Using the SIEM Software vulnerability detection model proposed |
Jeon, In-seok
(Graduate School of Information Security, Korea University)
Han, Keun-hee (Graduate School of Convergence Software, Korea University) Kim, Dong-won (Graduate School of Information Security, Korea University) Choi, Jin-yung (Graduate School of Convergence Software, Korea University) |
1 | HP, http://www8.hp.com/us/en/software-solutions/siem-security-information-event-management/index.html |
2 | Sangyong Choe, "Reconstruction of the hacking incident," Acorn |
3 | Myeonghun Gang, "Completion of IDS and security control seen as a big data analysis," Wowbooks |
4 | "Guidelines for Information Security Measures", (KoreaCommunicationsCommission 2013-3, 2013.01.17) |
5 | Dongjin Gim, Seongje Jo, "An Analysis of Domestic and Foreign Security Vulnerability Management Systems based on a National Vulnerability Database," 1(2), pp. 3-5, Nov 2010 |
6 | Huijin Jang, "Comprehensive analysis system for intrusion detection and response," Agency for Defense Devlopment, pp. 16-19 |
7 | IBM, https://exchange.xforce.ibmcloud.com/vulnerabilities/24008 |
8 | ITU-T Q.4/17 Proposed initial draft text for Rec. ITU-T X.cybex, Cybersecurity information exchange framework (TD503) |
9 | "Requirements for Distribution and Sharing of Information in the Vulnerability DB", (Technical Report), TTAR-12.0016, Telecommunications Technology Association, pp 9-10, Dec 2012 |
10 | Microsoft, https://technet.microsoft.com/ko-kr/library/security/ms15-001 |
11 | Adobe, https://helpx.adobe.com/security/products/flash-player/apsb15-06.html |
12 | Oracle, http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html |
13 | PHP Group, http://php.net/ |
14 | Apache Software Foundation, http://www.apache.org/dist/httpd/Announcement2.4.txt |
15 | Seongjin An, I Gyeongho, Bak Wonhyeong, "Security Monitoring&Control,EHANMEDIA," pp. 16-55, Apr 2014 |
16 | Young-Jin Kim, Su-yeon Lee, Hun-Yeong Kwon, Jong-in Lim, "A Study on the Improvement of Effectiveness in National Cyber Security Monitoring and Control Services," korea institute of information security and cryptology, pp. 2-3, Feb 2009 |
17 | Si-Jang Park, Jong-Hoon Park, "Current Status and Analysis of Domestic Security Monitoring Systems, korea institute of electronic communication science," pp. 2-3, Sep 2014 |
18 | IBM, http://xforce.iss.net/ContentUpdates.do;jsessionid=2C5B979DC4827A7EAD8F254F587B9A44?xpu=75 |
19 | Paloaltonetworks, https://downloads.paloaltonetworks.com/content/app-502-2736.html?__gda__=1433931570_54a6cb5825a3c7748542dcb09f1a616f |
20 | Wins, https://sniper2.wins21.com/pattern_update/SKRE2CWIS207528/help/h_1300_05894.html |
21 | HP, http://www8.hp.com/kr/ko/business-solutions/security-overview.html |
22 | Ji Hong Kim, Huy Kang Kim, "Automated Attack Path Enumeration Method based on System Vulnerabilities Analysis," korea institute of information security and cryptology, pp. 3-4, Oct 2012 |
23 | "A Study on Construction of A vulnerability Management System for New Information Technologies," KISA-WP-2010-0018, pp. 36, Aug 2010 |
24 | Gim Gyeonggi, "Research of improved CVSS for vulnerability management in financial ISAC," pp. 27, Jun2008 |
25 | MITRE, https://cve.mitre.org/index.html |
26 | MITRE, https://cce.mitre.org/ |
27 | MITRE, https://oval.mitre.org/ |
28 | MITRE, https://cpe.mitre.org/ |
29 | Frst, https://www.first.org/cvss |
30 | NIST, http://scap.nist.gov/specifications/xccdf/ |