Software Security

1. Binary analysis

Research Objectives

Ensure safe use and development of domestic ICT services via application of state-of-the-art software security technologies

Develop foundational techniques for software vulnerability detection and analysis to prevent cyber attacks

Develop vulnerability analysis methodologies for assessing security in next generation software / platform (artificial intelligence, cloud, and blockchain)

Research Topics

Software safety analysis through reverse-engineering binaries

  • Automated binary code analysis through survey on various tools
  • Development of binary analysis tools that applies to multiple architectures (Intel, ARM, MIPS, etc.)
  • Automatic restoration of semantics and abstracted information in binary codes


Fuzzing-based software analysis research

  • Vulnerability analysis through proper use and application of the latest fuzzing techniques
  • Improved fuzzing through software engineering and mathematical modeling

S/W & System Vulnerability Analysis

Expected Outcomes

Safe and trusted operation of domestic ICT services through research and development in software security

Lay the foundations for the advancement of national ICT services via next-gen software and platform security research

Develop and implement effective countermeasures against cyber attacks on domestic institutions through vulnerability analysis and detection


  • Patent application: Ethereum Virtual Machine bytecode analysis method and EVM bytecode analysis tool

  • Software registration: EVM bytecode analyzer

  • Optimize binary analysis platform (B2R2)
  • Patent registration: Method and apparatus for testing intermediate language for binary analysis

  • Published journal article on classification and integration of fuzzing techniques by using universal fuzzer model
  • Published an international workshop paper on next generation binary analysis platform
  • Open-sourced binary analysis platform (B2R2)
  • Published journal article on isolation-based kernel protection methods
  • Published an international conference paper on testing intermediate representations for binary analysis
  • Trend survey report on instrumentation techniques in the field of system security
  • Software registration of K-fuzzer, an error-generating tool based on input-conversion method


2. Web vulnerability detection

Research Objectives

A Study on cybercrime Detection Technology Based on Intelligent Web Crawlers

Develop foundational technologies to respond to intelligent malware threats which are used as a major tool for cyber attacks

Building a safe web environment via providing information on malicious web pages and malicious code distribution

Comprehensive prediction of web threats via analyzing abnormal web pages and malicious codes

Personal information infringement detection through dynamic web tracking analysis

Research Topics

System and techniques for detecting malicious web pages

  • Analysis of MDN through development of SIMon (Suspicious Information Monitoring system in website)
  • Target: Real-time monitoring of more than 420,000 websites
  • Method: Dynamic behavior analysis on malicious web pages based on script emulation
  • Result: Publication of malware trend report based on SIMon’s analysis results
  • Stepwise improvement in SIMon detection methodologies sufficient to counter advanced attack strategies
    • SIMon V2: Automatic analysis of malware distribution vulnerability, flash vulnerability detection technology
    • SIMon V3: Human web crawler based concealed malware distribution website detection
      ※ Real-time monitoring of nearly 2.1 million domestic and international websites (Diversifying detection conditions through grouping by country and sector)
    • SIMon V4 : Machine learning-based signature detection and DGA-based malicious domain detection
      Correlation analysis between various pages using parallelized and sandboxed crawling

System and techniques for detecting online privacy infringement

  • Classification and definition of private data collection
    • Collection and analysis of cookies, cache, web beacon, super/tracking/flash cookies
    • Detection of access to location (GPS) and sensor (gyro and accelerometer) information
    • Detection of unencrypted personal information transmitted through the network
    • Analysis of canvas fingerprinting and cross-browser tracking
  • Web-based detection of private data collection
    • Classification and definition of detection patterns based on private data collection technologies
    • Extraction of web browser’s dynamic events (timeline, network, and page)
    • Design and implementation of automated crawling system for dynamic online web tracking analysis




Research on Detection and Tracking of Illegal Gambling and Affiliate Marketing Websites

  • Collection and Analysis of Illegal website URLs based on Intelligent Web Crawler
  • Construction of Training Dataset based on Gambling Website Analysis and Heterogenous Content Feature Extraction
  • Machine Learning and Deep Learning-based Illegal Gambling websites Classification by Keywords Learning
  • Trend Analysis on Illegal Gambling websites based on Explainable AI (XAI)



