https://scholar.korea.ac.kr/handle/2021.sw.korea/2692 Fri, 10 Apr 2026 12:12:17 GMT 2026-04-10T12:12:17Z https://scholar.korea.ac.kr/handle/2021.sw.korea/270712 Title: BranchCloak: Mitigating Side-Channel Attacks on Directional Branch Predictors Authors: Kim, Jihoon; Jang, Hyerean; Shin, Youngjoo Abstract: The emerging threat of side-channel attacks targeting branch predictors on recent Intel processors has become a growing concern. These attacks rely on exploiting a pattern history table (PHT) as a source of side-channel information. Since the PHT is shared among logical cores, attackers can observe a state in the PHT entry that collides with the victim, enabling them to leak the control flow information of a victim process. Any state changes caused by the victim will reveal whether the victim's target branch has been taken or not. In this paper, we present BranchCloak, a novel software-based mitigation technique for PHT-based side-channel attacks. The main idea of BranchCloak is to obfuscate the PHT state by augmenting the victim's program with some r-branches near the target branch. The r-branch is a conditional branch instruction that has the following properties: (1) it collides with the target branch in the PHT, and (2) its branching decision is made uniformly at random. BranchCloak can successfully mitigate the attack without hardware modification of the vulnerable processors. By performing extensive experiments with practical applications, we show that the performance overhead of BranchCloak is negligible. Fri, 25 Apr 2025 00:00:00 GMT https://scholar.korea.ac.kr/handle/2021.sw.korea/270712 2025-04-25T00:00:00Z https://scholar.korea.ac.kr/handle/2021.sw.korea/270583 Title: Return to Dilemma: A Novel Block Withholding Attack on PoW-Based Blockchains Authors: Lee, Donghwan; Lee, Wonjun Abstract: Blockchain permeates nearly every facet of daily life, providing a crucial role in securely interweaving networked elements such as smart appliances and IoT devices. Proof-of-work (PoW) retains an undiminished status as one of the most adopted technologies in the blockchain industry for its trustworthiness and proportional fairness. Transactions will be safely committed and confirmed in a PoW-based blockchain scheme as long as a malevolent party does not control the majority of miners. However, since the discovery of a block withholding (BWH) attack where a malicious mining pool participant intentionally equivocates when finding a correct answer to the cryptographic puzzle, the proportional fairness between PoW miners has been compromised and cannot be guaranteed anymore. In this article, based on existing BWH attacks such as the BWH attack and the fork-after-withholding (FAW) attack, we introduce a novel attack scheme, a return-after-withholding (RAW) attack, which can be even more injurious to the proportional fairness of PoW mining. Analytic and experimental studies prove that our attack scheme is advantageous over the existing BWH attacks and distinguished by unique characteristics from the other BWH attacks. Wed, 16 Apr 2025 00:00:00 GMT https://scholar.korea.ac.kr/handle/2021.sw.korea/270583 2025-04-16T00:00:00Z https://scholar.korea.ac.kr/handle/2021.sw.korea/269301 Title: Advanced Financial Fraud Malware Detection Method in the Android Environment Authors: Shin, Jaeho; Kim, Daehyun; Lee, Kyungho Abstract: The open-source structure and ease of development in the Android platform are exploited by attackers to develop malicious programs, greatly increasing malicious Android apps aimed at committing financial fraud. This study proposes a machine learning (ML) model based on static analysis to detect malware. We validated the significance of private datasets collected from Bank A, comprising 183,938,730 and 11,986 samples of benign and malicious apps, respectively. Undersampling was performed to adjust the proportion of benign applications in the training data because the data on benign and malicious apps were unbalanced. Moreover, 92 datasets were compiled through daily training to evaluate the proposed approach, with benign app data updated over 70 days (D-70 to D-1) and malware app data cumulatively aggregated to address the imbalance. Five ML algorithms were used to evaluate the proposed approach, and the optimal hyperparameter values for each algorithm were obtained using a grid search method. We then evaluated the models using common evaluation metrics, such as accuracy, precision, recall, F1-Score, etc. The LightGBM model was selected for its superior performance, achieving high accuracy and effectiveness. The optimal decision threshold for determining whether an application was malicious was 0.5. Following re-evaluation, the LightGBM model obtained accuracy and F1-Score values of 99.99% and 97.04%, respectively, highlighting the potential of using the proposed model for real-world financial fraud detection. Wed, 02 Apr 2025 00:00:00 GMT https://scholar.korea.ac.kr/handle/2021.sw.korea/269301 2025-04-02T00:00:00Z https://scholar.korea.ac.kr/handle/2021.sw.korea/267708 Title: MeNU: Memorizing normality for UAV anomaly detection with a few sensor values Authors: Yoo, Jeong Do; Kim, Gang Min; Song, Min Geun; Kim, Huy Kang Abstract: With advancements in unmanned aerial vehicle (UAV) technology, UAVs have become widely used across various fields, including surveillance, agriculture, and architecture. Ensuring the safety and reliability of UAVs is crucial to prevent potential damage caused by malfunctions or cyberattacks. Consequently, the need for anomaly detection in UAVs is rising as a preemptive measure against undesirable incidents. Therefore, UAV anomaly detection faces challenges such as a lack of labeled data and high system workload. In this paper, we propose MeNU, a lightweight anomaly detection system for UAVs that utilizes various sensor data to detect abnormal events. We generated a concise feature set through preprocessing steps, including timestamp pooling, missing-value imputation, and feature selection. We then employed MemAE, a variant of the autoencoder with a memory module that stores prototypical benign patterns, which is particularly effective for anomaly detection. Experimental results on the ALFA and UA datasets demonstrated MeNU's superior performance, achieving AUC scores of 0.9856 and 0.9988, respectively, outperforming previous approaches. MeNU can be easily integrated into UAV systems, enabling efficient real-time anomaly detection. Sat, 01 Mar 2025 00:00:00 GMT https://scholar.korea.ac.kr/handle/2021.sw.korea/267708 2025-03-01T00:00:00Z