1. System vulnerability detection

Research Objectives

Technology research for analysis and detection of potential security vulnerabilities in IoT to secure ICT safety in the hyper-connected era

Preemptive security control and threat response solutions to verify and secure the reliability and stability of ICT

Research on potential bugs and vulnerabilities analysis technology for Linux systems and software to ensure system safety and reliability

Research on error analysis and hacking risk verification technology based on abnormal information (crash dumps, vulnerabilities, etc.)

Research Topics

IoT device firmware vulnerability collection and building threat intelligence

IoT firmware analysis of format and structural topology

IoT firmware vulnerability analysis to extract threat factors

Tools for IoT firmware vulnerability detection based on AI

 

 

 

 

 

 

 

 

 

Research Topics

Linux vulnerabilities

• Development of bug and crash dump collection and error analysis technology for Linux systems
• Research on exploitability detection and risk factor extraction through in-depth analysis of crash dumps
• Construction of abnormal information collection and exploit database for Linux system vulnerability verification
• Research on similarity and matching technology of publicly available abnormal information for Linux system error analysis and hacking risk verification

 

Achievements

2024	[Conference] Comparison method of DNN binary similarity analysis based on variables(KCC 2024) [Patent Registration] SYSTEM FOR CALCULATING AND MATCHING SIUMILARITY BETWEEN PUBLIC ERROR INFORMATION AND CORE DUMP AND METHOD OF OPERATING THE SAME [Patent Application] AUTOMATED SYSTEM FOR SYSTEM ERROR ANALYSIS AND HACKING RISK VERIFICATION AND OPERATING METHOD OF THE SAME
2023	[Conference] Researching vulnerability detection methods based on similarity analysis through firmware structure analysis(CISC-W 2023) [Patent Registration] INFORMATION COLLECTION SYSTEM FOR LINUX VULNERABILITY IDENTIFICATION AND OPERATING METHOD OF THE SAME [Patent Application] DEBUGGING SYSTEM AND METHOD WITH IMPROVED EXPLOITABILITY DETECTION PERFORMANCE THROUGH BINARY ANALYSIS [Patent Application] SYSTEM FOR CALCULATING AND MATCHING SIUMILARITY BETWEEN PUBLIC ERROR INFORMATION AND CORE DUMP AND METHOD OF OPERATING THE SAME [Conference] Information Formalization and Information Collection Architecture Design for Linux Vulnerability Identification(KCC 2023)
2022	[Research Grant] Development of anomaly detection and blocking technology through threat hunting-based IoT/network vulnerability analysis(ICMTC, 2022.06~2025.05) [Conference] Matching Method of Crash Dump and Public Information for Cause Analysis of Crash in Linux(KSC 2022) [Patent Application] LINUX VULNERABILITY INFORMATION MATCHING STANDARDIZATION SYSTEM BASED ON PUBLIC INFORMATION COLLECTION AND OPERATING METHOD OF THE SYSTEM [Research Grant] Development of anomaly detection and blocking technology through threat hunting-based IoT/network vulnerability analysis(ICMTC, 2022.06~2025.05)
2021	[Research Grant] Automated Analysis of System Error and Assessment of Penetration Risk in Linux-based Systems (Institute of Civil-Military Technology Cooperation , 2021.08. ~2024.12.)

 

 

2. Malware analysis

Research Objectives

Providing high-level systematic automated analysis for efficient information

Technical superiority through research on malicious code-based technologies that can be used in various fields

Development of effective countermeasure to respond to intelligent and sophisticated malware based on social engineering attacks

Analysis and detection systems for malicious document rapidly increasing due to telecommuting and increased network connectivity

Research Topics

Research on exploit code extraction

Signature-based malware detection engine for known document type attacks

Machine learning-based malware detection engine for unknown document type attacks

Development of threat detection based on self-evolving machine learning

 

 