Expected Outcomes

Create a secure cyber world via reliable tracking and detection of cybercrime

Supporting Crime Investigation through Proactive Detection and Trend Analysis of Illegal websites

Promote industry-academic cooperation through industrialization of research technology and technology transfer

Contribute to strengthening national cybersecurity through development of public information service

Ensure web safety and privacy through detecting illicit collection of private information


  • Development of discovery, collection and tracking system for illegal sports betting and advertising websites
  • (Supreme Prosecutors' Office) Research on: Standardized legal evidence collection methods for publicly obtainable cyber information
  • Research on: Discovery, collection and tracking of illegal sports betting and advertising websites
  • (Supreme Prosecutors' Office) Research on: Domain tracking technology for cyber crime investigation
  • Technology transfer of “Suspicious Information Monitoring system in website (SIMon)” to private enterprises (3 cases)
  • Software registration: Real-time monitoring of malicious DBD behavior and web page binaries
  • Software registration: Browser-dependent exploit detection system
  • Research on: Web crawler-based classification and detection of malicious websites
  • Research on: Structural attack vector analysis of commodity web-browsers
  • Software registration: Abnormal behavior monitoring-based DBD detection system
  • [SIMonV3.0] Real-world based discovery and detection of malware distribution websites
  • Research on: Classification of malicious binaries through analysis of WorkingSet Memory
  • Research on: Extraction of unique API pattern from malicious binaries using DynamoRio
  • Research on: Real-world web-browser based malware detection
  • Research on: Automated UI malware analysis based on human interaction event handler (HIEH)
  • Opened SecureSurf( in February 2015
  • Patent registration: SIMon (Registration No.: 10-1481910)
  • [SIMonV2.0] Automated analysis on vulnerability in software distribution (CVE classification)
  • Technology transfer of “SIMon (Suspicious Information Monitoring system in website)” to government and private entities
  • Published the KAIST weekly malware trend analysis report (for major government agencies and private companies)
  • Software registration: Suspicious Information Monitoring system in website (SIMon)
  • [SIMonV1.0] Developed Suspicious Information Monitoring system in website (SIMon)
    (Real-time monitoring and detection of malicious code distribution on 420,000 different websites in Korea)


3. IoT vulnerability detection

Research Objectives

Technology research for analysis and detection of potential security vulnerabilities in IoT to secure ICT safety in the hyper-connected era

Research Topics

IoT device firmware vulnerability collection and building threat intelligence

IoT firmware analysis of format and structural topology

IoT firmware vulnerability analysis to extract threat factors

Tools for IoT firmware vulnerability detection based on AI

Expected Outcomes

security and stability guarantee by preventing security accidents in advance through automatic detection of wired/wireless networks and unauthorized devices

security and stability enhancement by preventing large-scale security accidents in advance through automatic detection of unauthorized devices or security threat factors












4. Malware analysis

Research Objectives

Malware automatic analysis system

  • Research on automated malware analysis system for efficient analysis
  • Providing high-level systematic analysis information through automated analysis
  • Complementing the limitations of existing dynamic/static analysis


IR(Intermediate representation) based binary similarity analysis

  • Research on fundamental techniques that can be used in various research areas
  • Technical superiority by developing state-of-the-art code similarity analysis technology

Document type malware analysis

  • A study on the analysis and detection system for document type malwares that are rapidly spreading due to the increase in telecommuting and network connections

Research Topics

Research on exploit code extraction

Signature-based malware detection engine for known document type attacks

Machine learning-based malware detection engine for unknown document type attacks

Development of threat detection based on self-evolving machine learning



S/W & System Vulnerability Analysis

Expected Outcomes

Providing high-level automated analysis information irrelevant to analyst capability

Easy to identify new malicious code trends

Develop the foundation technology for various research fields such as malicious code and vulnerability detection/analysis

Preemptive detection of cyber risks such as malicious code infection of internal network and leakage of important information


  • Research grant ‘A study on the technology to identify the Encoding/decoding function of the Malware' (National Security Research Institute, 2021.04~2021.10)
  • Research project “Object-code-to-Source-code Verification for Source Code Traceability” (Apr 2020~Oct 2020 / commissioned by: National Security Research Institute)
  • Research project “A Study on the Inference Technology of Malware Communication Message Format” (Apr 2020~Oct 2020 / commissioned by: National Security Research Institute)