• 제목/요약/키워드: Vulnerability Identification

검색결과 66건 처리시간 0.019초

의미기반 취약점 식별자 부여 기법을 사용한 취약점 점검 및 공격 탐지 규칙 통합 방법 연구 (A Study for Rule Integration in Vulnerability Assessment and Intrusion Detection using Meaning Based Vulnerability Identification Method)

  • 김형종;정태인
    • 정보보호학회논문지
    • /
    • 제18권3호
    • /
    • pp.121-129
    • /
    • 2008
  • 본 논문은 소프트웨어의 취약점을 표현하기 위한 방법으로 단위 취약점을 기반으로 한 의미기반 취약점 식별자 부여 방법을 제안하고 있다. 의미기반 취약점 식별자 부여를 위해 기존의 취약점 단위를 DEVS 모델링 방법론의 SES 이론에서 사용되는 분할 및 분류(Decomposition/Specialization) 절차를 적용하였다. 의미기반 취약점 식별자는 취약점 점검 규칙 및 공격 탐지 규칙과 연관 관계를 좀 더 낮은 레벨에서 맺을 수 있도록 해주고, 보안 관리자의 취약점에 대한 대응을 좀더 편리하고 신속하게 하는 데 활용될 수 있다. 특히, 본 논문에서는 Nessus와 Snort의 규칙들이 의미기반 취약점 식별자와 어떻게 맵핑되는 지를 제시하고, 보안 관리자 입장에서 어떻게 활용 될 수 있는 지를 3가지 관점에서 정리하였다. 본 논문의 기여점은 의미기반 취약점 식별자 개념 정의 및 이를 기반으로 한 취약점 표현과 활용 방법의 제안에 있다.

분석단계에서 취약점 관리의 보안 요건 정의에 관한 연구 (A Study on the Definition of Security Requirements of Vulnerability Management in Analysis Step)

  • 신성윤;이현창
    • 한국컴퓨터정보학회논문지
    • /
    • 제20권3호
    • /
    • pp.75-80
    • /
    • 2015
  • 취약점 관리란 보안 정책을 준수하여 사업의 연속성과 가용성을 보장하는 것이다. 본 논문에서는 시스템의 어플리케이션 및 IT 인프라에 대한 취약점 관리는 식별되어야 한다는 것이다. 그리고 개발 단계에서 실행 가능한 취약점 관리 방안이 도출되어야 한다는 것이다. 취약점의 식별 및 분류에서 식별 및 인증, 암호화, 접근제어의 영역에서 정의되지 않은 취약점들이 많다. 이들은 기술적, 관리적, 운영적 관점에서 해당 영역별로 누락 없이 정의하도록 한다. 식별된 취약점의 대응여부를 판단하고, 해당 취약점을 제거하기 위한 대응방안을 선택하도록 한다.

단위 취약점 식별자 부여 자동화에 대한 연구 (A study on automation of AV(Atomic Vulnerability) ID assignment)

  • 김형종
    • 인터넷정보학회논문지
    • /
    • 제9권6호
    • /
    • pp.49-62
    • /
    • 2008
  • 단위 취약점(atomic vulnerability)은 기존의 취약점의 표현방법이 갖는 모호성을 개선하여, 취약점을 시스템적으로 표현하기 위한 취약점의 새로운 정의이다. 단위 취약점은 취약점의 유형, 위치, 결과 등에 따라 보다 세분화하여, 취약점을 의미를 중심으로 분석하고 자 할 때 필요한 정보로서, 기존의 취약점은 몇 개의 단위 취약점 식별자의 조합으로 표현된다. 현재 가장 대표적으로 사용되는 취약점 정보인 CW(Common Vulnerability Exposure)의 경우, 취약점의 핵심적인 내용을 자연어 형태의 설명(description)을 통해 제시한다. 이러한 CVE의 설명 정보는, 정형화되어 있지 않아서 단위 취약점 분석을 위해서는 기존의 CVE 설명 정보에서 특정 단어들을 검색하여 데이터를 분류하는 자연어 검색 및 판단 기법이 필요하다. 본 논문에서는 자연어 검색 기법을 이용하여 단위 취약점 분석에 활용할 수 있는 소프트웨어를 설계하고 이를 실제 구현한 결과를 소개하고자 한다. 본 연구의 기여점은 설명위주의 취약점 표현을 정형화된 형태로 변환해 주는 소프트웨어 시스템의 개발에 있다.

  • PDF

Service Identification of Internet-Connected Devices Based on Common Platform Enumeration

  • Na, Sarang;Kim, Taeeun;Kim, Hwankuk
    • Journal of Information Processing Systems
    • /
    • 제14권3호
    • /
    • pp.740-750
    • /
    • 2018
  • There are a great number of Internet-connected devices and their information can be acquired through an Internet-wide scanning tool. By associating device information with publicly known security vulnerabilities, security experts are able to determine whether a particular device is vulnerable. Currently, the identification of the device information and its related vulnerabilities is manually carried out. It is necessary to automate the process to identify a huge number of Internet-connected devices in order to analyze more than one hundred thousand security vulnerabilities. In this paper, we propose a method of automatically generating device information in the Common Platform Enumeration (CPE) format from banner text to discover potentially weak devices having the Common Vulnerabilities Exposures (CVE) vulnerability. We demonstrated that our proposed method can distinguish as much adequate CPE information as possible in the service banner.

