Browse > Article

A Study on The Prediction of Security Threat using Open Vulnerability List  

Huh, Seung-Pyo (경기대학교 산업보안학과)
Lee, Dae-Sung (경기대학교 산업기술보호특화센터)
Kim, Kui-Nam (경기대학교 산업보안학과)
Publication Information
Convergence Security Journal / v.11, no.3, 2011 , pp. 3-10 More about this Journal
Abstract
Recently, due to a series of DDoS attacks, government agencies have enhanced security measures and business-related legislation. However, service attack and large network violations or accidents are most likely to occur repeatedly in the near future. In order to prevent this problem, researches must be conducted to predict the vulnerability in advance. The existing research methods do not state the specific data used for the base of the prediction, making the method more complex and imprecise. Therefore this study was conducted using the vulnerability data used for the basis of machine learning technology prediction, which were retrieved from a reputable organization. Also, the study suggested ways to predict the future vulnerabilities based on the weaknesses found in prior methods, and certified the efficiency using experiments.
Keywords
Security Threat Prediction; Open Vulnerability List;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 The Open Web Application Security Project, "OWASP TOP 10 Project",. http://www.owasp.org/ .
2 SANS, "@Risk: The consensus security alert," http: / /www.sans.org/newslet ters/ risk/ , September 2009.
3 조상현, 김한성, 이병희, 차상덕, "베이지언 추정을 이용한 웹 서비스 공격 탐지", 정보보호학회논문지 13권 2호, 2003, 4
4 Srinivas Mukkamala, Guadalupe Janoski, An drew Sung, "Intrusion Detection: Support Vector Machines and Neural Networks", Proceedings of the IEEE international joint conference on neural networks, pp1702-1707, 2002
5 M. McQueen, T. Mcqueen, W. Boyer, S.Mcbride, "Emprical Estimates of 0Day Vulnerabilities in Control System", Proceedings of the SCADA Security Scientific Symposium, Jan 2009
6 N. Stephan and Z. Thomas, "Security Trend Analysis with CVE Topic Models",
7 OSVDB, " Vulnerabilities in OSVDB disclosed by type by quarter", http://www.osvdb.org/ .
8 Yeu-Pong L and Po-Lun H, "Using the vulnerability information of computer systems to improve the network security", Computer Communication, pp2032-2047, Mar 2007.