• The Journal of the Korea Contents Association
• /
• v.7 no.11
• /
• pp.94-101
• /
• 2007

We introduce the way to detect the mutation worm. We implemented the program that can generate signature using LCSeq(Longest Common Subsequence) technique in Suffix Tree studied as pattern recognition algorithm. We also showed the process to detect the mutation of CodeRed worm and Nimda worm and evaluated signatures generated by snort and LCSeq.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.41 no.3
• /
• pp.185-193
• /
• 2013

The plume infrared signature effects at various flight conditions of aircraft were investigated for the purpose of reducing infrared signature level. The nozzle of a virtual subsonic unmanned combat aerial vehicle was designed through a performance analysis. Nozzle and associated plume flowfields were first analyzed using a density-based CFD code and plume IR signature was then calculated on the basis of the narrow-band model. Finally, qualitative information for the plume infrared signature characteristics was obtained through the analysis of the IR signature effects at various flight conditions.

• International Journal of Advanced Culture Technology
• /
• v.9 no.4
• /
• pp.288-294
• /
• 2021

There are various ways to be infected with malicious code due to the increase in Internet use, such as the web, affiliate programs, P2P, illegal software, DNS alteration of routers, word processor vulnerabilities, spam mail, and storage media. In addition, malicious codes are produced more easily than before through automatic generation programs due to evasion technology according to the advancement of production technology. In the past, the propagation speed of malicious code was slow, the infection route was limited, and the propagation technology had a simple structure, so there was enough time to study countermeasures. However, current malicious codes have become very intelligent by absorbing technologies such as concealment technology and self-transformation, causing problems such as distributed denial of service attacks (DDoS), spam sending and personal information theft. The existing malware detection technique, which is a signature detection technique, cannot respond when it encounters a malicious code whose attack pattern has been changed or a new type of malicious code. In addition, it is difficult to perform static analysis on malicious code to which code obfuscation, encryption, and packing techniques are applied to make malicious code analysis difficult. Therefore, in this paper, a method to detect malicious code through dynamic analysis and static analysis using Trojan-type Downloader/Dropper malicious code was showed, and suggested to malicious code detection and countermeasures.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.7
• /
• pp.4912-4917
• /
• 2015

Fragile watermarking is a technique to insert a watermark into an image without significantly degrading its visual quality so that the watermark can be extracted for the purposes of authentication or integrity verification. And the watermark for authentication and integrity verification should be erased easily when the image is changed by filtering etc. In this paper, we propose a image block-wise watermarking method for image tamper proofing using digital signature. In the proposed method, a digital signature is generated from the hash code of the initialized image block. And The proposed method is able to detect the tampered parts of the image without testing the entire block of the watermarked image.

• The KIPS Transactions:PartC
• /
• v.16C no.5
• /
• pp.555-562
• /
• 2009

In malware accident investigation, the most important thing is detection of malicious code. Signature based anti-virus softwares have been used in most of the accident. Malware can easily avoid signature based detection by using packing or encryption method. Because of this, packed file detection is also important. Detection methods can be divided into signature based detection and entropy based detection. Signature based detection can not detect new packing. And entropy based detection has a problem with false positive. We provides detection method using entropy statistics of entry point section and 'write' properties of essential characteristic of packed file. And then, we show packing detection tool and evaluate its performance.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.17 no.4
• /
• pp.456-462
• /
• 2014

Infrared(IR) guided heat-seeking missiles uses IR emissions from aircraft to detect and track a target. Due to passive characteristic of the IR guidance, early detection of the missile is difficult and it is significant threat to aircraft survivability. Therefore, IR signature prediction of the aircraft is an important aspect of the stealth technology. In this study, we simulated IR signature of the aircraft in real atmospheric conditions. Aircraft surface temperature distribution was calculated by using RadthermIR code. Based on temperature distribution, IR radiance and BRDF(Bidirectional Reflectance Distribution Function) image were simulated for different weather(seasonal) and background(sky/soil) conditions. The IR contrast tendencies are not aligned with surface temperature or magnitude of target IR radiance. Therefore, it is essential to simulate IR signature with various conditions and background to acquire reliable database.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.24 no.6
• /
• pp.638-644
• /
• 2021

Infrared guided weapons act as threats that greatly degrade the survivability of combat aircraft. Infrared weapons detect and track the target aircraft by sensing the infrared signature radiated from the aircraft fuselage. Therefore, in this study, we analyzed the infrared signature and susceptibility of supersonic aircraft according to omni-directional detection angle. Through the numerical analysis, we derived the surface temperature distribution of fuselage and omni-directional infrared signature. Then, we calculated the detection range according to detection angle in consideration of IR sensor's parameters. Using in-house code, the lethal range was calculated by considering the relative velocity between aircraft and IR missile. As a result, the elevational susceptibility is larger than the azimuthal susceptibility, and it means that the aircraft can be attacked in wider area at the elevational situation.

• Journal of the Korean Society for Aeronautical & Space Sciences
• /
• v.42 no.8
• /
• pp.640-647
• /
• 2014

Infrared signature of aircraft exhaust plume is the critical factor for aircraft survivability. To improve the military aircraft survivability, the accurate prediction of infrared signature for the propulsion system is needed. The numerical analysis of thermal fluid field for nozzle inflow, free stream flow, and plume region is conducted by using the in-house code. Weighted Sum of Gray Gases Model based on Narrow Band with regrouping is adopted to calculate the spectral infrared signature emitted from aircraft exhaust plume. The accuracy and reliability of the developed code are validated in the one-dimensional band model. It is found that the infrared radiant intensity is relatively more strong in the plume through the analysis, the results show the different characteristic of the spectral infrared signature along the temperature, the partial pressure, and the species distribution. The continuous spectral radiant intensity is shown near the nozzle exit due to the emission from the nozzle wall.

• Journal of Korea Multimedia Society
• /
• v.20 no.11
• /
• pp.1759-1767
• /
• 2017

Although Open API has been invigorated by advancements in the software industry, diverse types of malicious code have also increased. Thus, many studies have been carried out to discriminate the behaviors of malicious code based on API data, and to determine whether malicious code is included in a specific executable file. Existing methods detect malicious code by analyzing signature data, which requires a long time to detect mutated malicious code and has a high false detection rate. Accordingly, in this paper, we propose a method that analyzes and detects malicious code using association rule mining and an Naive Bayes classification. The proposed method reduces the false detection rate by mining the rules of malicious and normal code APIs in the PE file and grouping patterns using the DHP(Direct Hashing and Pruning) algorithm, and classifies malicious and normal files using the Naive Bayes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.3
• /
• pp.1210-1230
• /
• 2015

Android is the world's most utilized smartphone OS which consequently, also makes it an attractive target for attackers. The most representative method of hacking used against Android apps is known as repackaging. This attack method requires extensive knowledge about reverse engineering in order to modify and insert malicious codes into the original app. However, there exists an easier way which circumvents the limiting obstacle of the reverse engineering. We have discovered a method of exploiting the Android code-signing process in order to mount a malware as an example. We also propose a countermeasure to prevent this attack. In addition, as a proof-of-concept, we tested a malicious code based on our attack technique on a sample app and improved the java libraries related to code-signing/verification reflecting our countermeasure.