the dynamic analysis. First, we extract the dynamic execution trace of the virtualization-obfuscated executables. Second, we analyze the traces by translating machine instruction sequences into the intermediate representation and extract the virtual machine architecture by constructing dynamic context flow graphs. Finally, we extract abstract semantics of the original program using the extracted virtual machine architecture. In this paper, we propose a method to extract the information of the original program from a virtualization-obfuscated program by some commercial obfuscation tools. We expect that our tool can be used to understand virtualization-obfuscated programs and integrate other program analysis techniques so that it can be applied to analysis of the semantics of original programs using the abstract semantics.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.16 no.3
• /
• pp.161-166
• /
• 2023

In recent years, new and variant hacking of binary codes has increased, and the limitations of techniques for detecting malicious codes in source programs and defending against attacks are often exposed. Advanced software security vulnerability detection technology using machine learning and deep learning technology for binary code and defense and response capabilities against attacks are required. In this paper, we propose a malware clustering method that groups malware based on the characteristics of the taint information after entering dynamic taint information by tracing the execution path of binary code. Malware vulnerability detection was applied to a three-layered Few-shot learning model, and F1-scores were calculated for each layer's CPU and GPU. We obtained 97~98% performance in the learning process and 80~81% detection performance in the test process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.437-444
• /
• 2014

In this paper, we introduce a Graph based Binary Code Execution Path Exploration Platform. In the graph, a node is defined as a conditional branch instruction, and an edge is defined as the other instructions. We implemented prototype of the proposed method and works well on real binary code. Experimental results show proposed method correctly explores execution path of target binary code. We expect our method can help Software Assurance, Secure Programming, and Malware Analysis more correct and efficient.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.701-713
• /
• 2021

Race Condition is a vulnerability in which two or more processes input or manipulate a common resource at the same time, resulting in unintended results. This vulnerability can lead to problems such as denial of service, elevation of privilege. When a vulnerability occurs in software, the relevant information is documented, but often the cause of the vulnerability or the source code is not disclosed. In this case, analysis at the binary level is necessary to detect the vulnerability. This paper aims to detect the Time-Of-Check Time-Of-Use (TOCTOU) Race Condition vulnerability of UNIX kernel-based File System at the binary level. So far, various detection techniques of static/dynamic analysis techniques have been studied for the vulnerability. Existing vulnerability detection tools using static analysis detect through source code analysis, and there are currently few studies conducted at the binary level. In this paper, we propose a method for detecting TOCTOU Race Condition in File System based on Control Flow Graph and Call Graph through Binary Analysis Platform (BAP), a binary static analysis tool.

• KIISE Transactions on Computing Practices
• /
• v.22 no.3
• /
• pp.139-144
• /
• 2016

There exist many threats in cyber space, however current anti-virus software and other existing solutions do not effectively respond to malware that has become more complex and sophisticated. It was shown experimentally that it is possible for the proposed approach to provide an automatic execution environment for the detection of malicious behavior of active malware, comparing the virtual-machine environment with the real-machine environment based on user interaction. Moreover, the results show that it is possible to provide a dynamic analysis environment in order to analyze the intelligent malware effectively, through the comparison of malicious behavior activity in an automatic binary execution environment based on real-machines and the malicious behavior activity in a virtual-machine environment.