-
1.发明公开公开(公告)号:US20240220636A1
公开(公告)日:2024-07-04
申请号:US18550865
申请日:2022-10-12
Inventor: Jeong Hyun YI , Haehyun CHO , Kyungmin SIM , Sunjun LEE , Geochang JEON
IPC: G06F21/57
CPC classification number: G06F21/577 , G06F2221/033
Abstract: Provided is a unit test case-based security design flaw detection method performed in a security design flaw detection apparatus for detecting a security design flaw of a software system, and the method comprises collecting a unit test case for the software system from an external device and preprocessing the unit test case; generating a first test case by testing whether the software system violates a security policy using the preprocessed unit test case; generating a second test case that is a data set for testing a function of the software system based on the first test case; and detecting a vulnerability of the software system by executing the second test case.
-
公开(公告)号:US20210141875A1
公开(公告)日:2021-05-13
申请号:US17262745
申请日:2018-11-26
Inventor: Jeong Hyun YI , Min Koo KANG
IPC: G06F21/14 , G06F21/64 , G06F8/41 , G06F8/75 , G06F16/903
Abstract: A device for automatically identifying anti-analysis techniques by using the signature extraction, includes an extraction unit which extracts a DEX file and an ELF file from an application file after unpacking the application file, which is in an APK format and includes compressed execution code to be executed on Android, a detection unit which receives the acquired signature classified according to types of the signature, analytically compares the input signature with the signature stored in a database, and detects the signature used in anti-analysis techniques, and a determination unit which determines according to the detected signature what anti-analysis technique is applied to the application. According to the present invention, it is possible to enable an appropriate and quick response to damages due to malicious applications by shortening the time required for analysis and automatically recognizing the application to which the anti-analysis technique is applied.
-
公开(公告)号:US20220207296A1
公开(公告)日:2022-06-30
申请号:US17288969
申请日:2021-01-28
Inventor: Jeong Hyun YI , Yeong Hun BAN
Abstract: A code sequence based intelligent key code identification method includes extracting Smali code sequence by decompiling an application, vectorizing the extracted Smali code sequence to construct a training dataset, training a deep learning model with the vectorized Smali code sequence to generate a classifier, generating a category classification result using Smali code sequence of a target application as input of the classifier, and identifying and providing important Smali code sequence from which the classification result of the target application is derived. Accordingly, it is possible to objectively evaluate the application using Smali code sequence of the application being actually run.
-
Patent Agency Ranking
公开(公告)号:US20220179955A1
公开(公告)日:2022-06-09
申请号:US17296892
申请日:2021-01-29
Inventor: Jeong Hyun YI , Eun Byeol KO
Abstract: A mobile malicious code classification method based on feature selection includes extracting Application Programming Interface (API) feature information including a package name, a class name, a method name and a description from a malicious application of a predefined category, vectorizing a training dataset generated using the package name, the class name and the method name in the API feature information for deep learning, learning the vectorized training dataset to generate a classifier, probabilistically classifying to fit a target malicious application into a category, and defining the category of the target malicious application using a result of the classification and outputting a classification important API. Accordingly, it is possible to deal with malicious behaviors of malicious applications quickly and prevent damage caused by the malicious behaviors.
-
公开(公告)号:US20200342113A1
公开(公告)日:2020-10-29
申请号:US16527687
申请日:2019-07-31
Inventor: Jeong Hyun YI , Kichang KIM
Abstract: Provided is a method of application security vulnerability evaluation based on tree boosting and a readable medium and an apparatus for performing the same. The method of application security vulnerability evaluation based on tree boosting includes the step of generating an API classifier which classifies an input API as benign or malicious using a tree boosting-based algorithm, the step of calculating security vulnerability score of API using the API classifier, and the step of classifying a target application as a malicious application or a benign application according to the security vulnerability score of API used in the target application.
-
公开(公告)号:US20240386105A1
公开(公告)日:2024-11-21
申请号:US18696479
申请日:2022-04-01
Inventor: Jeong Hyun YI , Hae Hyun CHO , Sun Jun LEE , Young Hoon BAN
Abstract: A method for detecting a mobile malicious application based on an implementation feature in a mobile malicious application detection apparatus based on an implementation feature and the method comprises decompiling a labeled application to remove preset information; extracting abstract syntax tree (AST) that is an implementation feature for each method; generating an AST node list; generating and vectorizing the generated AST node list as a learning dataset for deep learning; generating a classification model by learning a vectorized learning dataset; and outputting a classification result of a target application based on the classification model. This can reduce the false positive rate, extract many features from the obfuscated application, and detect malicious applications by classifying mobile applications as normal or malicious behaviors based on the behaviors performed by the application.
-
7.发明申请公开(公告)号:US20200089873A1
公开(公告)日:2020-03-19
申请号:US16198781
申请日:2018-11-22
Inventor: Jeong Hyun YI , Jongsu LIM , Sun Jun LEE , Yong Gu SHIN , Kyu Ho KIM
Abstract: A dynamic code extraction-based automatic anti-analysis evasion and code logic analysis apparatus, includes: a recognition module that extracts a DEX file and a SO file by unpacking an execution code of an application and recognizes an analysis avoidance technique by comparing a signature which is included in the extracted DEX file and SO file; a instrumentation module that extracts a code to be analyzed from a byte code configuring the DEX file and a native code configuring the SO file, compares the extracted code with the data stored in a database, and outputs a code excluding an anti-analysis technique as a log file; and a deobfuscation module that deobfuscates an obfuscated code which is included in the APK on the basis of the output log file and generates an APK file in which an obfuscation technique is released on the basis of the deobfuscated code.
-
公开(公告)号:US20220156370A1
公开(公告)日:2022-05-19
申请号:US17278781
申请日:2020-11-25
Inventor: Jeong Hyun YI , Geochang JEON
IPC: G06F21/56 , G06F8/40 , G06F40/279 , G06F40/166
Abstract: An obfuscated identifier detection method based on natural language processing includes: converting an input obfuscated apk to smali code level, inspecting an obfuscated string in identifiers of the smali code acquired from a smali code converter, extracting information necessary for deobfuscation and frequency of the identifiers when there is the obfuscated string, storing frequency, type and name information of identifiers calculated from information extracted from an unobfuscated apk, and acquiring and deobfuscating an identifier type name having a most similar frequency in an identifier name database (DB) using information extracted from an obfuscated information extractor. Accordingly, it is possible to reduce delay in analysis and achieve faster analysis by automatically renaming the code that is difficult to understand due to identifier conversion obfuscation.
-
-
-
-
-
-
-
Search Results
8
records
(took 0.018 seconds)
