• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.11 no.6
• /
• pp.724-731
• /
• 2018

Code obfuscation is a technology that makes programs difficult to understand for the purpose of interpreting programs or preventing forgery or tampering. Inverse reading is a technology that analyzes the meaning of origin through reverse engineering technology by receiving obfuscated programs as input. This paper is an analysis of obfuscation and reverse-toxicization technologies for binary code in a virtualized-based environment. Based on VMAttack, a detailed analysis of static code analysis, dynamic code analysis, and optimization techniques were analyzed specifically for obfuscation and reverse-dipidization techniques before obfuscating and reverse-dipulation techniques. Through this thesis, we expect to be able to carry out various research on virtualization and obfuscation. In particular, it is expected that research from stack-based virtual machines can be attempted by adding capabilities to enable them to run on register-based virtual machines.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.8 no.4
• /
• pp.263-269
• /
• 2015

Digital watermarking is imperceptible and statistically undetectable information embeds into digital data. Most information in digital audio watermarking schemes have used binary random sequences. The embedded binary random sequence distorts and modifies the original data while it plays a vital role in security. In this paper, a binary random sequence to improve imperceptibility in perceptual region of the human auditory system is proposed. The basic idea of this work is a modification of a binary random sequence according to the frequency analysis of adjacent binary digits that have different signs in the sequence. The canonical signed digit code (CSDC) is also applied to modify a general binary random sequence and the pair-matching function between original and its modified version. In our experiment, frequency characteristics of the proposed binary random sequence was evaluated and analyzed by Bark scale representation of frequency and frequency gains.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2010.07a
• /
• pp.67-70
• /
• 2010

본 논문은 바이너리 코드 수준에서 정적인 프로그램 분석을 수행하는 프레임워크를 설계 및 구현한다. 정적으로 바이너리 코드 수준에서 분석을 수행하려는 이유는 일반적으로 컴퓨터에 설치되는 실행 파일은 소스 코드 없이 단지 바이너리로 된 실행 파일만 주어지는 경우가 대부분이고, 정적 제어 흐름 분석을 통해 수행 전에 동작을 파악하기 위해서이다. 본 논문에서는 바이너리 실행 파일로부터 실행 순서 및 제어 흐름 등의 정보를 표현할 수 있는 제어 흐름 그래프를 작성하여 바이너리 파일의 실행 흐름과 위험한 함수의 호출 여부를 동시에 파악할 수 있도록 하며, 그래프 시각화를 통해 바이너리 파일의 분석을 용이하게 한다. 또한 실행 흐름에 대한 자동 탐색 방법을 제공한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.3
• /
• pp.73-80
• /
• 2016

We had introduced the backgrounds, history and physical meanings of Jong Nang in "Jeju Jong Nang Channel Code I, II and III". In "Jeju Jong Nang Channel Code II" paper, we have introduced practical the root of digital human binary coded Jong Nang communications as the wooden gate in Korea Jeju Island custom and investigated Jong Nang gatemodels as an approximation of the AWGN model. The objective was to find a deterministic model, which was accessible to analysis the capacity. Jong Nang communications mean the normal 3 rafters placed on two vertical stones with three holes to convey the family's whereabouts that is deterministic signal. In this paper we find the capacity of deterministic signal processing about the linear deterministic signals approximately.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.629-635
• /
• 2022

Cyber threats are also increasing with recent social changes and the development of ICT technology. Malicious codes used in cyber threats are becoming more advanced and intelligent, such as analysis environment avoidance technology, concealment, and fileless distribution, to make analysis difficult. Machine learning technology is being used to effectively analyze these malicious codes, but a lot of effort is needed to increase the accuracy of classification. In this paper, we propose a malicious code detection technology based on API call interval characteristics to improve the classification performance of machine learning. The proposed technology uses API call characteristics for each section and entropy of binary to separate characteristic factors into sections based on the extraction malicious code and API call order of normal binary. It was verified that malicious code can be well analyzed using the support vector machine (SVM) algorithm for the extracted characteristic factors.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.12 no.5
• /
• pp.237-242
• /
• 2012

Cyber attacks have rapidly increased by exploiting the underlying vulnerabilities in the target software. However, identifying and correcting these vulnerabilities are extremely difficult and time consuming tasks. To address these problems efficiently, we propose a systematic methodology for security vulnerability assessment process on binary code in the paper. Specifically, we first classified the existing vulnerabilities based on whether the target software run in a Web environment and features of the software. Based on the classification, we determined the list and scope of the vulnerabilities. As our future research direction, we need to further refine and validate our methodology.

• The Korean Journal of Applied Statistics
• /
• v.30 no.5
• /
• pp.775-791
• /
• 2017

We frequently encounter binary data in real life. Logistic, Probit, Cauchit, Complementary log-log models are often used for binary data analysis. In order to analyze binary data, Liu (2004) proposed a Robit model, in which the inverse of cdf of the Student's t distribution is used as a link function. Kim et al. (2008) also proposed a generalized t-link model to make the binary regression model more flexible. The more flexible skewed distributions allow more flexible link functions in generalized linear models. In the sense, we propose a binary data regression model using skewed generalized t distributions introduced in Theodossiou (1998). We implement R code of the proposed models using the glm function included in R base and R sgt package. We also analyze Pima Indian data using the proposed model in R.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.45-55
• /
• 2019

DEX file and share objects (also known as the SO file) are important components that define the behaviors of an Android application. DEX file is implemented in Java code, whereas SO file under ELF file format is implemented in native code(C/C++). The two layers - Java and native can communicate with each other at runtime. Malicious applications have become more and more prevalent in mobile world, they are equipped with different evasion techniques to avoid being detected by anti-malware product. To avoid static analysis, some applications may perform malicious behavior in native code that is difficult to analyze. Existing researches fail to extract the call relationship which includes both Java code and native code, or can not analyze multi-DEX application. In this study, we design and implement a system that effectively extracts the call relationship between Java code and native code by analyzing DEX file and SO file of Android application.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.785-802
• /
• 2017

As cyber threats using malicious code continue to increase, many security and vaccine companies are putting a lot of effort into analysis and detection of malicious codes. However, obfuscation techniques that make software analysis more difficult are applied to malicious codes, making it difficult to respond quickly to malicious codes. In particular, commercial obfuscation tools can quickly and easily generate new variants of malicious codes so that malicious code analysts can not respond to them. In order for analysts to quickly analyze the actual malicious behavior of the new variants, reverse obfuscation(=de-obfuscation) is needed to disable obfuscation. In this paper, general analysis methodology is proposed to de-obfuscate the software used by a commercial obfuscation tool, Themida. First, We describe operation principle of Themida by analyzing obfuscated executable file using Themida. Next, We extract original code and data information of executable from obfuscated executable using Pintool, DBI(Dynamic Binary Instrumentation) framework, and explain the implementation results of automated analysis tool which can deobfuscate to original executable using the extracted original code and data information. Finally, We evaluate the performance of our automated analysis tool by comparing the original executable with the de-obfuscated executable.

• Journal of the military operations research society of Korea
• /
• v.15 no.2
• /
• pp.94-104
• /
• 1989

The concept of Algebraic-Coded Cryptosystem has been proposed recently but its application has not been developed yet. The primary object of this paper is to implement the Private-Key Algebraic-Coded Cryptosystem by using the primitive binary BCH codes. In the analysis of the cryptosystein, we find out the fact that there may exist other key pairs $S_i\;and\;P_i$ satisfying $G^*=S_{i},G_{s},P_{i}$ where $SG_{s}P$ is the original cryptosystem made by use of the systematic code generation matrix $G_{s}$.