• The Transactions of the Korea Information Processing Society
• /
• v.4 no.5
• /
• pp.1337-1348
• /
• 1997

Ip over ATM and LAN Emulation over ATYM are cimmon methosd for applications to use ATM netework.But these can hardly provide full ATM serviece because of legacy transprot and network protocols they use.This paper presents work of desing and implementation of a Native ATM API that can enable direct use of native ATM scriviccs.In our work, Native ATM API specification which accommodates ATM Forum's "Native ATM Services :Semantic Deseription"has been defined, and based on this, Native ATM API has been implemented of our development are addressed, and implementation envuroment, sofware archiercture, Native ATM API library functions, and applecation programming using our Native ATM API are described.described.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.115-127
• /
• 2008

The Native API is a system call which can only be accessed with the authentication of the administrator. It can be used to detect a variety of malicious codes which can only be executed with the administrator's authority. Therefore, much research is being done on detection methods using the characteristics of the Native API. Most of these researches are being done by using supervised learning methods of machine learning. However, the classification standards of Anti-Virus companies do not reflect the characteristics of the Native API. As a result the population data used in the supervised learning methods are not accurate. Therefore, more research is needed on the topic of classification standards using the Native API for detection. This paper proposes a method for re-grouping malicious codes using fuzzy clustering methods with the Native API standard. The accuracy of the proposed re-grouping method uses machine learning to compare detection rates with previous classifying methods for evaluation.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.12
• /
• pp.3088-3096
• /
• 1997

In this paper, we present WWW system over native ATM services. The use of native ATM services through ATM API can provide better performance and functionality than that of IP over ATM, LAN Emulation or Multiprotocol over ATM. Our WWW browser and server provide advanced WWW services based on enhanced performance and guaranteed QoS support by using native ATM service benefits. This paper describes and compares advantages and disadvantages of Native ATM Services and ATM Internet Services, and addresses ATM API standardization and development trend that are made by the ATNI Forum for the support of native ATM services, and then describes the architecture and operation of our WWW browser and server using ATM API. The system architecture is based on HTTP over ATM API capable of supporting guaranteed QoS over its connections. The system defines and uses new HTML attributes within hyperlinking HTML elements for the description of ATM QoS and traffic characteristics that are derived from UNI signaling 3.1 connection characteristics information elements. Our system uses WinSock 2 API as its ATM API.

• The Transactions of the Korea Information Processing Society
• /
• v.6 no.7
• /
• pp.1884-1896
• /
• 1999

In this paper, we propose an ATM API for Java pplication programming. The proposed Java ATM API is an extended form of java.net package of the Java Core API. Our Java ATM API is defined based on the ATM Forum's semantic standard for native ATM services, "Native ATM Service : Semantic Description, Version 1.0". IN order to provide native ATM services, we defined several new classes within the java.net package, including AtmAddress for AtmAddress, AtmSocket, ATM BLLI and AtmBHLI for Atm BLLI and BHLI information, AtmServerSocket, AtmMulticastSocket, AtmSocketImpl for socket programming over native ATM communication, and AtmConnAttr for native ATM connection characteristics. Software structure for construcing the Java ATM API over Winsock 2 environment and its implementation method are also presented.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.10
• /
• pp.7211-7218
• /
• 2015

Tens of thousands of malicious codes are generated on average in a day. New types of malicious codes are surging each year. Diverse methods are used to detect such codes including those based on signature, API flow, strings, etc. But most of them are limited in detecting new malicious codes due to bypass techniques. Therefore, a lot of researches have been performed for more efficient detection of malicious codes. Of them, visualization technique is one of the most actively researched areas these days. Since the method enables more intuitive recognition of malicious codes, it is useful in detecting and examining a large number of malicious codes efficiently. In this paper, we analyze the relationships between malicious codes and Native API functions. Also, by applying the word cloud with text mining technique, major Native APIs of malicious codes are visualized to assess their maliciousness. The proposed malicious code analysis method would be helpful in intuitively probing behaviors of malware.

