참고문헌
- Verizon, Data Breach Investigations Report. New York, NY, USA, Tech. Rep., 2017, available at https://enterprise.verizon.com/content/dam/resources/reports/2017/2017_dbir.pdf (accessed 8 Nov. 2018).
- The MITRE Corporation, CVE: Common vulnerabilities and exposures, McLean, VA, USA, available at http://www.cve.mitre.org (accessed 8 Nov. (2018).
- Symantec, Symantec Internet Security Threat Report, Mountain View, CA, USA, Tech. Rep., Apr. 2016, available at https://www.symantec.com/security-center/threat-report (accessed 8 Nov. 2018).
- TrustwaveTrustwave Global Security Report, Chicago, IL, USA, 2014, Tech. Rep., available at https://www.trustwave.com/Resources/Trustwave-Blog/The-2014-Trustwave-Global-Security-Report-Is-Here/ (accessed 8 Nov. 2018).
- H. H. Jazi et al., Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling, Comput. Netw. 121 (2017), 25-36. https://doi.org/10.1016/j.comnet.2017.03.018
- A. Wang et al., Capturing DDoS attack dynamics behind the scenes, in Proc. Int. Conf. DIMVA, Milan, Italy, July 9-10, 2015, pp. 205-215.
- D. Holmes, The F5DDoS protection reference architecture, F5, Seattle, WA, USA, 2014, available at https://f5.com/Portals/1/Cache/Pdfs/2421/the-f5-ddos-protection-reference-architecture.pdf (accessed 8 November 2018).
- OWASP, Owasp testing guide 2008, available at http://www.owasp.org/index.php/OWASP (accessed 8 November 2018).
- White Hat Security, Business logic assessments, San Jose, CA, USA, 2016, available at https://www.whitehatsec.com/wp-content/uploads/2016/01/Sentinel_Dynamic_Business_Logic_Assessment_Solution_Brief.pdf (accessed 8 November 2018).
- OWASP, Testing for business logic, available at https://www.owasp.org/index.php/Testing_for_business_logic (accessed 8 November 2018).
- G. Pellegrino and D. Balzarotti, Toward black-box detection of logic flaws in web applications, in Proc. Int. Conf. NDSS Symp., San Diego, CA, USA, Feb.2014, pp. 23-26.
- G. Deepa and P. S. Thilagam, Securing web applications from injection and logic vulnerabilities: Approaches and challenges, Inf. Softw. Technol. 74 (2016), 160-180. https://doi.org/10.1016/j.infsof.2016.02.005
- W. Meng et al., Rampart: Protecting web applications from CPU-exhaustion denial-of-service attacks, in Proc. 27th USENIX Secur. Symp, Baltimore, MD, USA, Aug. 2018, pp. 393-410.
- T. Petsios et al., Slowfuzz: Automated domain-independent detection of algorithmic complexity vulnerabilities, in Proc Int. Conf. Comput. Commun. Secur., Dallas, TX, USA, 2017, pp. 2155-2168.
- J. Burnim, S. Juvekar and K. Sen, WISE: Automated test generation for worst-case complexity, in Proc. Int. Conf. Softw. Eng., Washington, DC, USA, May. 16-24, 2009, pp. 463-473.
- O. Olivo, I. Dillig and C. Lin, Detecting and exploiting second order denial-of-service vulnerabilities in web applications, in Proc. Int. Conf. Comput. Commun. Secur., Denver, CO, USA, Oct. 12-16, 2015, pp. 616-628.
- S. Son and V. Shmatikov, SAFERPHP, Finding semantic vulnerabilities in PHP applications, in Proc. Int. Conf. Programming, San Jose, CA, USA, June 2011, pp. 8:1-13.
- J. Burnim et al., Looper Lightweight detection of infinite loops at runtime, in Proc. Int. Conf. Automated Softw. Eng., Washington, DC, USA, Nov. 16-20, 2009, pp. 161-169.
- A. Gupta et al., Proving non-termination, in Proc. Int. Conf. Principles Programming Lang., San Francisco, CA, USA, Jan. 7-12, 2008, pp. 147-158.
- R. Chang et al., Inputs of coma: Static detection of denial-of-service vulnerabilities, in Proc. IEEE Comput. Secur. Foundations Symp., New York, NY, USA, July 8-10, 2009, pp. 186-199.
- M. Alidoosti and A. Nowroozi, BLProM: Business-layer process miner of the web application, in Proc. Int. Conf. Inf. Secur. Cryptol, Tehran, Iran, Aug, 2018, pp. 28-29.
- X. Li and Y. Xue, BLOCK: A black-box approach for detection of state violation attacks towards web applications, in Proc. Int. Conf. Comput. Secur. Appl., Orlando, FL, USA, Dec. 5-9, 2011, pp. 247-256.
- X. Li, W. Yan, and Y. Xue, SENTINEL: Securing database from logic flaws in web applications, in Proc. Int. Conf. Data Appl. Secur. Privacy, San Antonio, TX, USA, Feb. 7-9, 2012, pp. 25-36.
- A. Doupe et al., Enemy of the state: A state-aware black-box web vulnerability scanner, in Proc. USENIX Secur. Symp., Bellevue, WA, USA, Aug. 8-10, 2012, pp. 523-538.
- G. Pellegrino and D. Balzarotti, Toward black-box detection of logic flaws in web applications, in Proc. Netw. Distrib. Syst. Secur. Symp., San Diego, CA, USA, Feb. 2014, pp. 23-26.
- G. Deepa et al., DetLogic: A black-box approach for detecting logic vulnerabilities in web applications, J. Netw. Comput. Appl. 109 (2018), 89-109. https://doi.org/10.1016/j.jnca.2018.01.008
- F. Sun, L. Xu, and Z. Su, Detecting logic vulnerabilities in e-commerce applications, in Proc. Netw. Distrib. Syst. Secur. Symp., Los Angeles, CA, USA, 2014.
- J. C. Buijs, B. F. van Dongen, and W. M. P. van der Aalst, On the role of fitness, precision, generalization and simplicity in process discovery, in Proc. Int. Conf. Move Meaningful Internet Syst., Heidelberg, Berlin, 2012, pp. 305-322.
피인용 문헌
- Research on Crude Oil Trade Procurement Model Based on DEA-Malmquist Algorithm vol.2021, 2020, https://doi.org/10.1155/2021/6360439
- Deep Learning for the Industrial Internet of Things (IIoT): A Comprehensive Survey of Techniques, Implementation Frameworks, Potential Applications, and Future Directions vol.21, pp.22, 2020, https://doi.org/10.3390/s21227518