• Journal of the Korea Convergence Society
• /
• v.8 no.5
• /
• pp.37-43
• /
• 2017

A registry is a hierarchy database which is designed to store information necessary for operating system and application programs in Windows operating system, and it is involved in all activities such as booting, logging, service execution, application execution, and user behavior. Digital forensic is widely used. In recent years, malicious codes have penetrated into systems in a way that is not recognized by the user, and valuable information is leaked or stolen, causing financial damages. Therefore, this study proposes a method to detect malicious code by using a shareware application without using expensive digital forensic program, so as to analysis hacking methods and prevent hacking damage in advance.

• ETRI Journal
• /
• v.43 no.4
• /
• pp.603-616
• /
• 2021

Over the last few years, autonomous vehicles have progressed very rapidly. The odometry technique that estimates displacement from consecutive sensor inputs is an essential technique for autonomous driving. In this article, we propose a fast, robust, and accurate odometry technique. The proposed technique is light detection and ranging (LiDAR)-based direct odometry, which uses a spherical range image (SRI) that projects a three-dimensional point cloud onto a two-dimensional spherical image plane. Direct odometry is developed in a vision-based method, and a fast execution speed can be expected. However, applying LiDAR data is difficult because of the sparsity. To solve this problem, we propose an SRI generation method and mathematical analysis, two key point sampling methods using SRI to increase precision and robustness, and a fast optimization method. The proposed technique was tested with the KITTI dataset and real environments. Evaluation results yielded a translation error of 0.69%, a rotation error of 0.0031°/m in the KITTI training dataset, and an execution time of 17 ms. The results demonstrated high precision comparable with state-of-the-art and remarkably higher speed than conventional techniques.

• JSTS:Journal of Semiconductor Technology and Science
• /
• v.13 no.5
• /
• pp.415-422
• /
• 2013

In this paper, we present Self-Checking look-up-table (LUT) based on Scalable Error Detection Coding (SEDC) scheme for use in fault-tolerant reconfigurable architectures. SEDC scheme has shorter latency than any other existing coding schemes for all unidirectional error detection and the LUT execution time remains unaffected with self-checking capabilities. SEDC scheme partitions the contents of LUT into combinations of 1-, 2-, 3- and 4-bit segments and generates corresponding check codes in parallel. We show that the proposed LUT with SEDC performs better than LUT with traditional Berger as well as Partitioned Berger Coding schemes. For 32-bit data, LUT with SEDC takes 39% less area and 6.6 times faster for self-checking than LUT with traditional Berger Coding scheme.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.12
• /
• pp.1003-1007
• /
• 2009

Client-side attacks including drive-by download target vulnerabilities in client applications that interact with a malicious server or process malicious data. A typical client-side attack is web-based one related to a malicious web page exploiting specific browser vulnerability that can execute mal ware on the client system (PC) or give complete control of it to the malicious server. To defend those attacks, this paper has constructed high interaction client honeypot system using Capture-HPC that adopts execution-based detection in virtual machine. We have detected and classified malicious web pages using the system. We have also analyzed the system's performance in terms of the number of virtual machine images and the number of browsers executed simultaneously in each virtual machine. Experimental results show that the system with one virtual machine image obtains better performance with less reverting overhead. The system also shows good performance when the number of browsers executed simultaneously in a virtual machine is 50.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.253-266
• /
• 2023

The Null Pointer Dereference vulnerability is a significant vulnerability that can cause severe attacks such as denial-of-service. Previous research has proposed methods for detecting vulnerabilities, but large and complex programs pose a challenge to their efficiency. In this paper, we present a lightweight tool for detecting specific functions in large binaryprograms through symbolizing variables and emulating program execution. The tool detects vulnerabilities through data dependency analysis and heuristics in each execution path. While our tool had an 8% higher false positive rate than the bap_toolkit, it detected all existing vulnerabilities in our dataset.

