• International journal of advanced smart convergence
• /
• v.13 no.2
• /
• pp.48-60
• /
• 2024

With the exponential growth of satellite data utilization, machine learning has become pivotal in enhancing innovation and cybersecurity in satellite systems. This paper investigates the role of machine learning techniques in identifying and mitigating vulnerabilities and code smells within satellite software. We explore satellite system architecture and survey applications like vulnerability analysis, source code refactoring, and security flaw detection, emphasizing feature extraction methodologies such as Abstract Syntax Trees (AST) and Control Flow Graphs (CFG). We present practical examples of feature extraction and training models using machine learning techniques like Random Forests, Support Vector Machines, and Gradient Boosting. Additionally, we review open-access satellite datasets and address prevalent code smells through systematic refactoring solutions. By integrating continuous code review and refactoring into satellite software development, this research aims to improve maintainability, scalability, and cybersecurity, providing novel insights for the advancement of satellite software development and security. The value of this paper lies in its focus on addressing the identification of vulnerabilities and resolution of code smells in satellite software. In terms of the authors' contributions, we detail methods for applying machine learning to identify potential vulnerabilities and code smells in satellite software. Furthermore, the study presents techniques for feature extraction and model training, utilizing Abstract Syntax Trees (AST) and Control Flow Graphs (CFG) to extract relevant features for machine learning training. Regarding the results, we discuss the analysis of vulnerabilities, the identification of code smells, maintenance, and security enhancement through practical examples. This underscores the significant improvement in the maintainability and scalability of satellite software through continuous code review and refactoring.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.3
• /
• pp.49-57
• /
• 2013

Power-saving PC software enables the inexpensive power control, but the installation of the power-saving software in all computers in the organization is not an easy task. Computer users in the organization are usually not cooperative as they do not think the power-saving cost is directly related to themselves. The PC power-saving system provides advantage to driving active participation in which users installs the power saving software by restricting IP address through the power management server. However, the problem with this approach is the security vulnerability to IP spoofing attacks, therefore we need to solve the problem that disrupt the entire network system rather than saving electric power. This paper proposes the security authentication system that can implement the efficiency saving power by providing high security for the members' computer system of the public institutions based on the PC power-saving system. Also, by analyzing it in comparison with other method, it is possible to check that the prospects of safety and efficiency are strengthened.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.1
• /
• pp.43-50
• /
• 2017

Use-After-Free security problem is rapidly growing in popularity, especially for attacking web browser, operating system kernel, local software. This security weakness is difficult to detect by conventional methods. And if local system or software has this security weakness, it cause internal security problem. In this paper, we study ways to remove this security weakness in software development by summarize the cause of the Use-After-Free security weakness and suggest ways to remove them.

• International Journal of Computer Science & Network Security
• /
• v.21 no.9
• /
• pp.354-357
• /
• 2021

Software vulnerabilities are becoming more and more increasing, their role is to harm the computer systems of companies, governmental organizations and agencies. The main objective of this paper is to propose a method that will cluster future software vulnerabilities that may spread. This method is developed by combining the Multiple Correspondence Analysis (MCA), the Elbow procedure and the Kmeans Algorithm. A simulation was done on a dataset of 15713 observations. This simulation allowed us to identify families of future vulnerabilities. This model was evaluated using the silhouette index.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.2
• /
• pp.580-599
• /
• 2021

Software-Defined Networking (SDN) has three key features: separation of control and forwarding, centralized control, and network programmability. While improving network management flexibility, SDN has many security issues. This paper systemizes the security threats of SDN using spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE) model to understand the current security status of SDN. First, we introduce the network architecture and data flow of SDN. Second, we analyze security threats of the six types given in the STRIDE model, aiming to reveal the vulnerability mechanisms and assess the attack surface. Then, we briefly describe the corresponding defense technologies. Finally, we summarize the work of this paper and discuss the trends of SDN security research.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.12 no.6
• /
• pp.359-368
• /
• 2017

