• Journal of KIISE
• /
• v.42 no.1
• /
• pp.44-53
• /
• 2015

Control flow information is useful in the analysis and comparison of programs. Virtualization-obfuscation hides control structures of the original program by transforming machine instructions into bytecode. Direct examination of the resulting binary reveals only the structure of the interpreter. Recovery of the original instructions requires knowledge of the virtual machine architecture, which is randomly generated and hidden. In this paper, we propose a method to reconstruct original control flow using only traces generated from the obfuscated binary. We consider traces as strings and find an automaton that represents the strings. State transitions in the automaton correspond to the control transfers in the original program. We have shown the effectiveness of our method with commercial obfuscators.

• The KIPS Transactions:PartA
• /
• v.16A no.5
• /
• pp.347-356
• /
• 2009

Precise branch prediction is a critical factor in the IPC Improvement of modern microprocessor architectures. In addition to the branch prediction accuracy, branch prediction delay have a profound impact on overall system performance as well. However, it tends to be overlooked when the architects design the branch predictor. To tolerate branch prediction delay, this paper proposes Early Start Prediction (ESP) technique. The proposed solution dynamically identifies the start instruction of basic block, called as Basic Block Start Address (BB_SA), and the solution uses BB_SA when predicting the branch direction, instead of branch instruction address itself. The performance of the proposed scheme can be further improved by combining short interval hiding technique between BB_SA and branch instruction. The simulation result shows that the proposed solution hides prediction latency, with providing same level of prediction accuracy compared to the conventional predictors. Furthermore, the combination with short interval hiding technique provides a substantial IPC improvement of up to 10.1%, and the IPC is actually same with ideal branch predictor, regardless of branch predictor configurations, such as clock frequency, delay model, and PHT size.

• The KIPS Transactions:PartD
• /
• v.16D no.2
• /
• pp.223-236
• /
• 2009

BPMN is a standard business process description notation developed by OMG. It allows the user to have an abstract view of a process that hides its details with the Collapsed Sub-Process notation. While it is a useful direction of abstraction that can be called the horizontal abstraction, a different kind of abstraction, the vertical abstraction, is necessary when different stakeholders of business would like to have different views of the business process form their own viewpoints of interest. For example, stakeholders may want to see a process from the viewpoint of a particular group of actors or from the viewpoint of a certain set of goals. This paper first extends horizontal abstraction capability of BPMN by introducing the notion of super edge and, moreover, adds the vertical abstraction capability to it by introducing the notions of 'aspect attribute' and 'interest specification' and notations for them.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.52 no.4
• /
• pp.99-105
• /
• 2015

As increasing the use of smart phones, the interest of iOS and Android operating system is growing up. In this paper, a novel steganographic method based on Android platform is proposed. Firstly, we analyze the skia based image format that is supporting 2D graphic libraries in Android operating system. Then, we propose a new data hiding method based on the Android bitmap image format. The proposed method hides the secret data on the four true color areas which include Alpha, Red, Green, Blue. In especial, we increase the embedding capacity of the secret data on the Alpha area with a less image distortion. The experimental results show that the proposed method has a higher embedding capacity and less distortion by changing the size of the secret bits on the Alpha area.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.11 no.2
• /
• pp.392-401
• /
• 2007

Wireless network has high BER characteristic because of path loss, fading, noise and interference. Many packet losses occur without any congestion in wireless network. Therefore, many wireless TCP algorithms have been proposed. SNOOP, one of wireless TCP algorithms, hides packet losses for Fixed Host and retransmits lost packets in wireless network. However, SNOOP has a weakness for bust errors in wireless network. This paper proposes the SACK-SNOOP to improve TCP performance based on SNOOP and Freeze-TCP that use ZWA messages in wireless network. This message makes FH stop sending packets to MH. BS could retransmit error packets to MH for this time. SACK-SNOOP use improved Selective ACK, thereby reducing the number of packet sequences according to error environment. This method reduces the processing time for generation, transmission, analysis of ACK. This time gain is enough to retransmit local burst errors in wireless link. Furthermore, SACK-SNOOP can manage the retransmitted error by extending delay time to FH. The simulation shows that our proposed protocol is more effective for packet losses in wireless networks.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.14 no.2
• /
• pp.109-114
• /
• 2021