• Journal of Korea Multimedia Society
• /
• v.25 no.4
• /
• pp.583-599
• /
• 2022

Although the object detection accuracy with a single image has been significantly improved with the advance of deep learning techniques, the detection accuracy for pig monitoring is challenged by occlusion problems due to a complex structure of a pig room such as food facility. These detection difficulties with a single image can be mitigated by using a video data. In this research, we propose a method in pig detection for video monitoring environment with a static camera. That is, by using both image processing and deep learning techniques, we can recognize a complex structure of a pig room and this information of the pig room can be utilized for improving the detection accuracy of pigs in the monitored pig room. Furthermore, we reduce the execution time overhead by applying a pruning technique for real-time video monitoring on an embedded board. Based on the experiment results with a video data set obtained from a commercial pig farm, we confirmed that the pigs could be detected more accurately in real-time, even on an embedded board.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.2
• /
• pp.49-54
• /
• 2005

This Paper Presents a non-blocking deadlock detection scheme with immediate cycle detection in multiprocessing systems. We assume an expedient state and a special case where each type of resource has one unit and each request is limited to one resource unit at a time. Unlike the previous deadlock detection schemes, this new method takes O(1) time for detecting a cycle and O(n+m) time for blocking or handling resource release where n and m are the number of processes and that of resources in the system. The deadlock detection latency is thus minimized and is constant regardless of n and m. However, in a multiprocessing system, the operating system can handle the blocking or release on-the-fly running on a separate processor, thus not interfering with user process execution. To some applications where deadlock is concerned, a predictable and zero-latency deadlock detection scheme could be very useful.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.11
• /
• pp.89-101
• /
• 2023

In order to prevent damages caused by cyber-attacks on nations, businesses, and other entities, anomaly detection techniques for early detection of attackers have been consistently researched. Real-time reduction and false positive reduction are essential to promptly prevent external or internal intrusion attacks. In this study, we hypothesized that the type and frequency of attack events would influence the improvement of anomaly detection true positive rates and reduction of false positive rates. To validate this hypothesis, we utilized the 2015 login log dataset from the Los Alamos National Laboratory. Applying the preprocessed data to representative anomaly detection algorithms, we confirmed that using characteristics that simultaneously consider the type and frequency of attack events is highly effective in reducing false positives and execution time for anomaly detection.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.576-599
• /
• 2013

Protocol reverse engineering is useful for many security applications, including intelligent fuzzing, intrusion detection and fingerprint generation. Since manual reverse engineering is a time-consuming and tedious process, a number of automatic techniques have been proposed. However, the accuracy of these techniques is limited due to the complexity of binary instructions, and the derived formats have missed constraints that are critical for security applications. In this paper, we propose a new approach for protocol format extraction. Our approach reasons about only the evaluation behavior of a program on the input message from concolic execution, and enables field identification and constraint inference with high accuracy. Moreover, it performs binary analysis with low complexity by reducing modern instruction sets to BIL, a small, well-specified and architecture-independent language. We have implemented our approach into a system called Icefex and evaluated it over real-world implementations of DNS, eDonkey, FTP, HTTP and McAfee ePO protocols. Experimental results show that our approach is more accurate and effective at extracting protocol formats than other approaches.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.37-41
• /
• 2019

Recently, due to the appearance of various types of malware, the existing static analysis exposes many limitations. Static analysis means analyzing the structure of a code or program with source code or object code without actually executing the (malicious) code. On the other hand, dynamic analysis in the field of information security generally refers to a form that directly executes and analyzes (malware) code, and compares and examines and analyzes the state before and after execution of (malware) code to grasp the execution flow of the program. However, dynamic analysis required analyzing huge amounts of data and logs, and it was difficult to actually store all execution flows. In this paper, we propose and implement a preprocessor architecture of a system that performs malware detection and real-time multi-dynamic analysis based on 2nd generation PT in Windows environment (Windows 10 R5 and above).