계층화분석 및 엔트로피 가중치 산정 방법에 따른 농업가뭄재해 취약성 평가 (Evaluation of Agricultural Drought Disaster Vulnerability Using Analytic Hierarchy Process (AHP) and Entropy Weighting Method)

  • 문영식;남원호;양미혜;신지현;전민기;김태곤;이승용;이광야
    • 한국농공학회논문집
    • /
    • 제63권3호
    • /
    • pp.13-26
    • /
    • 2021
  • Recent drought events in the South Korea and the magnitude of drought losses indicate the continuing vulnerability of the agricultural drought. Various studies have been performed on drought hazard assessment at the regional scales, but until recently, drought management has been response oriented with little attention to mitigation and preparedness. A vulnerability assessment is introduced in order to preemptively respond to agricultural drought and to predict the occurrence of drought. This paper presents a method for spatial, Geographic Information Systems-based assessment of agricultural drought vulnerability in South Korea. It was hypothesized that the key 14 items that define agricultural drought vulnerability were meteorological, agricultural reservoir, social, and adaptability factors. Also, this study is to analyze agricultural drought vulnerability by comparing vulnerability assessment according to weighting method. The weight of the evaluation elements is expressed through the Analytic Hierarchy Process (AHP), which includes subjective elements such as surveys, and the Entropy method using attribute information of the evaluation items. The agricultural drought vulnerability map was created through development of a numerical weighting scheme to evaluate the drought potential of the classes within each factor. This vulnerability assessment is calculated the vulnerability index based on the weight, and analyze the vulnerable map from 2015 to 2019. The identification of agricultural drought vulnerability is an essential step in addressing the issue of drought vulnerability in the South Korea and can lead to mitigation-oriented drought management and supports government policymaking.

Seismic vulnerability assessment of a historical building in Tunisia

  • El-Borgi, S.;Choura, S.;Neifar, M.;Smaoui, H.;Majdoub, M.S.;Cherif, D.
    • Smart Structures and Systems
    • /
    • 제4권2호
    • /
    • pp.209-220
    • /
    • 2008
  • A methodology for the seismic vulnerability assessment of historical monuments is presented in this paper. The ongoing work has been conducted in Tunisia within the framework of the FP6 European Union project (WIND-CHIME) on the use of appropriate modern seismic protective systems in the conservation of Mediterranean historical buildings in earthquake-prone areas. The case study is the five-century-old Zaouia of Sidi Kassem Djilizi, located downtown Tunis, the capital of Tunisia. Ambient vibration tests were conducted on the case study using a number of force-balance accelerometers placed at selected locations. The Enhanced Frequency Domain Decomposition (EFDD) technique was applied to extract the dynamic characteristics of the monument. A 3-D finite element model was developed and updated to obtain reasonable correlation between experimental and numerical modal properties. The set of parameters selected for the updating consists of the modulus of elasticity in each wall element of the finite element model. Seismic vulnerability assessment of the case study was carried out via three-dimensional time-history dynamic analyses of the structure. Dynamic stresses were computed and damage was evaluated according to a masonry specific plane failure criterion. Statistics on the occurrence, location and type of failure provide a general view for the probable damage level and mode. Results indicate a high vulnerability that confirms the need for intervention and retrofit.

폭염 취약지역 도출에 관한 연구 - 충청남도를 대상으로 - (A Study on Identification of the Heat Vulnerability Area - Case Study in Chungcheongnamdo -)

  • 이경진;차정우
    • 농촌계획
    • /
    • 제25권1호
    • /
    • pp.67-74
    • /
    • 2019
  • This study is to identify the heat vulnerability area as represented by heat risk factors which could be attributable to heat-related deaths. The heat risk factors were temperature, Older Adults(OA), Economic Disadvantage(ED), Accessibility of Medical Services(AMS), The population Single Person Households(SPH). The factors are follow as; the temperature means to the number of days for decades average daily maximum temperature above $31^{\circ}C$, the Older Adults means to population ages 65 and above, furthermore, the Economic Disadvantage means to the population of Basic Livelihood Security Recipients(BLSR), the Accessibility of Medical Services(AMS) means to 5 minutes away from emergency medical services. The results of the analysis are showed that the top-level of temperature vulnerability areas is Dong, the top-level of vulnerability OA areas is Eup, the top-level of AMS vulnerability is Eup. Moreover, the top-level of vulnerability ED area appears in the Eup and Dong. The result of analysing relative importance to each element, most of the Eup were vulnerable to heat. Since, there are many vulnerable groups such as Economic Disadvantage, Older Adults in the Eup. We can be figured out estimated the number of heat-related deaths was high in the Eup and Dong by the data of emergency activation in the Chungcheongnam-do Fire Department. Therefore, the result of this study could be reasonable.

