• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.929-938
• /
• 2023

ARM processors, utilized in mobile devices, have integrated the hardware isolation framework, TrustZone technology, to implement two execution environments: the trusted domain "Secure World" and the untrusted domain "Normal World". Rootkit is a type of malicious software that gains administrative access and hide its presence to create backdoors. Detecting the presence of a rootkit in a Secure World is difficult since processes running within the Secure World have no memory access restrictions and are isolated. This paper proposes a technique that leverages the hardware based PMU(Performance Monitoring Unit) to measure events of the Secure World rootkit and to detect the rootkit using deep learning.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.537-544
• /
• 2020

Advances in detection techniques, such as mutation and obfuscation, are being advanced with the development of malware technology. In the malware detection technology, unknown malware detection technology is important, and a method for Malware Authorship Attribution that detects an unknown malicious code by identifying the author through distributed malware is being studied. In this paper, we try to extract the compiler information affecting the binary-based author identification method and to investigate the sensitivity of feature selection, probability and non-probability models, and optimization to classification efficiency between studies. In the experiment, the feature selection method through information gain and the support vector machine, which is a non-probability model, showed high efficiency. Among the optimization studies, high classification accuracy was obtained through feature selection and model optimization through the proposed framework, and resulted in 48% feature reduction and 53 faster execution speed. Through this study, we can confirm the sensitivity of feature selection, model, and optimization methods to classification efficiency.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.7
• /
• pp.962-970
• /
• 2021

The cause of the majority of vehicle accidents is a safety issue due to the driver's inattention, such as drowsy driving. A forward collision warning system (FCWS) can significantly reduce the number and severity of accidents by detecting the risk of collision with vehicles in front and providing an advanced warning signal to the driver. This paper describes a low power embedded system based FCWS for safety. The algorithm computes time to collision (TTC) through detection, tracking, distance calculation for the vehicle ahead and current vehicle speed information with a single camera. Additionally, in order to operate in real time even in a low-performance embedded system, an optimization technique in the program with high and low levels will be introduced. The system has been tested through the driving video of the vehicle in the embedded system. As a result of using the optimization technique, the execution time was about 170 times faster than that when using the previous non-optimized process.

• Journal of IKEEE
• /
• v.16 no.4
• /
• pp.389-394
• /
• 2012

Most current systems have ignored security vulnerability concerned with boot firmware. It is highly likely that boot firmware may cause serious system errors, such as hardware manipulations by malicious programs or code, the operating system corruption caused by malicious code and software piracy under a condition of no consideration of security mechanism because boot firmware has an authority over external devices as well as hardware controls. This paper proposed a structural security mechanism based on software equipped with encrypted bootstrap patterns different from pre-existing bootstrap methods in terms of securely loading an operating system, searching for malicious codes and preventing software piracy so as to provide reliability of boot firmware. Moreover, through experiments, it proved its superiority in detection capability and overhead ranging between 1.5 % ~ 3 % lower than other software security mechanisms.

• Journal of Information Technology Applications and Management
• /
• v.10 no.4
• /
• pp.135-147
• /
• 2003

With the development of multimedia and optical technologies, application systems with facial features hare been increased the interests of researchers, recently. The previous research efforts in face processing mainly use the frontal images in order to recognize human face visually and to extract the facial expression. However, applications, such as image database systems which support queries based on the facial direction and image arrangement systems which place facial images automatically on digital albums, deal with the directional characteristics of a face. In this paper, we propose a method to detect facial directions by using facial features. In the proposed method, the facial trapezoid is defined by detecting points for eyes and a lower lip. Then, the facial direction formula, which calculates the right and left facial direction, is defined by the statistical data about the ratio of the right and left area in facial trapezoids. The proposed method can give an accurate estimate of horizontal rotation of a face within an error tolerance of $\pm1.31$ degree and takes an average execution time of 3.16 sec.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.18 no.11
• /
• pp.94-103
• /
• 2017

As automatic hacking tools and techniques have been improved, the number of new vulnerabilities has increased. The CVE registered from 2010 to 2015 numbered about 80,000, and it is expected that more vulnerabilities will be reported. In most cases, patching a vulnerability depends on the developers' capability, and most patching techniques are based on manual analysis, which requires nine months, on average. The techniques are composed of finding the vulnerability, conducting the analysis based on the source code, and writing new code for the patch. Zero-day is critical because the time gap between the first discovery and taking action is too long, as mentioned. To solve the problem, techniques for automatically detecting and analyzing software (SW) vulnerabilities have been proposed recently. Cyber Grand Challenge (CGC) held in 2016 was the first competition to create automatic defensive systems capable of reasoning over flaws in binary and formulating patches without experts' direct analysis. Darktrace and Cylance are similar projects for managing SW automatically with artificial intelligence and machine learning. Though many foreign commercial institutions and academies run their projects for automatic binary analysis, the domestic level of technology is much lower. This paper is to study developing automatic detection of SW vulnerabilities and defenses against them. We analyzed and compared relative works and tools as additional elements, and optimal techniques for automatic analysis are suggested.