Achievements

2024	[Training] Conducting training on document-type malware analysis and detection using artificial intelligence(ISEC 2024) [Training] Conducting training on document-type malware analysis(Defense Counterintelligence Command 2024.10) [Training] Conducting training on document-type malware analysis(Quadminers 2024.07)
2023	[Paper] Signature Generation to Detect HWP Malware Based on Threat Factors and Attack Patterns(Journal of KIISE 2023) [Conference] Enhanced Analysis of PDF Malware based on XAI Model Interpretation(KCC 2023) [Patent Registration] XAI-BASED MODEL GENERATION TOOL FOR DETECTING MALWARE IN PDF FILES [Patent Registration] XAI-BASED MODEL GENERATION TOOL FOR DETECTING MALWARE IN HWP FILES [Technology Transfer] Docscanner/Method for structural analysis and learning data generation for detecting malicious code from PDF files and system for performing the same [Service Open] Docscanner ( http://docscanner.securitylab.kr )
2022	[Conference] Generating of Optimal Common Detection Signature for MS-OFFICE Malware Detection(KSC 2022) [Conference] Learning Data augmentation Method for Effective Detection of HWP Malware(KSC 2022) [Conference] Method for deriving optimal Common Detection Signature for MS-OFFICE Malware Detection(KSC 2022) [Conference] Format Analysis and Threat Factor Extraction for Effective Analysis and Detection of Macro-Enabled MS-Word Malware(KSC 2022) [Excellent Paper] Method to Generate Signature for HWP Malware Detection Based on Threat Factors(KSC 2022) [Patent Registration] METHOD FOR AUGMENTING LEARNING DATA FOR CYRBER THREAT DETECTION METHOD AND SYSTEM USING THE SAME [Patent Registration] METHOD FOR DETECTING MALWARE FROM PDF FILES AND SYSTEM FOR PERFORMING THE SAME [Patent Registration] METHOD FOR GENERATING TRAINING DATA USING MALWARE CODE DETECTION RESULT INCLUDED IN HWP DOCUMENTS AND SYSTEM FOR PERFORMING THE SAME [Patent Registration] MS WORD DOCUMENT TYPE MALICIOUS CODE ANALYSIS AND LEARNING DATA GENERATION METHOD AND SYSTEM FOR PERFORMING THE SAME
2021	[Conference] HWP malware threat factor extraction and analysis research (KSC 2021) [Conference] Efficient preprocessing architecture design for PDF document type malware detection(KSC 2021) [Conference] HWP format vulnerability analysis for malicious document detection (KCC 2021) [Research Grant] ‘A study on the technology to identify the Encoding/decoding function of the Malware' (National Security Research Institute, 2021.04~2021.10)
2020	[Research Grant] “Object-code-to-Source-code Verification for Source Code Traceability” (Apr 2020~Oct 2020 / commissioned by: National Security Research Institute) [Research Grant] “A Study on the Inference Technology of Malware Communication Message Format” (Apr 2020~Oct 2020 / commissioned by: National Security Research Institute)

 

 

3. Threat model analysis

Research Objectives

MITRE ATT&CK-based attack scenario research and technical analysis

Threat scenario research for network anomaly/normal activity traffic generation and collection technology

Scenario-based single attack act and act collection environmental technology research

Scenario-based NDR/EDR level malicious activity collection environment

Research on composite attack technology that combines single attacks and attack scenario research

Research Topics

Development and research of MITRE ATT&CK-based unit attack scenarios

• Study of possible scenarios for attacking My Network based on MITRE ATT&CK attack stage (Tactic)
  • Reconnaissance attack stage Cyber attack simulation scenario design and attack code development
  • Navigation attack stage cyber attack simulation scenario design and attack code development
  • Design and research of applied attack scenarios based on reconnaissance and navigation attacks
  • Development of simulated attack modules (malicious scripts, vulnerability DB, open source, etc.) for asset identification and exploration

 

 

 

• MITRE ATT&CK-based single/combined attack scenario design and attack code development
  • Collection of known vulnerability information and analysis of related applications
  • Attack generation using programmatic-based attack options and pattern changes (high quality, large volume)
  • Research and development of learning dataset for threat detection AI/XAI research
  • Development and performance evaluation/verification of threat detection solutions (NDR/EDR)

