Acknowledgement
Grant : 능동적 사전보안을 위한 사이버 자가변이 기술 개발
Supported by : 정보통신기술진흥센터
이 논문은 2019년도 정부(과학기술정보통신부)의 재원으로 정보통신기술진흥센터의 지원을 받아 수행된 연구임[No.2017-0-00213, 능동적 사전보안을 위한 사이버 자가변이 기술 개발].
References
- ISACA/RSA Conference survey, Survey: 82% of Boards Are Concerned about Cybersecurity, https://www.rsaconference.com/about/press-releases/survey-82-of-boards-are-concerned-about
- PortSwigger, Burp, https://portswigger.net/burp
- Rapid7, Metasploit, https://www.metasploit.com/
- Rapid7, "Put Your Defenses to the Test," https://www.rapid7.com/globalassets/_pdfs/product-and-service-briefs/rapid7-product-brief-metasploit.pdf
- Immunity, CANVAS, https://www.immunityinc.com/products/canvas/
- Immunity, Tutorial: CANVAS 101 Part 1, https://www.immunityinc.com/downloads/documentation/tutorials/canvas101-part1.pdf
- Core Security, Core impact, https://www.coresecurity.com/core-impact
- Core Impact 2017 versus Metasploit: the Shootout Comparison, https://www.programmableweb.com/news/core-impact-2017-versus-metasploit-shootout-comparison/sponsored-content/2017/11/02
- Paul Rubens, Penetration Testing: DIY or Hire a Pen Tester?, https://www.esecurityplanet.com/network-security/penetration-testing.html (April 2017)
- 이주영, "공격 그래프에서의 위험도 결정과 시맨틱 검색 방법에 관한 연구," 忠南大學校 大學院: 컴퓨터공학과 컴퓨터통신 및 보안 2019. 2.
- K. Kaynar, "A taxonomy for attack graph generation and usage in network security," J. Inf. Security Applicat., vol. 29, 2016, pp. 27-56. https://doi.org/10.1016/j.jisa.2016.02.001
- S. Jajodia, S.Noel, and B. O'berry, "Topological analysis of network attack vulnerability," Managing Cyber Threats, Springer, Boston, MA, 2005. pp. 247-266.
- K. Ingols, R. Lippmann, and K. Piwowarski, "Practical attack graph generation for network defense," in Proc. Annu. Comput. Security Applicat. Conf., Miami Beach, FL, USA, Dec. 2006, doi: 10.1109/ACSAC.2006.39
- R. Lippmann, "Validating and restoring defense in depth using attack graphs," in Proc. MILCOM 2006-2006 IEEE Military Commun. Conf., Washington, DC, USA, Oct. 2006, doi: 10.1109/MILCOM.2006.302434.
- Kotenko, Igor, and Mikhail Stepashkin, "Attack graph based evaluation of network security," in Proc. IFIP Int. Conf. Commun. Multimedia Security, Crete, Greece, Oct. 2006, pp. 216-227, doi: 10.1007/11909033_20
- X. Ou, W.F. Boyer, and M.A. McQueen, "A scalable approach to attack graph generation," in Proc. ACM Conf. Comput. Commun. Security, 2006, pp. 336-345, doi: 10.1145/1180405.1180446.
- X. Ou, S. Govindavajhala, and A.W. Appel, "MulVAL: A Logic-based Network Security Analyzer," USENIX Security Symposium. Vol. 8. 2005.
- J. Lee et al., "A semantic approach to improving machine readability of a large-scale attack graph," J. Supercomput., vol. 75, no. 6, 2019, pp. 3028-3045. https://doi.org/10.1007/s11227-018-2394-6
- MITRE, ATT&CK, https://attack.mitre.org/
- Gartner, Hype Cycle for Threat-Facing Technologies, 2019, July 2018.
- AttackIQ, https://attackiq.com/
- SafeBreach, https://safebreach.com/
- Cymulate, https://cymulate.com/
- D. Brumley, "Mayhem, the Machine That Finds Software Vulnerabilities, Then Patches Them," (2019), https://spectrum.ieee.org/computing/software/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them
- ForAllSecure, https://forallsecure.com/
- W. Hu and Y. Tan, "Generating adversarial malware examples for black-box attacks based on GAN," arXiv preprint arXiv:1702.05983, 2017.