• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.12
• /
• pp.1858-1860
• /
• 2016

In this paper, a modified YARA software architecture that can perform pattern matching for multi-rule files is proposed. Based on a improved scanning thread algorithm, the new design reduces memory loading time of rule files for pattern matching. Therefore, the proposed architecture can reduce operation time for pattern matching while it requires an increased memory in proportion to the number of rule files.

• Journal of the Semiconductor & Display Technology
• /
• v.23 no.3
• /
• pp.108-114
• /
• 2024

This study details the development of YARA rules and a detection program specifically designed to identify malware in HWP documents, a common target in cyber-attacks within South Korea. By thoroughly analyzing the unique structural features of HWP files, we developed precise YARA rules that were subsequently integrated into a custom detection tool. The program was rigorously tested on a dataset of benign and malicious HWP documents, demonstrating high detection accuracy and a low false-positive rate. This research offers a robust and practical solution for enhancing cybersecurity in environments where HWP files are frequently used, contributing valuable tools for the targeted detection of document-based malware.

• Annual Conference of KIPS
• /
• 2024.05a
• /
• pp.306-307
• /
• 2024

이 연구에서는 IoT 보안을 강화하기 위해 Mozi 봇넷의 분산 구조와 트래픽 특징을 기반으로 YARA와 RNN을 통합한 탐지 및 대응 시스템을 제안한다. Mozi 봇넷의 분산 구조와 트래픽 특징을 분석한 후, 이를 기반으로 YARA 규칙과 RNN을 결합하여 악성 코드를 탐지하는 시스템을 설계한다. 실험 결과를 통해 이 시스템이 높은 정확도와 효율성을 보일 것으로 예상되며, 향후 연구에서는 다양한 딥러닝 기술을 활용하여 보다 효과적인 보안 대응 시스템을 개발할 것으로 기대된다.

• Journal of KIISE
• /
• v.45 no.2
• /
• pp.106-112
• /
• 2018

Recently, the number of cyber attacks using malicious code has increased. Various types of malicious code detection techniques have been researched for several years as the damage has increased. In recent years, profiling techniques have been used to identify attack groups. This paper focuses on the identification of attack groups using a detection technique that does not involve malicious code detection. The attacker is identified by using a string or a code signature of the malicious code. In addition, the detection rate is increased by adding a technique to confirm the packing file. We use Yara as a detection technique. We have research about RAT (remote access tool) that is mainly used in attack groups. Further, this paper develops a ruleset using malicious code and packer main feature signatures for RAT which is mainly used by the attack groups. It is possible to detect the attacker by detecting RAT based on the newly created ruleset.

• Korean Journal of Mathematics
• /
• v.30 no.2
• /
• pp.363-373
• /
• 2022

In this paper we mainly establish a relationship between involutions of multiplicative Hom-Lie algebras and Hom-Lie triple systems. We show that the -1-eigenspace of any involution on any multiplicative Hom-Lie algebra becomes a Hom-Lie triple system and we construct some examples of Hom-Lie triple systems using some involutions of some classical Hom-Lie algebras.

• The Bulletin of The Korean Astronomical Society
• /
• v.41 no.1
• /
• pp.69.3-70
• /
• 2016

We study the orbital histories of Virgo galaxies undergoing different HI gas stripping stages using phase-space diagrams. Based on the HI properties of galaxies, we find that location of galaxies is in good agreement with ram-pressure stripping predicted by numerical simulations with different infall time. For example, galaxies experiencing active gas stripping are mostly found in the first infall region showing high velocity with respect to the cluster center. Meanwhile, most galaxies that are likely to have lost gas a while ago are found in the cluster outskirts with low orbital velocities. We also discuss the cases where observational properties of galaxies and their locations in the phase-space do not well agree. In addition, we probe the phase-space of filaments and subgroups around or within Virgo. Our results strongly suggest that substructures can play important roles in galaxy evolution while galaxies are falling to the cluster.

