• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5642-5670
• /
• 2017

Antivirus is an important issue to the security of virtual machine (VM). According to where the antivirus system resides, the existing approaches can be categorized into three classes: internal approach, external approach and hybrid approach. However, for the internal approach, it is susceptible to attacks and may cause antivirus storm and rollback vulnerability problems. On the other hand, for the external approach, the antivirus systems built upon virtual machine introspection (VMI) technology cannot find and prohibit viruses promptly. Although the hybrid approach performs virus scanning out of the virtual machine, it is still vulnerable to attacks since it completely depends on the agent and hooks to deliver events in the guest operating system. To solve the aforementioned problems, based on in-memory signature scanning, we propose an agentless runtime antivirus system VirtAV, which scans each piece of binary codes to execute in guest VMs on the VMM side to detect and prevent viruses. As an external approach, VirtAV does not rely on any hooks or agents in the guest OS, and exposes no attack surface to the outside world, so it guarantees the security of itself to the greatest extent. In addition, it solves the antivirus storm problem and the rollback vulnerability problem in virtualization environment. We implemented a prototype based on Qemu/KVM hypervisor and ClamAV antivirus engine. Experimental results demonstrate that VirtAV is able to detect both user-level and kernel-level virus programs inside Windows and Linux guest, no matter whether they are packed or not. From the performance aspect, the overhead of VirtAV on guest performance is acceptable. Especially, VirtAV has little impact on the performance of common desktop applications, such as video playing, web browsing and Microsoft Office series.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.15 no.1
• /
• pp.29-42
• /
• 1990

In this paper, We use the APL as IDL when simulation a 16-bit SIP. It was possible for IDL to represent and describe a structure of a H/W which other HDL have not. Because We partitioned whole system to various modules when desingning processor, We adpoted a direct decoding method. A designed each modules are executed according to 12-bit control word was inputed through experimental framework, Which were composed to symbolized instructions. In here, By setting instruction codes of the SIP using binary code, We composed instruction format and assembler instruction, and verified the SIP behaviour that try to implement by entering a presented instruction set through experimental framework. In a presented SIP, Because inputing program are a symbolized language, Designer and user will easily understand behaviour of system. Especially, Because we can immediatly specify a unit function within SIP, We will use variously and easily the library cell.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.443-454
• /
• 2020

The JavaScript engine is a module that receives JavaScript code as input and processes it, among many functions that are loaded into web browsers and display web pages. Many fuzzing test studies have been conducted as vulnerabilities in JavaScript engines could threaten the system security of end-users running JavaScript through browsers. Some of them have increased fuzzing efficiency by guiding test coverage in JavaScript engines, but no coverage guided fuzzing of optimized, dynamically generated machine code was attempted. Optimized JavaScript codes are difficult to perform sufficient iterative testing through fuzzing due to the function of runtime guards to free the code in the event of exceptional control flow. To solve these problems, this paper proposes a method of performing fuzzing tests on optimized machine code by avoiding deoptimization. In addition, we propose a method to measure the coverage of runtime-guards by the dynamic binary instrumentation and to guide increment of runtime-guard coverage. In our experiment, our method has outperformed the existing method at two measures: runtime coverage and iteration by time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.327-333
• /
• 2014

The rapid expansion of the software industry has brought a serious security threat and vulnerability. Many softwares are constantly attacked by exploit codes using security vulnerabilities. Smart fuzzing is automated method to find software vulnerabilities. However, Many resources are consumed in fuzzing, because the fuzzing needs to create data model for target software and to analyze a data file and software binary. Therefore, The automated method for efficient smart fuzzing is needed to develop the automated data model. In this paper, through analysing the input file format and optimizing the data structure, we propose an efficient data modeling framework for smart fuzzing and implement the framework for detect software vulnerabilities.

• The KIPS Transactions:PartD
• /
• v.9D no.3
• /
• pp.337-344
• /
• 2002

Recently, there has been a lot of research on graph-type data because it can model seamless the application domains such as GIS, network, WWW, multimedia presentations etc., and domain in which the data sequence is important. In this paper, an efficient code system, called node code system, is proposed to evaluate paths of DAG in a multimedia presentation graph. The node code system assigns a unique binary string to each node of a graph. The comparison of node codes of two nodes tells the connectivity between the nodes without actual traversal of a graph. The method using the property of the node code system allows us to construct the paths between two nodes more efficiently than the method using conventional graph traversals. The algorithms to construct paths using the node code system are provided.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.1
• /
• pp.31-40
• /
• 2024

Recently, static analysis-based signature and pattern detection technologies have limitations due to the advanced IT technologies. Moreover, It is a compatibility problem of multiple architectures and an inherent problem of signature and pattern detection. Malicious codes use obfuscation and packing techniques to hide their identity, and they also avoid existing static analysis-based signature and pattern detection techniques such as code rearrangement, register modification, and branching statement addition. In this paper, We propose an LLVM IR image-based automated static analysis of malicious code technology using machine learning to solve the problems mentioned above. Whether binary is obfuscated or packed, it's decompiled into LLVM IR, which is an intermediate representation dedicated to static analysis and optimization. "Therefore, the LLVM IR code is converted into an image before being fed to the CNN-based transfer learning algorithm ResNet50v2 supported by Keras". As a result, we present a model for image-based detection of malicious code.

• Progress in Medical Physics
• /
• v.23 no.3
• /
• pp.199-208
• /
• 2012

The computational human phantom including major radiation sensitive organs at risk (OARs) can be used in the field of radiotherapy, such as the variation of secondary cancer risks caused by the radiation therapy and the effective dose evaluation in diagnostic radiology. The present study developed a Korean adult female voxel phantom, VKH-Woman, based on serially sectioned color slice images of Korean female cadaver. The height and weight of the developed female voxel phantom are 160 cm and 52.72 kg, respectively that are virtually close to those of reference Korean female (161 cm and 54 kg). The female phantom consists of a total of 39 organs, including 27 organs recommended in the ICRP 103 publication for the effective dose calculations. The female phantom composes of $261{\times}109{\times}825$ voxels (=23,470,425 voxels) and the voxel resolution is $1.976{\times}1.976{\times}2.0619mm^3$ in the x, y, and z directions. The VHK-Woman is provided as both ASCII and Binary data formats to be conveniently implemented in Monte Carlo codes.

• Journal of Korea Multimedia Society
• /
• v.13 no.9
• /
• pp.1337-1347
• /
• 2010

Fingerprint recognition is a biometric technology to identify individual by using fingerprint features such ridges and valleys. Most fingerprint systems perform the recognition based on minutiae points after acquiring a fingerprint image from contact type sensor. They have an advantage of acquiring a clear image of uniform size by touching finger on the sensor. However, they have the problems of the image quality can be reduced in case of severely dry or wet finger due to the variations of touching pressure and latent fingerprint on the sensor. To solve these problems, the contactless capturing devices for a fingerprint image was introduced in previous works. However, the accuracy of detecting minutiae points and recognition performance are reduced due to the degradation of image quality by the illumination variation. So, this paper proposes a new LDP-based fingerprint recognition method. It can effectively extract fingerprint patterns of iterative ridges and valleys. After producing histograms of the binary codes which are extracted by the LDP method, chi square distance between the enrolled and input feature histograms is calculated. The calculated chi square distance is used as the score of fingerprint recognition. As the experimental results, the EER of the proposed approach is reduced by 0.521% in comparison with that of the previous LBP-based fingerprint recognition approach.