• Convergence Security Journal
• /
• v.8 no.1
• /
• pp.57-65
• /
• 2008

The implement of JAVA API for supporting the embedded system is capable of developing the object oriented system with code reuse because the developer is able to use JAVA in the embedded system. The system dependant parts for implementing JAVA API are realized from a native function. In this paper, we devide JAVA API into the platform-independent JAVA part and platform-dependent native part for the implementation of JAVA API to manage the linux based embedded system devices, and focus on the control of the embedded system devices using JAVA API.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2008.06a
• /
• pp.297-300
• /
• 2008

임베디드 시스템을 지원하는 JAVA API를 개발하면 임베디드 시스템을 개발자가 JAVA를 사용하므로써 코드의 재사용, 객체지향 개념의 시스템 개발들을 가능하게 한다. JAVA API를 구현하는데 있어 시스템에 의존적인 부분들이 존재하게 되는데, 이는 native 함수에서 구현한다. 본 논문에서는 리눅스 기반의 임베디드 시스템 디바이스를 제어하기 위한 JAVA API를 구현하는데 있어 플랫폼 독립적인 자바 부분과 의존적인 native 부분으로 나누어 설계 및 구현하였고, 임베디스 시스템 디바이스의 JAVA API를 통한 제어에 초점을 두었다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04d
• /
• pp.322-324
• /
• 2003

정보가전기기에 네트워크 기능을 탑재하게 되면 인터넷을 통해 사이버교육, 재택업무 등을 쉽고 편리하게 하여 삶의 질을 향상시키는데 기여할 수 있다. 이러한 정보가전기기에 네트워크 기능을 제공하기 위해 자바가상머신에서는 NET API를 제공한다. NET API를 구현하는데 있어 시스템에 의존적인 부분들이 존재하게 되는데, 이는 native 함수에서 구현한다 본 논문에서는 리눅스 기반 자바 NET API론 구현하는데 있어 플랫폼 독립적인 자바 부분과 의존적인 native 부분으로 나누어 설계 및 구현하였고, 소켓을 통한 서버/클라이언트간의 데이터 전송 부분에 초점을 두었다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.10a
• /
• pp.264-267
• /
• 2018

본 연구에서는 API 호출을 은닉할 수 있는 새로운 유형의 유저모드 기반 루트킷으로 Cuckoo Sandbox를 회피하는 기법과 이를 탐지하기 위한 연구를 한다. Cuckoo Sandbox의 행위 분석을 회피하기 위해 잠재적으로 출현 가능한 은닉된 코드 이미지 기반의 신종 루트킷 원리를 연구하고 탐지하기 위한 방안을 함께 연구한다. 네이티브 API 호출 코드 영역을 프로세스 공간에 직접 적재하여 네이티브 API를 호출하는 기법은 Cuckoo Sandbox에서 여전히 잠재적으로 행위 분석 회피가 가능하다. 본 연구에서는 은닉된 외부주소 호출 코드 영역의 탐지를 위해 프로세스의 가상메모리 공간에서 실행 가능한 페이지 영역을 탐색 후 코사인 유사도 분석으로 이미지 탐지 실험을 하였으며, 코드 영역이 맵핑된 정렬 단위의 4가지 실험 조건에서 평균 83.5% 유사도 탐지 결과를 확인하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.785-796
• /
• 2012

In this paper, we propose an effective Behavior-based detection technique using the frequency of system calls to detect malicious code, when the number of training data is fewer than the number of properties on system calls. In this study, we collect the Native APIs which are Windows kernel data generated by running program code. Then we adopt the normalized freqeuncy of Native APIs as the basic properties. In addition, the basic properties are transformed to new properties by GLDA(Generalized Linear Discriminant Analysis) that is an effective method to discriminate between malicious code and normal code, although the number of training data is fewer than the number of properties. To detect the malicious code, kNN(k-Nearest Neighbor) classification, one of the bayesian classification technique, was used in this paper. We compared the proposed detection method with the other methods on collected Native APIs to verify efficiency of proposed method. It is presented that proposed detection method has a lower false positive rate than other methods on the threshold value when detection rate is 100%.