Dae-won Kim

Bio: Dae-won Kim is an academic researcher from Electronics and Telecommunications Research Institute. The author has contributed to research in topics: Virtual desktop & Virtual machine. The author has an hindex of 12, co-authored 93 publications receiving 962 citations.

Method and apparatus for malware detection

Abstract: The present invention relates to an apparatus and method for detecting malware. The malware detection apparatus and method of the present invention determines whether a file is malware or not by analyzing the header of an executable file. Since the malware detection apparatus and method can quickly detect presence of malware, it can shorten detection time considerably. The malware detection apparatus and method can also detect even unknown malware as well as known malware to thereby estimate and determine presence of malware. Therefore, it is possible to cope with malware in advance, protect a system with a program, and increase security level remarkably.

Apparatus and method for detecting network attack

Abstract: There are provided a network attack detection apparatus and method capable of determining even unknown network attack, the apparatus connected between two networks or connected by port mirroring of an Ethernet switch to real-time monitor all packets flowing through the networks. The apparatus decodes a payload portion of an inputted network packet into a machine code instruction, determines whether an executable code is included in the decoded machine code by analyzing relationship between instructions, and determines whether the packet is harmful based on statistics with respect to a possibility that an executable code exists in a service and a certain transaction of the service when the executable code is included.

Method and architecture for virtual desktop service

Abstract: The present invention relates to a method and an architecture capable of efficiently providing a virtual desktop service. The service architecture for the virtual desktop service includes a connection broker for performing the management of virtual machines, a server monitoring function, and a protocol coordination function. A resource pool is configured to manage software resources that are transferred to a specific virtual machine in a streaming form at a predetermined time and that are executed on the specific virtual machine and to provide provision information about the managed software resources at the request of the connection broker, in order to provide an on-demand virtual desktop service. A virtual machine infrastructure is configured to support hardware resources, generate virtual machines in which the software of the user terminal is operated, and provide the virtual machines as virtual desktops.

Apparatus and method for virtual desktop service

Abstract: Disclosed herein are a method and architecture capable of efficiently providing virtual desktop service. A service architecture for virtual desktop service according to the present invention includes a connection broker configured to perform authentication, manage virtual machines, and perform a server monitoring and protocol coordination function, a resource pool configured to manage software resources that are delivered to a specific virtual machine in a streaming form on a specific time in order to provide on-demand virtual desktop service and are executed on the specific virtual machine and to provide provision information about the managed software resources in response to a request from the connection broker, and a virtual machine infrastructure configured to support hardware resources, generate virtual machines in which the software of a user terminal is executed, and provide the generated virtual machine as virtual desktops.

Oxide-silicon-oxide buffer structure for ultralow temperature polycrystalline silicon thin-film transistor on plastic substrate

Abstract: A novel oxide-silicon-oxide buffer structure to prevent damage to a plastic substrate in an ultralow temperature (<120/spl deg/C) polycrystalline silicon thin-film transistor (ULTPS TFT) process is presented. Specifically, an amorphous silicon film was inserted as an absorption layer into buffer oxide films. The maximum endurable laser energy was increased from 200 to 800 mJ/cm/sup 2/. The fabricated ULTPS nMOS TFT showed a performance with mobility of 30 cm/sup 2//Vs.

Crystallinity of inorganic films grown by atomic layer deposition: Overview and general trends

Abstract: Atomic layer deposition (ALD) is gaining attention as a thin film deposition method, uniquely suitable for depositing uniform and conformal films on complex three-dimensional topographies. The deposition of a film of a given material by ALD relies on the successive, separated, and self-terminating gas–solid reactions of typically two gaseous reactants. Hundreds of ALD chemistries have been found for depositing a variety of materials during the past decades, mostly for inorganic materials but lately also for organic and inorganic–organic hybrid compounds. One factor that often dictates the properties of ALD films in actual applications is the crystallinity of the grown film: Is the material amorphous or, if it is crystalline, which phase(s) is (are) present. In this thematic review, we first describe the basics of ALD, summarize the two-reactant ALD processes to grow inorganic materials developed to-date, updating the information of an earlier review on ALD [R. L. Puurunen, J. Appl. Phys. 97, 121301 (2005)], and give an overview of the status of processing ternary compounds by ALD. We then proceed to analyze the published experimental data for information on the crystallinity and phase of inorganic materials deposited by ALD from different reactants at different temperatures. The data are collected for films in their as-deposited state and tabulated for easy reference. Case studies are presented to illustrate the effect of different process parameters on crystallinity for representative materials: aluminium oxide, zirconium oxide, zinc oxide, titanium nitride, zinc zulfide, and ruthenium. Finally, we discuss the general trends in the development of film crystallinity as function of ALD process parameters. The authors hope that this review will help newcomers to ALD to familiarize themselves with the complex world of crystalline ALD films and, at the same time, serve for the expert as a handbook-type reference source on ALD processes and film crystallinity.

System and method for distributed denial of service identification and prevention

Abstract: Systems and methods for discovery and classification of denial of service attacks in a distributed computing system may employ local agents on nodes thereof to detect resource-related events. An information later agent may determine if events indicate attacks, perform clustering analysis to determine if they represent known or unknown attack patterns, classify the attacks, and initiate appropriate responses to prevent and/or mitigate the attack, including sending warnings and/or modifying resource pool(s). The information layer agent may consult a knowledge base comprising information associated with known attack patterns, including state-action mappings. An attack tree model and an overlay network (over which detection and/or response messages may be sent) may be constructed for the distributed system. They may be dynamically modified in response to changes in system configuration, state, and/or workload. Reinforcement learning may be applied to the tuning of attack detection and classification techniques and to the identification of appropriate responses.

Electronic message analysis for malware detection

Abstract: An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.

Network-Based Binary File Extraction and Analysis for Malware Detection

Abstract: A system and method are disclosed for network-based file analysis for malware detection. Network content is received from a network tap. A binary packet is identified in the network content. A binary file, including the binary packet, is extracted from the network content. It is determined whether the extracted binary file is detected to be malware.

Network security system having a device profiler communicatively coupled to a traffic monitor

Abstract: A system and method for providing distributed security of a network. Several device profilers are placed at different locations of a network to assess vulnerabilities from different perspectives. The device profiler identifies the hosts on the network, and characteristics such as operating system and applications running on the hosts. The device profiler traverses a vulnerability tree having nodes representative of characteristics of the hosts, each node having an associated set of potential vulnerabilities. Verification rules can verify the potential vulnerabilities. A centralized correlation server, at a centrally accessible location in the network, stores the determined vulnerabilities of the network and associates the determined vulnerabilities with attack signatures. Traffic monitors access the attack signatures and monitor network traffic for attacks against the determined vulnerabilities.