Patents by Inventor Jeong Hyun Yi

Jeong Hyun Yi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11019099
    Abstract: Provided is a method of application malware detection based on dynamic Application Programming Interface (API) extraction, and a readable medium and an apparatus for performing the same. The method of application malware detection based on dynamic API extraction includes generating an API classifier which classifies an input API as malicious or benign using API used in a sample application classified as malicious application apps or benign application apps, and inputting a pre-stored target API into the API classifier to classify the target API as malicious or benign.
    Type: Grant
    Filed: July 18, 2019
    Date of Patent: May 25, 2021
    Assignee: Foundation of Soongsil University-Industry Cooperation
    Inventors: Jeong Hyun Yi, Kichang Kim
  • Publication number: 20210141875
    Abstract: A device for automatically identifying anti-analysis techniques by using the signature extraction, includes an extraction unit which extracts a DEX file and an ELF file from an application file after unpacking the application file, which is in an APK format and includes compressed execution code to be executed on Android, a detection unit which receives the acquired signature classified according to types of the signature, analytically compares the input signature with the signature stored in a database, and detects the signature used in anti-analysis techniques, and a determination unit which determines according to the detected signature what anti-analysis technique is applied to the application. According to the present invention, it is possible to enable an appropriate and quick response to damages due to malicious applications by shortening the time required for analysis and automatically recognizing the application to which the anti-analysis technique is applied.
    Type: Application
    Filed: November 26, 2018
    Publication date: May 13, 2021
    Applicant: FOUNDATION OF SOONGSIL UNIVERSITY-INDUSTRY COOPERATION
    Inventors: Jeong Hyun YI, Min Koo KANG
  • Publication number: 20210056182
    Abstract: Provided is a method for bypassing an analysis evasion technique, which includes: loading a dummy DEX file; parsing a dummy method containing a dummy code from the dummy DEX file; a bypass point identifying step of determining whether a function to be currently called is a bypass target function to which the analysis evasion technique is applied; a branch target point changing step of changing information according to the determination result so that the dummy code is executed instead of the call target function; and a dummy code executing step of transmitting the dummy code to a framework of the application, so that a modulated framework is executed with a bypass code.
    Type: Application
    Filed: August 18, 2020
    Publication date: February 25, 2021
    Inventors: Jeong Hyun Yi, Sunjun Lee
  • Patent number: 10878086
    Abstract: A dynamic code extraction-based automatic anti-analysis evasion and code logic analysis apparatus, includes: a recognition module that extracts a DEX file and a SO file by unpacking an execution code of an application and recognizes an analysis avoidance technique by comparing a signature which is included in the extracted DEX file and SO file; a instrumentation module that extracts a code to be analyzed from a byte code configuring the DEX file and a native code configuring the SO file, compares the extracted code with the data stored in a database, and outputs a code excluding an anti-analysis technique as a log file; and a deobfuscation module that deobfuscates an obfuscated code which is included in the APK on the basis of the output log file and generates an APK file in which an obfuscation technique is released on the basis of the deobfuscated code.
    Type: Grant
    Filed: November 22, 2018
    Date of Patent: December 29, 2020
    Assignee: Foundation of Soongsil University-Industry Cooperation
    Inventors: Jeong Hyun Yi, Jongsu Lim, Sun Jun Lee, Yong Gu Shin, Kyu Ho Kim
  • Publication number: 20200342113
    Abstract: Provided is a method of application security vulnerability evaluation based on tree boosting and a readable medium and an apparatus for performing the same. The method of application security vulnerability evaluation based on tree boosting includes the step of generating an API classifier which classifies an input API as benign or malicious using a tree boosting-based algorithm, the step of calculating security vulnerability score of API using the API classifier, and the step of classifying a target application as a malicious application or a benign application according to the security vulnerability score of API used in the target application.
    Type: Application
    Filed: July 31, 2019
    Publication date: October 29, 2020
    Inventors: Jeong Hyun YI, Kichang KIM
  • Publication number: 20200344261
    Abstract: Provided is a method of application malware detection based on dynamic Application Programming Interface (API) extraction, and a readable medium and an apparatus for performing the same. The method of application malware detection based on dynamic API extraction includes generating an API classifier which classifies an input API as malicious or benign using API used in a sample application classified as malicious application apps or benign application apps, and inputting a pre-stored target API into the API classifier to classify the target API as malicious or benign.