• Journal of KIISE
• /
• v.42 no.6
• /
• pp.713-722
• /
• 2015

As open-source software (OSS) becomes more widely used, many users breach the terms in the license agreement of OSS, or reuse a vulnerable OSS module. Therefore, a technique needs to be developed for investigating if a binary program includes an OSS module. In this paper, we propose an efficient technique to detect a particular OSS module in an executable program using its function-level features. The conventional methods are inappropriate for determining whether a module is contained in a specific program because they usually measure the similarity between whole programs. Our technique determines whether an executable program contains a certain OSS module by extracting features such as its function-level instructions, control flow graph, and the structural attributes of a function from both the program and the module, and comparing the similarity of features. In order to demonstrate the efficiency of the proposed technique, we evaluate it in terms of the size of features, detection accuracy, execution overhead, and resilience to compiler optimizations.

• JSTS:Journal of Semiconductor Technology and Science
• /
• v.16 no.6
• /
• pp.800-807
• /
• 2016

We propose a fast algorithm using Extreme Contour Point (ECP) to detect the angle of rotated images, is implemented by rotation feature of one covered frame image that can be applied to correct the rotated images like in image processing for real time applications, while CORDIC is inefficient to calculate various points like high definition image since it is only possible to detect rotated angle between one point and the other point. The two advantages of this algorithm, namely compatibility to images in preprocessing by using Sobel edge process for pattern recognition. While the other one is its simplicity for rotated angle detection with cyclic shift of two $1{\times}n$ matrix set without complexity in calculation compared with CORDIC algorithm. In ECP, the edge features of the sample image of gray scale were determined using the Sobel Edge Process. Then, it was subjected to binary code conversion of 0 or 1 with circular boundary to constitute the rotation in invariant conditions. The results were extracted to extreme points of the binary image. Its components expressed not just only the features of angle ${\theta}$ but also the square of radius $r^2$ from the origin of the image. The detected angle of this algorithm is limited only to an angle below 10 degrees but it is appropriate for real time application because it can process a 200 degree with an assumption 20 frames per second. ECP algorithm has an O ($n^2$) in Big O notation that improves the execution time about 7 times the performance if CORDIC algorithm is used.

• Journal of Korea Multimedia Society
• /
• v.21 no.2
• /
• pp.77-86
• /
• 2018

Although separation of touching pigs in real-time is an important issue for a 24-h pig monitoring system, it is challenging to separate accurately the touching pigs in a crowded pig room. In this study, we propose a separation method for touching pigs using the information generated from Convolutional Neural Network(CNN). Especially, we apply one of the CNN-based object detection methods(i.e., You Look Only Once, YOLO) to solve the touching objects separation problem in an active manner. First, we evaluate and select the bounding boxes generated from YOLO, and then separate touching pigs by analyzing the relations between the selected bounding boxes. Our experimental results show that the proposed method is more effective than widely-used methods for separating touching pigs, in terms of both accuracy and execution time.

• Journal of Korea Multimedia Society
• /
• v.12 no.6
• /
• pp.815-823
• /
• 2009

Most of existing watermarking schemes insert and extract a watermark, focusing on the visual conservation of an original image. However, existing watermarking schemes could be difficult for a watermark detection in case of various distortion caused by display-capture devices. Therefore, we propose a new display-capture based mobile watermarking scheme. The proposed watermarking scheme is a new concept for embedding a watermark, which uses the generated image instead of a given original image. For effective watermark decoding, we also present a method for detecting the background image whose error bit can not be corrected because of various heavy distortion and for avoiding it from the decoding process. For this scheme, we adopt distortion coefficients of camera calibration when we separate a background image from a captured image. For finding available correction bits of ECC through the decoding process, we capture 30,000 images and then calculate the separation ratio of a background image and the average error bits per an image. As experimental result, the separation ratio of a background image is about 96.5% in 30,000 captured image. And the false alarm ratio shows about $5.18{\times}10^{-4}$ in the separated background image. And also we can confirm the availability of real-time processing because the mean execution time is about 82ms per an image for capturing and decoding.