Acknowledgement
본 연구는 2024년도 정보통신기획평가원의 지원을 받아 수행하였습니다.(RS-2023-00227165, 무기체계 플랫폼에 적용 가능한 바이너리 기반 SW취약점 자동 탐지·분석 기술 개발
References
- Bullough, B. L., Yanchenko, A. K., Smith, C. L., & Zipkin, J. R. (2017, March). "Predicting exploitation of disclosed software vulnerabilities using open-source data," In Proceedings of the 3rd ACM on International Workshop on Security and Privacy Analytics pp. 45-53, Mar. 2017.
- L. Bilge and T. Dumitra,s. "Before we knew it: an empirical study of zero-day attacks in the real world," In Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 833-844, Oct. 2012.
- 2024 SK shieldus EQST Annual Report, pp. 11, Dec. 2023
- CVE, "CVE" https://cve.mitre.org/, accessed Apr. 2024
- MoneyToday, "SBOM" https://news.mt.co.kr/mtview.php?no=2023060813394653791/, accessed Apr. 2024
- Scribe, "CPE" https://scribesecurity.com/ko/sbom/standard-formats/#spdx-sbom-standard-format/, accessedApr.2024
- Google Patents, "CPE" https://patents.google.com/patent/KR20180097885A/ko/, accessed Apr. 2024
- NIST, "NIST" https://www.nist.gov/,accessed Apr. 2024
- NVD, "NVD" https://nvd.nist.gov/,accessed Apr. 2024
- Datanet, "OpenSource" http://www.datanet.co.kr/news/articleView.html?idxno=151523/, accessed Apr. 2024
- Ushakov, R., Doynikova, E., Novikova, E., & Kotenko, I. (2021,September). "CPE and CVE based technique for software security risk assessment," In 2021 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS) (Vol. 1, pp.353-356, Sep. 2021)
- Sanguino, Luis Alberto Benthin, and Rafael Uetz. "Software vulnerability analysis using CPE and CVE." arXiv preprint arXiv:1705.05347, May. 2017.
- Takahashi, Takeshi, Daisuke Miyamoto, and Koji Nakao. "Toward automated vulnerability monitoring using open information and standardized tools," 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops). IEEE, Mar. 2016.
- Cheng, Y., Yang, S., Lang, Z., Shi, Z., & Sun, L. (2023). "VERI: a large-scale open-source components vulnerability detection in iot firmware," Computers & Security, Vol 126, 103068, Mar. 2023
- Ecik, Harun. "Comparison of active vulnerability scanning vs. passive vulnerability detection," 2021 International Conference on Information Security and Cryptology (ISCTURKEY). IEEE, Dec. 2021.
- Qualys, "QualysFreeScan" https://www.qualys.com/community-edition/, accessed May. 2024
- RAPID7, Nexpose Vulnerability Scanner" "https://www.rapid7.com/products/nexpose/, accessed May. 2024
- GreenBone "OpenVas" https://www.greenbone.net/en/, accessed Apr. 2024
- CPE, "CPE" https://cpe.mitre.org/specification/, accessed Apr. 2024
- NVD, "CVE-2021-26237" https://nvd.nist.gov/vuln/detail/CVE-2021-26237/, accessed Apr. 2024
- NVD, "Data Feeds" https://nvd.nist.gov/vuln/data-feeds/
- Perrone, G., Romano, S. P., d'Ambrosio, N., & Pacchiano, V. "Unleashing Exploit-Db Data for the Automated Exploitation of Intentionally Vulnerable Docker Containers," Available at SSRN 4779063, Mar. 2024
- Yang, H., Park, S., Yim, K., & Lee, M. (2020). "Better not to use vulnerability's reference for exploitability prediction," Applied Sciences, 10(7), 2555, Mar. 2020
- ReadtheDocs, "CPE" https://cpe.readthedocs.io/en/master/model/cpehierarchy/cpe2_3_fs.html, accessed Apr. 2024
- NVD, "CPE" https://nvd.nist.gov/products/cpe/, accessed Apr. 2024
- MITRE, "Download" https://cve.mitre.org/data/downloads/index, accessed Apr. 2024
- GitLab, "Exploit-Database" https://gitlab.com/exploit-database/, accessed Apr. 2024
- MITRE, "CVE Search" https://cve.mitre.org/cve/search_cve_list, accessed Apr. 2024
- NVD, "CPE Search" https://nvd.nist.gov/products/cpe/search/, accessed Apr. 2024
- Exploit Database, "Exploit Database" https://www.exploit-db.com/, accessed Apr. 2024
- Security Affairs, "OSVDB" https://securityaffairs.com/46129/security/osvdb-shuts-down.html/, accessed May. 2024
- X, "SecurityTracker" https://twitter.com/securitytracker/, accessed May. 2024
- ZeroDium, "ZeroDium" https://zerodium.com/, accessed May. 2024
- Vuldb, "Vuldb" https://vuldb.com/, accessed May. 2024