    Type: Application
    Filed: July 18, 2019
    Publication date: October 29, 2020
    Inventors: Jeong Hyun Yi, Kichang Kim
  • Patent number: 10796005
    Abstract: Provided is a method of application security vulnerability evaluation based on tree boosting and a readable medium and an apparatus for performing the same. The method of application security vulnerability evaluation based on tree boosting includes the step of generating an API classifier which classifies an input API as benign or malicious using a tree boosting-based algorithm, the step of calculating security vulnerability score of API using the API classifier, and the step of classifying a target application as a malicious application or a benign application according to the security vulnerability score of API used in the target application.
    Type: Grant
    Filed: July 31, 2019
    Date of Patent: October 6, 2020
    Assignee: Foundation of Soongsil University-Industry Cooperation
    Inventors: Jeong Hyun Yi, Kichang Kim
  • Publication number: 20200089873
    Abstract: A dynamic code extraction-based automatic anti-analysis evasion and code logic analysis apparatus, includes: a recognition module that extracts a DEX file and a SO file by unpacking an execution code of an application and recognizes an analysis avoidance technique by comparing a signature which is included in the extracted DEX file and SO file; a instrumentation module that extracts a code to be analyzed from a byte code configuring the DEX file and a native code configuring the SO file, compares the extracted code with the data stored in a database, and outputs a code excluding an anti-analysis technique as a log file; and a deobfuscation module that deobfuscates an obfuscated code which is included in the APK on the basis of the output log file and generates an APK file in which an obfuscation technique is released on the basis of the deobfuscated code.
    Type: Application
    Filed: November 22, 2018
    Publication date: March 19, 2020
    Applicant: Foundation of Soongsil University-Industry Cooperation
    Inventors: Jeong Hyun YI, Jongsu LIM, Sun Jun LEE, Yong Gu SHIN, Kyu Ho KIM
  • Publication number: 20180011997
    Abstract: An application code hiding apparatus includes a secret code dividing part, a secret code caller generating part, a code analyzing part, a dummy code generating part, a code encrypting part, a code disposing part, a code decryptor generating part, a disposed code importer generating part, a code loader generating part, a memory inner code modifier generating part and a decrypted code caller generating part.
    Type: Application
    Filed: July 11, 2017
    Publication date: January 11, 2018
    Applicants: Ksign Co., Ltd., Soongsil University Research Consortium Techno-Park
    Inventors: Jeong Hyun Yi, Tae-Yong Park, Yong-Jin Park, Sung-Eun Park
  • Publication number: 20170357787
    Abstract: An application code hiding apparatus includes a secret code dividing part, a secret code caller generating part, a code analyzing part, a dummy code generating part, a code encrypting part, a code disposing part, a code decryptor generating part, a loader generating part, a decrypted code caller generating part and an unloader generating part. The secret code dividing part divides an application code into a secret code and a normal code. The secret code caller generating part generates a secret code caller. The dummy code generating part generates a dummy code corresponding to the secret code. The code disposing part disposes the dummy code and the encrypted secret code and generates position information thereof. The code decryptor generating part generates a code decryptor. The loader generating part generates a loader. The decrypted code caller generating part generates a decrypted code caller. The unloader generating part generates an unloader.
    Type: Application
    Filed: June 6, 2017
    Publication date: December 14, 2017
    Applicants: Ksign Co., Ltd., Soongsil University Research Consortium Techno-Par k
    Inventors: Jeong Hyun Yi, Yong-Jin Park, Tae-Yong Park, Sung-Eun Park
  • Publication number: 20170257219
    Abstract: An application code obfuscating apparatus includes a secret code divider, a secret code caller, a code converter and an obfuscating part. The secret code divider is configured to divide an application code having a first type into a secret code and a normal code. The secret code caller generating part is configured to generate a secret code caller to call the secret code. The code converter is configured to convert the secret code having the first type to a second type. The obfuscating part is configured to generate a first table and a second table. The first table includes an obfuscated signature of the secret code and a first random vector. The second table includes an offset of the secret code which corresponds to the obfuscated signature of the secret code and a second random vector which is liked with the first random vector.
