참고문헌 (26)

1. ISACA/RSA Conference survey, Survey: 82% of Boards Are Concerned about Cybersecurity, https://www.rsaconference.com/about/press-releases/survey-82-of-boards-are-concerned-about 

2. PortSwigger, Burp, https://portswigger.net/burp 

3. Rapid7, Metasploit, https://www.metasploit.com/ 

4. Rapid7, "Put Your Defenses to the Test," https://www.rapid7.com/globalassets/_pdfs/product-and-service-briefs/rapid7-product-brief-metasploit.pdf 

5. Immunity, CANVAS, https://www.immunityinc.com/products/canvas/ 

6. Immunity, Tutorial: CANVAS 101 Part 1, https://www.immunityinc.com/downloads/documentation/tutorials/canvas101-part1.pdf 

7. Core Security, Core impact, https://www.coresecurity.com/core-impact 

8. Core Impact 2017 versus Metasploit: the Shootout Comparison, https://www.programmableweb.com/news/core-impact-2017-versus-metasploit-shootout-comparison/sponsored-content/2017/11/02 

9. Paul Rubens, Penetration Testing: DIY or Hire a Pen Tester?, https://www.esecurityplanet.com/network-security/penetration-testing.html (April 2017) 

10. 이주영, "공격 그래프에서의 위험도 결정과 시맨틱 검색 방법에 관한 연구," 忠南大學校 大學院: 컴퓨터공학과 컴퓨터통신 및 보안 2019. 2. 

11. K. Kaynar, "A taxonomy for attack graph generation and usage in network security," J. Inf. Security Applicat., vol. 29, 2016, pp. 27-56. 

12. S. Jajodia, S.Noel, and B. O'berry, "Topological analysis of network attack vulnerability," Managing Cyber Threats, Springer, Boston, MA, 2005. pp. 247-266. 

13. K. Ingols, R. Lippmann, and K. Piwowarski, "Practical attack graph generation for network defense," in Proc. Annu. Comput. Security Applicat. Conf., Miami Beach, FL, USA, Dec. 2006, doi: 10.1109/ACSAC.2006.39 

    

14. R. Lippmann, "Validating and restoring defense in depth using attack graphs," in Proc. MILCOM 2006-2006 IEEE Military Commun. Conf., Washington, DC, USA, Oct. 2006, doi: 10.1109/MILCOM.2006.302434. 

    

15. Kotenko, Igor, and Mikhail Stepashkin, "Attack graph based evaluation of network security," in Proc. IFIP Int. Conf. Commun. Multimedia Security, Crete, Greece, Oct. 2006, pp. 216-227, doi: 10.1007/11909033_20 

    상세보기

16. X. Ou, W.F. Boyer, and M.A. McQueen, "A scalable approach to attack graph generation," in Proc. ACM Conf. Comput. Commun. Security, 2006, pp. 336-345, doi: 10.1145/1180405.1180446. 

    

17. X. Ou, S. Govindavajhala, and A.W. Appel, "MulVAL: A Logic-based Network Security Analyzer," USENIX Security Symposium. Vol. 8. 2005. 

18. J. Lee et al., "A semantic approach to improving machine readability of a large-scale attack graph," J. Supercomput., vol. 75, no. 6, 2019, pp. 3028-3045. 

19. MITRE, ATT&CK, https://attack.mitre.org/ 

20. Gartner, Hype Cycle for Threat-Facing Technologies, 2019, July 2018. 

21. AttackIQ, https://attackiq.com/ 

22. SafeBreach, https://safebreach.com/ 

23. Cymulate, https://cymulate.com/ 

24. D. Brumley, "Mayhem, the Machine That Finds Software Vulnerabilities, Then Patches Them," (2019), https://spectrum.ieee.org/computing/software/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them 

25. ForAllSecure, https://forallsecure.com/ 

26. W. Hu and Y. Tan, "Generating adversarial malware examples for black-box attacks based on GAN," arXiv preprint arXiv:1702.05983, 2017.