Achievements

2025	[Conference] Study on Efficient Network Packet Data Collection Method Based on Real Environment for Generating Cyber Threat Attack Learning Data (KCC 2025, 2025.07) [Conference] Performance Analysis Flow-Based and Payload-Based Models for Malicious Network Detection and Proposal of Hybrid Model(KCC 2025, 2025.07) [Paper] Survey on Natural Language Processing-based MaliciousNetwork Detection Models and XAI Applications (Journal of KIISE, 2025.05) [Patent Application] Method for Detecting Malicious Patterns in Network Data Using Hybrid Artificial Intelligence Model and System for Performing the Same
2024	T9 Project Attacks and data disclosure in the first and second half of the year (automatic attack generation framework based on threat scenarios and collection environments) [Patent Application] Attack System Based on Attack Sequence for Test Target on Network and Operation Method of the Same [Patent Application] Method for Generating DDoS Training Data for Developing Artificial Intelligence Model and System for Performing the Same [SW Registration] Bulk attack generation tool through association between multiple attacks [SW Registration] Command generator for creating different remote code execution attack patterns
2023	[Conference] December, Pattern change attack framework design for mass volume of high-quality attack traffic(CISC-W 2023) [Patent Application] C-ITS MASS ATTACK TRAFFIC GENERATION SYSTEM AND OPERATING METHOD OF THE SAME BY CHANGING RANDOM SCHEDULING OPTIONS(2023.10) [Patent Application] TEST SYSTEM INCLUDING MULTIPLE CLIENTS RANDOMLY GENERATING ATTACK TRAFFIC OF LTE-M STANDARD AND OPERATING METHOD OF THE SAME(2023.10) [Patent Application] MASS ATTACK TRAFFIC GENERATION SYSTEM FOR TEST TARGETS ON NETWORK AND OPERATING METHOD OF THE SAME(2023.10)

 

 

 

4. Function/Performance Analysis

Research Objectives

Building an optimal test environment for software function and performance testing

Collecting and researching of test case scenarios according to test environments and situations

Establish evaluation methods to increase the technical value of domestic and international solutions

Develop and research test tools for software functional and performance testing

 

 

 

Achievements

2025	[Speech] PC and Mobile Antivirus Features and Performance Evaluation(SECON & eGISEC 2025, 2025.03) [Post] Conducting a study to evaluate the ransomware detection performance of antiviruses (blog, 2025.01) [Speech] A study to quantitatively evaluate global mobile antivirus and compare effectiveness (ICOIN2025, 2025.01)
2024	[Paper] A Study to Establish the Evaluation Criteria for Mobile Anti-Virus Performance Test, (Journal/Korean Information Protection Society, 2024.10) [KCC Excellence Award] Design a Reliable Mobile Antivirus Evaluation Framework (KCC 2024, 2024.06) [Speech] Analyze the Functionality & Performance of Antivirus Mobile&PC (SECON & eGISEC 2024, 2024.03) [Conference] Real-World Antivirus Evaluation Methodology: Applying Modern Criteria for Assessing Antivirus Functionality(ICOIN 2024, 2024.01)
2023	[Paper] A Study to Establish the Evaluation Criteria for Anti-Virus Performance Test, (Journal/Korean Information Protection Society, 2023.10) [Speech] De-identification(pseudonymization) Security Solutions Comparative Analysis (PISFAIR 2023, 2023.06) [Speech] Evaluation of Anti-Virus Features and Performance (SECON & eGISEC 2023, 2023.03) [Evaluation] Evaluation of white box testing automation tools(2023.01)
2022	[Speech] Evaluation of SCA (Software Composition Analysis) Tools(ISEC 2022, 2022.10) [Paper] Development and Application of Efficient Evaluation Criteria for Performance Testing of Commercial Open Source Vulnerability Scanning Tool (Journal/Korean Information Protection Society, 2022.08)