    Type: Application
    Filed: June 16, 2016
    Publication date: September 7, 2017
    Applicants: Ksign Co., Ltd., Soongsil University Research Consortium Techno-Park
    Inventors: Jeong-Hyun Yi, Yong-Jin Park, Sung-Eun Park
  • Patent number: 9734307
    Abstract: A user terminal includes a communication circuit, a certification circuit, an execution circuit, and a control circuit. The communication circuit receives a normal code of an application from an application providing server to install the application. The certification circuit receives a registration request message, which includes distinct information of a peripheral device, from the peripheral device storing a core code of the application, to certify the peripheral device, transmits a registration response message, which includes distinct information of the user terminal, to the peripheral device, and receives the core code of the application from the peripheral device. The execution circuit executes the application using the normal code and the core code. The control circuit restricts at least one of functions of the user terminal while the application is executed.
    Type: Grant
    Filed: March 6, 2015
    Date of Patent: August 15, 2017
    Assignee: Soongsil University Research Consortium Techno-Park
    Inventor: Jeong-Hyun Yi
  • Publication number: 20170147798
    Abstract: A mobile device and a method of operating a mobile device are disclosed. The mobile device includes a main processor executing a normal code of a mobile application program, a co-processor executing a core code of the mobile application program, and a co-processor driver enabling the main processor and the co-processor to communicate with each other. The normal code includes commands executable by the main processor, and the core code includes commands executable by the co-processor. Since the core code is separated from the mobile application program on a level lower than an operating system level when the mobile application program is installed on the mobile device and the core code is stored in a core code storage to which the main processor is not allowed to access directly, the core code is not exposed to an attacker, such that resistance to a reverse engineering attack is increased.
    Type: Application
    Filed: March 6, 2015
    Publication date: May 25, 2017
    Applicant: Soongsil University Research Consortium Techno-Park
    Inventors: Jeong-Hyun Yi, Yong-Jin Park
  • Publication number: 20170054693
    Abstract: The integrity verification system includes a client and an RCE server. The client requests an RCE service to the RCE server using a pointer of a return function as a parameter of a service call function and transmits a memory code of the return function to the RCE server when Reverse-RCE for obtaining the memory code of the return function is requested from the RCE server. The RCE server generates a first hash key of the transmitted memory code, compares the first hash key to a stored second hash key of the memory code of an original return function, generates a return value according to a compared result between the first hash key and the second hash key and transmits the generated return value to the client using the generated return value as a parameter of the service call function. The client executes the return function using the return value as a parameter of the return function.
    Type: Application
    Filed: July 8, 2016
    Publication date: February 23, 2017
    Applicants: Ksign Co., Ltd., Soongsil University Research Consortium Techno-Park
    Inventors: Jeong-Hyun Yi, Yong-Jin Park, Sun-Woo Shin
  • Publication number: 20170032110
    Abstract: A user terminal includes a communication circuit, a certification circuit, an execution circuit, and a control circuit. The communication circuit receives a normal code of an application from an application providing server to install the application. The certification circuit receives a registration request message, which includes distinct information of a peripheral device, from the peripheral device storing a core code of the application, to certify the peripheral device, transmits a registration response message, which includes distinct information of the user terminal, to the peripheral device, and receives the core code of the application from the peripheral device. The execution circuit executes the application using the normal code and the core code. The control circuit restricts at least one of functions of the user terminal while the application is executed.
