1 |
B. Anderson and D. McGrew, "TLS Beyond the Browser: Combining End Host and Network Data to Understand Application Behavior," in Proceedings of the 2019 ACM Internet Measurement Conference (IMC), October 2019.
|
2 |
C. Johnson, L. Badger, D. Waltermire, J. Snyder, and C. Skorupka, Guide to Cyber Threat Information Sharing, NIST Special Publication 800-150, National Institute of Standards and Technology, October 2016.
|
3 |
김대건, 백승수, 유동희, "사이버위기에 대응하기 위한 국가정보기관의 사이버위협정보 공유 역할에 대한 고찰," 디지털융복합연구, 15(6), pp. 51-59, 2017.
DOI
|
4 |
K. Thomas, R. Amira, A. Ben-Yoash, O. Folger, A. Hardon, A. Berge, E. Bursztein, and M. Bailey, "The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges," in Proc eedings of the 19th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), September 19-21, 2016.
|
5 |
A. Zibak and A. Simpson, "Cyber Threat Information Sharing: Perceived Benefits and Barriers," in Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES), August 2019.
|
6 |
김경한, 이슬기, 김병익, 박순태, "OSINT기반의 활용 가능한 사이버 위협 인텔리전스 생성을 위한 위협 정보 수집 시스템," 정보보호학회지, 29(6), December 2019.
|
7 |
G. S. Poh, D. M. Divikaran, H. W. Lim, J. Ning, and A. Desai, "A Survey of Privacy-Preserving Techniques for Encrypted Traffic Inspection over Network Middleboxes," arXiv 2101.04338v1, 2021.
|
8 |
M. Conti, Q. Q. Li, A. Maragno, and R. Spolaor, "The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis," IEEE Communications Surveys & Tutorials, 20(4), pp. 2658-2713, Fourth Quarter 2018.
DOI
|
9 |
K. C. Claffy, H.-W. Braun, and G. C. Polyzos, "A Parameterizable Methodology for Internet Traffic Flow Profiling," IEEE Journal of Selected Areas in Communications, 13(8), pp. 1481-1494, October 1995.
DOI
|
10 |
Fyodor, Remote OS detection via TCP/IP Stack FingerPrinting, October 18, 1998. URL: https://nmap.org/nmap- fingerprinting-article.txt
|
11 |
M. Zalewski, p0f - passive os fingerprinting tool, BugTraq mailing list, nmap, June 10, 2000. URL: https://seclists.org/bugtraq/2000/Jun/141
|
12 |
R. Barnes, M. Thomson, A. Pironti, and A. Langley, Deprecating Secure Sockets Layer Version 3.0, RFC 8996, IETF, June 2015.
|
13 |
T. Dierks and E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.2, RFC 5246, IETF, April 2008.
|
14 |
K. Moriarty and S. Farrell, Depreca- ting TLS 1.0 and TLS 1.1, RFC 8996, IETF, March 2021.
|
15 |
M. Korczynski, and A. Duda, "Markov Chain Fingerprinting to Classify Encry- pted Traffic," in Proceedings of the 33rd IEEE International Conference on Computer Communications (INFO- COM), April 2014.
|
16 |
Cisco Systems, joy: A Package for Capturing and Analyzing Network Flow Data and Intrafow Data, for Network Research, Forensics, and Security Monitoring, 2016. URL: https://github .com/cis-co/joy
|
17 |
I. Ristic, HTTP Client Fingerprinting Using SSL Handshake Analysis, 2009. URL: https://www.ssllabs.com/projects /client-finger-printing/
|
18 |
L. Brotherston, TLS Fingerprinting: Smarter Defending & Stealthier Attacking, September 2015. URL: https://blog.squarelemon.com/tls-fingerprinting/
|
19 |
J. Althouse, TLS Fingerprinting with JA3 and JA 3S, January 2019. URL: https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967
|
20 |
B. Anderson and D. McGrew, "Accurate TLS Fingerprinting using Destination Context and Knowledge Bases," Arxiv 2009.01939, September 2020.
|
21 |
T. Dierks and C. Allen, The TLS Protocol Version 1.0, RFC 2246, IETF, January 1999.
|
22 |
T. Dierks and E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.1, RFC 4346, IETF, April 2006.
|
23 |
R. McMillan, Definition: Threat Intelligence, Gartner Research, May 2013. URL: https://www.gartner.com/doc/2487216/definition-threat-intelligence
|
24 |
M. Majkowski, SSL Fingerprinting for p0f, June 2012. URL: https://idea.popcount.org/2012-06-17-ssl-fingerprinting-for-p0f/
|
25 |
K. Paine, O. Whitehouse, and J. Sellwood, "Indicators of Compromise (IoCs) and Their Role in Attack Defence," draft-pain e-smart-indicators-of-compromise-03, Internet-Draft, July 12, 2021.
|
26 |
J. Althouse, Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection, July 2017. URL: https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41
|
27 |
B. Anderson and D. McGrew, "Identifying Encrypted Malware Traffic with Contextual Flow Data," in Proceedings of the 9 th ACM Workshop on Artificial Intelligence and Security (AISec) co-located with ACM CCS, October 2016.
|
28 |
P. Gao, X. Liu, E. Choi, B. Soman, C. Mishra, K. Farris, and D. Song, "A System for Automated Open-Source Threat Intelligence Gathering and Management," in Proceedings of the 2021 ACM SIGMOD/PODS Conference, June 20-25, 2021.
|
29 |
P. Dimou, J. Fajfer, N. Muller, E. Papadogiannaki, E. Rekleitis, and F. Strasak, Encrypted Traffic Analysis: Use Cases & Security Challenges, European Union Agency for Cybersecurity (ENISA), November 2019.
|
30 |
R. Beverly, "A Robust Classifier for Passive TCP/IP Fingerprinting," in Proceedings of the 5 th International Workshop on Passive and Active Network Measurement (PAM), April 2004.
|
31 |
E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.3, RFC 8446, IETF, April 2018.
|
32 |
B. Anderson, S. Paul, and D. McGrew, "Deciphering malware's use of TLS (without de- cryption)," Journal of Computer Virology and Hacking Techniques, 14(3), pp. 195- 211, August 2018.
DOI
|
33 |
V. Paxson, "Bro: System for Detecting Network Intruders in Real-Time," in Proceedings of the 7 th USENIX Security Symposium, Jaunary 1998.
|