As the BadUSB is a vulnerability, in which a hacker tampers the firmware area of a USB flash drive. When the BadUSB device is plugged into the USB port of a host system, a malicious code acts automatically. The host system misunderstands the act of the malicious behavior as an normal behaviour for booting the USB device, so it is hard to detect the malicious code. Also, an antivirus software can't detect the tampered firmware because it inspects not the firmware area but the storage area. Because a lot of computer peripherals (such as USB flash drive, keyboard) are connected to host system with the USB protocols, the vulnerability has a negative ripple effect. However, the countermeasure against the vulnerability is not known now. In this paper, we analyze the tampered area of the firmware when a normal USB device is changed to the BadUSB device and propose the countermeasure to verify the integrity of the area when the USB boots. The proposed method consists of two procedures. The first procedure is to verify the integrity of the area which should be fixed even if the firmware is updated. The verification method use hashes, and the target area includes descriptors. The second procedure is to verify the integrity of the changeable area when the firmware is updated. The verification method use code signing, and the target area includes the function area of the firmware. We also propose the update protocol for the proposed structure and verify it to be true through simulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.919-928
• /
• 2018

Out-Of-Bounds (OOB) is one of the most powerful vulnerabilities in heap memory. The OOB vulnerability allows an attacker to exploit unauthorized access to confidential information by tricking the length of the array and reading or writing memory of that length. In this paper, we propose a method to automatically detect OOB vulnerabilities in heap memory using dynamic symbol execution and shadow memory table. First, a shadow memory table is constructed by hooking heap memory allocation and release function. Then, when a memory access occurs, it is judged whether OOB can occur by referencing the shadow memory, and a test case for causing a crash is automatically generated if there is a possibility of occurrence. Using the proposed method, if a weak block search is successful, it is possible to generate a test case that induces an OOB. In addition, unlike traditional dynamic symbol execution, exploitation of vulnerabilities is possible without setting clear target points.

• Earthquakes and Structures
• /
• v.22 no.1
• /
• pp.25-38
• /
• 2022

The RC private constructions represent a large part of the housing stock in the north part of Algeria. For various reasons, they are mostly built without any seismic considerations and their seismic vulnerability remains unknown for different levels of seismic intensity possible in the region. To support future seismic risk mitigation efforts in northern Algeria, this document assesses the seismic vulnerability of typical private RC constructions built after the Boumerdes earthquake (May 21, 2003) without considering existing seismic regulation, through the development of analytical fragility curves. The fragility curves are developed for four representative RC frames in terms of slight, moderate, extensive, and complete damage states suggested in HAZUS-MH 2.1, using nonlinear time history analyses. The numerical simulation of the nonlinear seismic response of the structures is performed using the SeismoStruct software. An original intensity measure (IM) is proposed and used in this study. It is the zone acceleration coefficient "A", through which the seismic hazard level is represented in the Algerian Seismic Regulations. The efficiency, practicality, and proficiency of the choice of IM are demonstrated. Incremental dynamic analyses are conducted under fifteen ground motion accelerograms compatible with the elastic target spectrum of the Algerian Seismic Regulations. In order to cover all the seismic zones of northern Algeria, the accelerograms are scaled from 0.1 to 2.5 in increments of 0.1. The results mainly indicate that private constructions built after the Boumerdes earthquake in the moderate and high seismic zones with four (04) or more storeys are highly vulnerable.

• Journal of Information Processing Systems
• /
• v.6 no.4
• /
• pp.563-574
• /
• 2010

The growing number of web applications in the global economy has made it critically important to develop secure and reliable software to support the economy's increasing dependence on web-based systems. We propose an intercepting filter approach to mitigate the risk of injection flaw exploitation- one of the most dangerous methods of attacking web applications. The proposed approach can be implemented in Java or .NET environments following the intercepting filter design pattern. This paper provides examples to illustrate the proposed approach.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.05a
• /
• pp.126-128
• /
• 2018

웹 해킹 사고 건수와 피해규모가 매년 증가하고 있다. 해킹사고의 대부분이 웹을 통해 발생하고 있으며 웹 취약점 점검을 통해 사전에 예방할 수 있지만 인력과 예산 부족으로 주기적인 점검이 어려운 것이 현실이다. 본 연구에서는 효율적인 웹 점검을 위해 공격가능성을 바탕으로 점검 항목의 위험도를 분석하고 향후 지속되어야 할 연구 방향을 제시한다.