    Type: Application
    Filed: March 6, 2015
    Publication date: February 2, 2017
    Applicant: Soongsil University Research Consortium Techno-Par
    Inventor: Jeong-Hyun Yi
  • Publication number: 20160371473
    Abstract: A code obfuscation device and a method of obfuscating a code of an application program file are disclosed. The code obfuscation device includes an extraction circuit uncompressing an application program file to extract a Dalvik executable file, a code analysis circuit analyzing a bytecode of the Dalvik executable file, a control circuit determining an obfuscation character and a number and a location of the obfuscation character to be inserted in the bytecode, and an identifier conversion circuit inserting the obfuscation character in the bytecode to convert an identifier of the bytecode. Since the identifier of the bytecode is converted using an obfuscation character, which corresponds to a character that is invisible on a screen or has a different Unicode from another character displayed on the screen as a same shape as the character, the application program file has an increased resistance to a reverse engineering attack.
    Type: Application
    Filed: March 6, 2015
    Publication date: December 22, 2016
    Applicant: Soongsil University Research Consortium Techno-Park
    Inventors: Jeong-Hyun Yi, Sung-Ryoung Kim, Geon-Bae Na, Yong-Jin Park
  • Publication number: 20160352522
    Abstract: A user terminal for detecting forgery of an application program based on signature information and a method of detecting forgery of an application program using the user terminal are disclosed. The user terminal includes a signature information extraction circuit, a communication circuit and a forgery determination circuit. When the application program is installed on the user terminal, the signature information extraction circuit extracts the signature information of the application program on a platform level. When the application program is executed, the communication circuit transmits information of the user terminal and the application program to an authentication server on the platform level to receive original signature information of the application program from the authentication server, or receives the original signature information from a peripheral device paired with the user terminal.
    Type: Application
    Filed: March 6, 2015
    Publication date: December 1, 2016
    Applicant: SOONGSIL UNIVERSITY RESEARCH CONSORTIUM TECHNO-PARK
    Inventors: Jeong-Hyun YI, Ji-Woong BANG, Tae-Joo CHO
  • Publication number: 20160330030
    Abstract: A user terminal for detecting forgery of an application program based on a hash value and a method of detecting forgery of an application program using the user terminal are disclosed. The user terminal includes a communication circuit, a hash value generation circuit and a forgery determination circuit. When the application program is executed, the communication circuit transmits information of the user terminal and the application program to an authentication server on a platform level to receive an original hash value of the application program from the authentication server, or to receive the original hash value from a peripheral device paired with the user terminal. The hash value generation circuit generates the hash value of the application program on the platform level.
    Type: Application
    Filed: March 6, 2015
    Publication date: November 10, 2016
    Applicant: Soongsil University Research Consortium Techno-Park
    Inventors: Jeong-Hyun Yi, Myeong-Ju Ji, Ji-Woong Bang, Tae-Joo Cho
  • Publication number: 20160275271
    Abstract: A user terminal includes a pairing circuit, a communication circuit, and a control circuit. The pairing circuit receives a normal code of an application from an application providing server in a process of downloading and installing the application from the application providing server, and performs a pairing operation with a peripheral device that stores a core code of the application received from the application providing server. The communication circuit, in a process of executing the application, transmits distinct information of the user terminal to the peripheral device to make the peripheral device encrypt the core code and decrypt the encrypted core code. The control circuit transmits an execution request message to the peripheral device, and receives an execution result of the core code from the peripheral device.
    Type: Application
    Filed: March 6, 2015
    Publication date: September 22, 2016
    Inventors: Jeong-Hyun Yi, Yongjin Park
  • Publication number: 20160239669
    Abstract: A user terminal includes a communication circuit, an encryption-decryption circuit, and an execution circuit. The communication circuit receives a core code file of an application from a peripheral device, which stores the core code file of the application, when certifying a core code of the application. The encryption-decryption circuit encrypts the core code file and transmits the encrypted core code file to the peripheral device, and, when executing the application, receives the encrypted core code file from the peripheral device and decrypts the encrypted core code file. The execution circuit executes the application using the decrypted core code file and a normal code file of the application stored in the user terminal. Since the normal code file is stored in the user terminal and the core code file is stored in the peripheral device, the core code of the application is protected from reverse engineering attacks.
    Type: Application
    Filed: March 6, 2015
    Publication date: August 18, 2016
    Applicant: Soongsil University Research Consortium Techno-Park
    Inventors: Jeong-Hyun Yi, Sung-Ryoung Kim