As various users increase in a network environment, it is difficult to protect sensitive and confidential information transmitted and received from attackers. Concealing bitwise secret data in an image using the LSB technique can be very vulnerable to attack. To solve this problem, a hybrid method that combines encryption and information hiding is used. Therefore, an effective method for users to securely protect secret messages and implement secret communication is required. A new approach is needed to improve security and imperceptibility to ensure image quality. In this paper, I propose an LSB steganography technique that hides Hangul messages in a cover image based on MSB and LSB. At this time, after separating Hangul into chosung, jungsung and jongsung, the secret message is applied with Exclusive-OR or Exclusive-NOR operation depending on the selected MSB. In addition, the calculated secret data is hidden in the LSB n bits of the cover image converted by Fibonacci technique. PSNR was used to confirm the effectiveness of the applied results. It was confirmed 41.517(dB) which is suitable as an acceptable result.

• Smart Media Journal
• /
• v.8 no.1
• /
• pp.19-26
• /
• 2019

At the opening ceremony of 2018 Winter Olympics in PyeongChang, an unknown cyber-attack occurred. The malicious code used in the attack is based on in-memory malware, which differs from other malicious code in its concealed location and is spreading rapidly to be found in more than 140 banks, telecommunications and government agencies. In-memory malware accounts for more than 15% of all malicious codes, and it does not store its own information in a non-volatile storage device such as a disk but resides in a RAM, a volatile storage device and penetrates into well-known processes (explorer.exe, iexplore.exe, javaw.exe). Such characteristics make it difficult to analyze it. The most recently released in-memory malicious code bypasses the endpoint protection and detection tools and hides from the user recognition. In this paper, we propose a method to efficiently extract the payload by unpacking injection through IDA Pro debugger for Dorkbot and Erger, which are in-memory malicious codes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.3
• /
• pp.1078-1099
• /
• 2021

Traditional image steganography hides secret information by embedding, which inevitably leaves modification traces and is easy to be detected by steganography analysis tools. Since coverless steganography can effectively resist steganalysis, it has become a hotspot in information hiding research recently. Most coverless image steganography (CIS) methods are based on mapping rules, which not only exposes the vulnerability to geometric attacks, but also are less secure due to the revelation of mapping rules. To address the above issues, we introduced camouflage images for steganography instead of directly sending stego-image, which further improves the security performance and information hiding ability of steganography scheme. In particular, based on the different sub-features of stego-image and potential camouflage images, we try to find a larger similarity between them so as to achieve the reversible steganography. Specifically, based on the existing CIS mapping algorithm, we first can establish the correlation between stego-image and secret information and then transmit the camouflage images, which are obtained by reversible sub-feature retrieval algorithm. The received camouflage image can be used to reverse retrieve the stego-image in a public image database. Finally, we can use the same mapping rules to restore secret information. Extensive experimental results demonstrate the better robustness and security of the proposed approach in comparison to state-of-art CIS methods, especially in the robustness of geometric attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.869-879
• /
• 2022

Through this study, we discovered that among three types of compressed data blocks generated through the Deflate algorithm, No-Payload Non-Compressed Block type (NPNCB) which has no literal data can be randomly generated and inserted between normal compressed blocks. In the header of the non-compressed block, there is a data area that exists only for byte alignment, and we called this area as DBA (Disposed Bit Area), where an attacker can hide various malicious codes and data. Finally we found the vulnerability that hides malicious codes or arbitrary data through inserting NPNCBs with infected DBA between normal compressed blocks according to a pre-designed attack scenario. Experiments show that even though contaminated NPNCB blocks were inserted between normal compressed blocks, commercial programs decoded normally contaminated zip file without any warning, and malicious code could be executed by the malicious decoder.

• Journal of Internet Computing and Services
• /
• v.22 no.6
• /
• pp.151-162
• /
• 2021

Steganography is an advanced technique that hides secret messages by transforming them into subtle noise and spreading them within multimedia files such as images, video and audio. This technology has been exploited in a variety of espionage and cyber attacks. SNS messenger is an attractive SNS Service platform for sending and receiving multimedia files, which is the main medium of steganography. In this study, we proposed two noble steganography communication techniques that guarantee the complete reception rate through the use of thumbnail images in the SNS messenger environment. In addition, the feasibility was verified through implementation and testing of the proposed techniques in a real environment using KakaoTalk, a representative SNS messenger in south korea. By proposing new steganography methods in this study, we re-evaluate the risk of the steganography methods and promoted follow-up studies on the corresponding defense techniques.