• Annual Conference of KIPS
• /
• 2022.11a
• /
• pp.902-904
• /
• 2022

스마트폰 사용자 수가 증가함에 따라 스미싱, 몸캠피싱, 메신저 피싱과 같은 정보통신망을 이용한 범죄가 큰 폭으로 증가하고 있다. 이러한 범죄 피해는 다양한 연령층에서 발생하고 있다. 본 논문에서는 국내 모바일 운영체제 점유율이 가장 높은 안드로이드 운영체제를 대상으로 하는 패킹된 악성 앱 언패킹을 수행하고 시그니처 기반 탐지 도구인 Yara 를 통해 악성 앱에 사용된 패커를 식별하는 통합 악성 앱 언패킹 시스템을 제공하여 악성 앱을 이용한 범죄 대응에 도움을 줄 수 있을 것으로 기대된다.

• International Journal of Computer Science & Network Security
• /
• v.24 no.2
• /
• pp.1-14
• /
• 2024

While text-to-image models have made remarkable progress in image synthesis, certain models, particularly generative diffusion models, have exhibited a noticeable bias to- wards generating images related to the culture of some developing countries. This paper introduces an empirical investigation aimed at mitigating the bias of image generative model. We achieve this by incorporating symbols representing Saudi culture into a stable diffusion model using the Dreambooth technique. CLIP score metric is used to assess the outcomes in this study. This paper also explores the impact of varying parameters for instance the quantity of training images and the learning rate. The findings reveal a substantial reduction in bias-related concerns and propose an innovative metric for evaluating cultural relevance.

• Imaging Science in Dentistry
• /
• v.44 no.3
• /
• pp.199-205
• /
• 2014

Purpose: This study aimed to investigate the effect of changing the kilovoltage peak (kVp) on the radiographic assessment of dental caries. Materials and Methods: Seventy-five extracted posterior teeth with proximal caries or apparently sound proximal surfaces were radiographed with conventional E-speed films and a photostimulable phosphor system using 60 kVp and 70 kVp for the caries assessment. The images were evaluated by three oral radiologists and compared with the results of the stereomicroscope analysis. Results: No statistically significant difference was found between 60 kVp and 70 kVp for the caries detection, determination of caries extension into dentin, and caries severity in either the conventional or the digital images. Good to very good inter-observer and intra-observer agreements were found for both kilovoltage values on the conventional and digital images. Conclusion: Changing the kilovoltage between 60 kVp and 70 kVp had no obvious effect on the detection of proximal caries or determination of its extension or severity.

• The Bulletin of The Korean Astronomical Society
• /
• v.41 no.2
• /
• pp.34.3-35
• /
• 2016

Ram pressure stripping of early-type galaxies has been largely neglected until now because of their gas poor nature. MUSE IFU observation vividly reveal the presence of star-forming blobs and ionised gas tails, around an early-type galaxy in Abell 2670. The galaxy was identified as a post-merger galaxy with disturbed faint features, in MOSAIC 2 deep optical images. The imaging also revealed a series of star-forming blobs, situated in the direction facing away from the cluster centre. Thanks to the revolutionary wide field-of-view of the MUSE, combined with 8.2-m VLT (UT-4) at Cerro Paranal, we could simultaneously obtain IFU spectra of the blobs, as well as the galaxy. The MUSE spectra clearly confirms that the star-forming blobs are associated with the early-type galaxy. Moreover, MUSE reveals long ionised-gas tails, emanating from the galaxy. The quantity of gas indicates a gas rich progenitor has merged with the early-type galaxy. However the direction of the tails and blobs, and the blob morphology, appears to indicate that strong ram-pressure stripping may have stripped out gas brought in by the merger. We will present kinematic structure of the whole system (the galaxy, star-forming blobs, and gas tails), as well as the star formation history of the system, supporting a scenario where a recent galaxy merger is subjected to cluster environmental mechanisms.