Collaborative Research Topics

R&D Collaborative Research Topics

Development of automated reverse engineering and weakness detection technology through binary code analysis

Overview of research project

Project name : ICT · Broadcasting R&D Project
Title : Development of automated reverse engineering and weakness detection technology through binary code analysis
Consigned by : Ministry of Science and ICT > Information Communication Technology Promotion Center (IITP)
Leading Institute : KAIST
Participating Institute : Gachon University Industry-Academic Cooperation Team, Korea System Assurance Inc.
Research period : 2016.04~2018.12 (3 years)

Research content

Automated weakness detection by developing a binary analysis platform

- Analysis of various ISA (x86, ARM, MIPS) binaries

- Development of universal library to analyze the binary on various OS

- Development of expandable and applicable base technology

Weakness detection by executing symbols based on binary

- Detection of weaknesses even when there is no source code

- Running on various platforms using the binary analysis technology

Needs to detect automated weaknesses through binary analysis

Cyber target attack recognition and tracking technology based on long-term history analysis of multi-source data

Overview of research project

Title : Cyber target attack recognition and tracking technology based on long-term history analysis of multi-source data
Consigned by : Ministry of Science and ICT > Information Communication Technology Promotion Center (IITP)
Leading Institute : Electronics and Telecommunications Research Institute
Participating Institute : KAIST, SK Infosec, Wins21, Realtimetech
Research period : 2013.03~2017.02 (4 years)

Research content

  • Definition of all events on host and server and properties to be collected in relation to malignant codes
  • Establishment of analysis standards to identify malignant actions among all events
  • Definition of character factors to classify normal and malignant actions on host
    ※ Collection of about 15,000 malignant codes a day
  • Development of systems for automated collection of scenario-based malignant binary and action information
  • Development of real-time mass collection system for the latest malignant binary
    ※ Collection of about 15,000 malignant codes a day
  • Construction of collection environment based on real machine to respond to intelligent malignant code's diversion of analysis environment

Study of insider cyber threat defense measures

Overview of research project

Title : Study of insider cyber threat defense measures (confidential)
Consigned by : Korea Army Headquarters, Information Planning Office
Leading Institute : KAIST
Research period : 2016.05~2016.11

Research content

  • Definition of cyber threats that may occur in an organization and its scope
  • Identification of each institution's information protection policies and systems
  • Benchmarking other institutions' internal cyber threat response systems to suggest defense system design and construction measures and policy directions
  • Definition of cyber threat scenarios and designing prediction systems based on the collection data of information protection systems and information systems
  • Insider cyber threat prediction and defense systems based on big data analysis and AI (artificial intelligence)

Study optimization and advancement of cyber defense systems against intelligent cyber attacks

Overview of research project

Title : Study of optimization and advancement of cyber defense systems against intelligent cyber attacks (confidential)
Consigned by : Korean Army Headquarters
Leading Institute : KAIST
Research period : 2016.09~2016.12

Research content

  • Study of security threats based on case analysis of intelligent cyber attacks (local/international)
  • Study of standard information protection system operating model based on ISMS/ISOIEC27001
  • Analysis of new-generation information protection system trends and suggestion of policy/technical directions
  • Study of optimization and advancement of cyber defense systems and suggestion of directions

R&D of cyber threat collection system

Overview of research project

Title : Development of cyber threat information collection system (confidential)
Consigned by : Agency for Defense Development
Leading Institute : KAIST
Research period : 2016.11~2017.12

Research content

  • Study of cyber threat information collection techniques based on real browser
  • - Active client Honeypot by controlling real browser

    - Dynamic webpage connection and information collection based on human interaction event handler

    - User disguise technology based on anonymous network

  • Development of action information collection based on real sandbox for the analysis of intelligent malignant codes
  • - Action collection sandbox platform based on DBI tools

    - Delayed malignant code control and action insertion technology API, Memory, Network, File, Registry, Process information collection technology based on human interaction event handler

  • Development of reverse tracking Honeypot technology based on real sandbox
  • - API, Memory, Network, File, Registry, Process information collection technology

    - Remote place resource information collection technology based on reverse tracking Honeypot

Major accomplishments

2017

Development of automated reverse engineering and weakness detection technology through binary code analysis

Developing ARM Instruction analysis tool
2nd year's projects in progress

Cyber target attack recognition and tracking technology based on multi-source data long-term history analysis

Final reports submitted and joint studies completed
S/W registered:
- Scenario-based binary action collection system
- Malignant code classification and collection system based on Web crawling

R&D of cyber threat collection systems

Projects in progress
2016

Development of automated reverse engineering and weakness detection technology through binary code analysis

1st year's projects completed
- Development of X86 Instruction disassembler and parser
- Patented cross reverse assembly system and the method of reverse assembly
- Patented the middle language conversion tool and method

Cyber target attack recognition and tracking technology based on multi-source data long-term history analysis

Mass collection of malignant binary sample and collection and analysis of host action information
Demonstration of host action information collection systems

Study of insider cyber threat defense measures

Final findings presented and reports published
Presentation at the 18th Army Informatization Development Seminar
- Effective security control of information assets
Presentation at the ISEC2016 workshop
- Strengthening insider cyber threat defense measures
Research initiation report

Study of optimization and advancement of cyber defense systems against intelligent cyber attacks

Final findings presented and reports published
Research initiation report

R&D of cyber threat collection systems

Research contracts signed
Patent pending for DBD detection system based on abnormal action detection
2015

Cyber target attack recognition and tracking technology based on multi-source data long-term history analysis

R&D of crawling systems for collecting the latest reliable malignant binaries
- Malignant binaries collected : 137,331 (Zero-day ratio: 96%)
R&D on scenario-type automated host action information collection systems
2014

Cyber target attack recognition and tracking technology based on multi-source data long-term history analysis

Verified detection performance and features of collectors and analyzers
Tested and verified host-based malignant action information collectors
2013

Cyber target attack recognition and tracking technology based on multi-source data long-term history analysis

Definition and extraction of system features
Definition of static/dynamic analysis-based features for each malignant code
Definition of special features to detect the host's malignant actions
- 7 categories, 39 events