The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

Estimating Economic Loss by S/W Vulnerability

S/W 취약점으로 인한 손실비용 추정

  • Kim, Min-Jeong (Dept. of Information Security Management, Sangmyung University) ;
  • Yoo, Jinho (Dept. of Business Administration, Sangmyung University)
  • Received : 2014.07.16
  • Accepted : 2014.09.23
  • Published : 2014.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

These days a lot of cyber attacks are exploiting the vulnerabilities of S/W. According to the trend of vulnerabilities is announced periodically, security directions are suggested and security controls are updated with this trend. Nevertheless, cyber attacks like hacking during the year 2011 are increased by 81% compared to 2010. About 75% of these cyber attacks are exploiting the vulnerabilities of S/W itself. In this paper, we have suggested a VIR model, which is a spread model of malware infection for measuring economic loss by S/W vulnerability, by applying the SIR model which is a epidemic model. It is applied to estimate economic loss by HWP(Hangul word) S/W vulnerabilities.

최근 많은 사이버 공격은 S/W의 취약점을 이용한 익스플로잇(exploit)으로 이루어지고 있다. 주기적으로 취약점 동향이 발표되고 있으며 이를 참고로 보안의 방향이 제시되고 개선 방안도 수정되고 있다. 그럼에도 불구하고 2011년 한 해 동안 발생한 해킹 등 사이버 공격은 2010년 대비 81% 증가하였고, 이러한 사이버 공격의 약 75%가 S/W 자체의 보안 취약점을 악용하고 있다. 본 논문에서는 S/W 취약점으로 인한 손실비용 측정을 위해 질병 전파 모델인 SIR 모델을 응용하여 취약점에 의한 악성코드 감염 확산 모델인 VIR모델을 제시하고, 이를 한글 S/W 취약점에 적용하여 손실비용이 어느 정도인지를 추정하였다.

Keywords

References

  1. Chen, Z., "Worm propagation models," Mathematics Awareness Month : Mathematics and Internet Security Theme Essays, 2006.
  2. Chen, Zesheng, Lixin Gao, and Kevin Kwiat, "Modeling the spread of active worms," INFOCOM 2003, Twenty-Second Annual Joint Conference of the IEEE Computer and Communications, IEEE Societies, Vol. 3, IEEE, 2003.
  3. Lee, H. W., "On officeSW company beyond the Hanword," bloter.net, 2010. 03. 09, available : http://www.bloter.net/archives/26902.
  4. Lim, J.-M. and C.-H. Yoon, "Modeling and Network Simulator Implementation for analyzing Slammer Worm Propagation Process, Modeling and Network Simulator Implementation for analyzing Slammer Worm Propagation Process," Vol. 32, No. 5, pp. 277-285, 2007.
  5. Kim, J. Y. and Lee, S. H., "PC/Mobile Market," Mirae Asset, Company Insights, 2011.
  6. Kermack William O., and Anderson G. McKendrick, "Contribution to the mathematical theory of epidemics," Proc. of The Royal Society of London. Series A, Vol. 115, No. 700, 1927.
  7. Korea Information Security Agency, Development of Information Security Forecast Algorithm and Model, KISA-WP-2009-0025, 2009.
  8. Microsoft, Security Intelligence Report, Vol. 16.
  9. Microsoft, Security Intelligence Report Special Edition 10 Year Review, 2012.
  10. Ministry of public administration and security, SW security vulnerable point diagnosis Guide for E-Government SW development security diagnostician, 11-1311000-000395-14, 2012.
  11. NIST, The Economic Impacts of Inadequate Infrastructure for Software Testing, 2002.
  12. Lee, S. G., Ko, R. Y., and Lee, J. H., "Mathematical Modelling of the H1N1 Influenza," Journal of the Korean Society of Mathematical Education Series E : Communications of mathematical education, Vol. 24, No. 4, pp. 877-889, 2010.
  13. Hwang, S.-O., "A Methodology for Security Vulnerability Assessment Process on Binary Code," JIWIT, Vol. 12, No. 5, pp. 237-242, 2012. https://doi.org/10.7236/JIWIT.2012.12.5.237
  14. Lim, S. S., Kwak, N. J., and Jung, K. M., "Tipping Point Analysis of SIR Model in Social Networks with Heterogeneous Contact Rates," 2011.
  15. Park, Y.-J. and Park, E.-J., "A Study on an Estimation of Adjusted Coefficient for the Maintenance of Information Security Software in Korea Industry," The Journal of Society for e-Business Studies, Vol. 16, No. 4, pp. 109-123, 2011. https://doi.org/10.7838/jsebs.2011.16.4.109
  16. Yukyong Kim, and Doh, K.-G., "SOA Vulnerability Evaluation using Tun-Time Dependency Mesurement," The Journal of Society for e-Business Studies, Vol. 16, No. 2, pp. 129-142, 2011.
  17. Zou, Cliff Changchun, Weibo Gong, and Don Towsley, Code red worm propagation modeling and analysis, Proceedings of the 9th ACM conference on Computer and communications security, ACM, 2002.