초 록최근 많은 사이버 공격은 S/W의 취약점을 이용한 익스플로잇(exploit)으로 이루어지고 있다. 주기적으로 취약점 동향이 발표되고 있으며 이를 참고로 보안의 방향이 제시되고 개선방안도 수정되고 있다. 그럼에도 불구하고 2011년 한 해 동안 발생한 해킹 등 사이버 공격은 2010년 대비 81% 증가하였고, 이러한 사이버 공격의 약 75%가 S/W 자체의 보안 취약점을 악용하고 있다. 본 논문에서는 S/W 취약점으로 인한 손실비용 측정을 위해 질병 전파 모델인 SIR 모델을 응용하여 취약점에 의한 악성코드 감염 확산 모델인 VIR모델을 제시하고, 이를 글 S/W 취약점에 적용하여 손실비용이 어느 정도인지를 추정하였다.ABSTRACTThese days a lot of cyber attacks are exploiting the vulnerabilities of S/W. According to the trend of vulnerabilities is announced periodically, security directions are suggested and security controls are updated with this trend. Nevertheless, cyber attacks like hacking during the year 2011 are increased by 81% compared to 2010. About 75% of these cyber attacks are exploiting the vulnerabilities of S/W itself. In this paper, we have suggested a VIR model, which is a spread model of malware infection for measuring economic loss by S/W vulnerability, by applying the SIR model which is a epidemic model. It is applied to estimate economic loss by HWP(Hangul word) S/W vulnerabilities.
[1]
Donald F. Towsley,et al.
Code red worm propagation modeling and analysis
,
2002,
CCS '02.
[2]
Jae-Myung Lim,et al.
Modeling and Network Simulator Implementation for analyzing Slammer Worm Propagation Process
,
2007
.
[3]
Kyung-Goo Doh,et al.
SOA Vulnerability Evaluation using Run-Time Dependency Measurement
,
2011
.
[4]
Seong-Oun Hwang.
A Methodology for Security Vulnerability Assessment Process on Binary Code
,
2012
.
[5]
You-Jin Park,et al.
A Study on an Estimation of Adjusted Coefficient for the Maintenance of Information Security Software in Korea Industry
,
2011
.
[6]
Kevin A. Kwiat,et al.
Modeling the spread of active worms
,
2003,
IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).
[7]
W. O. Kermack,et al.
A contribution to the mathematical theory of epidemics
,
1927
.