Seismic vulnerability of old confined masonry buildings in Osijek, Croatia

  • Hadzima-Nyarko, Marijana;Pavica, Gordana;Lesic, Marija
    • Earthquakes and Structures
    • /
    • 제11권4호
    • /
    • pp.629-648
    • /
    • 2016
  • This paper deals with 111 buildings built between 1962 and 1987, from various parts of the city of Osijek, for which, through the collection of documentation, a database is created. The aim of this paper is to provide the first steps in assessing seismic risk in Osijek applying method based on vulnerability index. This index uses collected information of parameters of the building: the structural system, the construction year, plan, the height, i.e., the number of stories, the type of foundation, the structural and non-structural elements, the type and the quality of main construction material, the position in the block and built-up area. According to this method defining five damage states, the action is expressed in terms of the macroseismic intensity and the seismic quality of the buildings by means of a vulnerability index. The value of the vulnerability index can be changed depending on the structural systems, quality of construction, etc., by introducing behavior and regional modifiers based on expert judgments. Since there is no available data of damaged buildings under earthquake loading in our country, we will propose behavior modifiers based on values suggested by earlier works and on judgment based on available project documentation of the considered buildings. Depending on the proposed modifiers, the seismic vulnerability of existing buildings in the city of Osijek will be assessed. The resulting vulnerability of the considered residential buildings provides necessary insight for emergency planning and for identification of critical objects vulnerable to seismic loading.

침수피해 정보를 이용한 농경지의 지형학적 침수취약지도 작성 - 진주시를 사례로 - (Mapping of Inundation Vulnerability Using Geomorphic Characteristics of Flood-damaged Farmlands - A Case Study of Jinju City -)

  • 김수진;서교;김상민;이경도;장민원
    • 농촌계획
    • /
    • 제19권3호
    • /
    • pp.51-59
    • /
    • 2013
  • The objective of this study was to make a map of farmland vulnerability to flood inundation based on morphologic characteristics from the flood-damaged areas. Vulnerability mapping based on the records of flood damages has been conducted in four successive steps; data preparation and preprocessing, identification of morphologic criteria, calculation of inundation vulnerability index using a fuzzy membership function, and evaluation of inundation vulnerability. At the first step, three primary digital data at 30-m resolution were produced as follows: digital elevation model, hill slopes map, and distance from water body map. Secondly zonal statistics were conducted from such three raster data to identify geomorphic features in common. Thirdly inundation vulnerability index was defined as the value of 0 to 1 by applying a fuzzy linear membership function to the accumulation of raster data reclassified as 1 for cells satisfying each geomorphic condition. Lastly inundation vulnerability was suggested to be divided into five stages by 0.25 interval i.e. extremely vulnerable, highly vulnerable, normally vulnerable, less vulnerable, and resilient. For a case study of the Jinju, farmlands of $138.6km^2$, about 18% of the whole area of Jinju, were classified as vulnerable to inundation, and about $6.6km^2$ of farmlands with elevation of below 19 m at sea water level, slope of below 3.5 degrees, and within 115 m distance from water body were exposed to extremely vulnerable to inundation. Comparatively Geumsan-myeon and Sabong-myeon were revealed as the most vulnerable to farmland inundation in the Jinju.

BERT를 이용한 딥러닝 기반 소스코드 취약점 탐지 방법 연구 (A BERT-Based Deep Learning Approach for Vulnerability Detection)

  • 김문회;오희국
    • 정보보호학회논문지
    • /
    • 제32권6호
    • /
    • pp.1139-1150
    • /
    • 2022
  • SW 산업의 급속한 발전과 함께 새롭게 개발되는 코드와 비례해서 취약한 코드 또한 급증하고 있다. 기존에는 전문가가 수동으로 코드를 분석하여 취약점을 탐지하였지만 최근에는 증가하는 코드에 비해서 분석하는 인력이 부족하다. 이 때문에 기존 Vuldeepecker와 같은 많은 연구에서는 RNN 기반 모델을 이용하여 취약점을 탐지하였다. 그러나 RNN 모델은 코드의 양이 방대할수록 새롭게 입력되는 코드만 학습되고 초기에 입력된 코드는 최종 예측 결과에 영향을 주지 못하는 한계점이 있다. 또한 RNN 기반 방법은 입력에 Word2vec 모델을 사용하여 단어의 의미를 상징하는 embedding을 먼저 학습하여 고정 값으로 RNN 모델에 입력된다. 이는 서로 다른 문맥에서 다른 의미를 표현하지 못하는 한계점이 있다. BERT는 Transformer 모델을 기본 레이어로 사용하여 각 단어가 전체 문맥에서 모든 단어 간의 관계를 계산한다. 또한 MLM과 NST 방법으로 문장 간의 앞뒤 관계를 학습하기 때문에 취약점 탐지와 같은 코드 간 관계를 분석해야 할 필요가 있는 문제에서 적절한 방법이다. 본 논문에서는 BERT 모델과 결합하여 취약점 탐지하는 연구를 수행하였고 실험 결과 취약점 탐지의 정확성이 97.5%로 Vuldeepecker보다 정확성 1.5%. 효율성이 69%를 증가하였다.