OpenSource Security Vulnerability Real-Time Notification System

㡺

㡺䝞㏢㓺

⽊㞞 䀾㟓㩦 ⹥

䕾䂮

䡚

䡚䢿

㔺

㔺㔲Ṛ

㞢

㞢Ⱂ

㔲

㔲㓺䎲

㾲㰖㦖*, ῂ㡞Ⱂ**, 㩚㍶㰚*** ⹫㤆㧎**** 㧊⼧䧂***** *▫㎇㡂㧦╖䞯ᾦ 䅊䜾䎆Ὃ䞯ὒ **ἓ₆╖䞯ᾦ 䅊䜾䎆ὒ䞯ὒ ***㒃㔺╖䞯ᾦ ㏢䝚䔎㤾㠊䞯⿖ ****㑮㤦╖䞯ᾦ 㩫⽊⽊䢎䞯ὒ *****⍺㧊⻚(㭒)

skskje312@naver.com, hoyu210@gmail.com, seonjinjeon.12@gmail.com, shionista@gmail.com, flittermouse@naver.com

G

OpenSource Security Vulnerability Real-Time Notification System

Ji Eun Choi*,Ye Lim Koo**, Seon Jin Jeon***, Woo In Park****, Byoung Hee Lee*****

* Dept. of Computer Engineering, Duksung Women’s University ** Dept. of Computer Science, Kyonggi University

*** Dept. of Software, Soongsil University **** Dept. of Information Security, SuwonUniversity

*****Naver 殚 檃檃 ₆㠛 ⌊㠦㍲⓪ ┺㟧䞲 㡺䝞㏢㓺⯒ 䢲㣿䞮ἶ 㧞┺. 㧊⩆ 䢮ἓ㠦㍲ 䟊╏ 㡺䝞㏢㓺㦮 䀾 㟓㩦 ⹥ 䕾䂮 䡚䢿㦚 㔺㔲Ṛ㦒⪲ 㩲Ὃ䞮㡂 ザ⯊Ợ ╖㻮䞮⓪ ộ㧊 㭧㣪䞮┺. Ⲓ㩖 ₆㠛 ⌊ 㠦㍲ Ⱔ㧊 ㌂㣿䞮⓪ 㡺䝞㏢㓺⯒ 㫆㌂䞲 䤚 Top 70 㡺䝞㏢㓺⯒ ㍶㩫䞮㡂 ⽊㞞 䀾㟓㩦 ⹥ 䕾䂮 䡚䢿㦚 䕢㞛䞲┺. 㔺㩲 䋂⪺Ⱇ㦚 䐋䟊 䀾㟓㩦㦚 㑮㰧䞲 䤚, 䞚㣪䞲 㩫⽊⯒ ṖὋ䞮㡂 㥏 ㍲゚㓺⪲ 㔲ṗ䢪 䞮㡂 㩲Ὃ䞲┺. ⡦䞲 䀾㟓㩦㧊 ⹲㌳䟞㦚 ➢ ₆㠛㠦㍲⓪ 㔺㔲Ṛ Ⲫ㧒 㞢⧢ ㍲゚㓺⯒ ⹱㞚⽒ 㑮 㧞⓪ ὒ㩫㦚 㩲㔲䞲┺. 1. 昢嵦 1.1 Ṳ⹲ ⺆ἓ ⹥ 䞚㣪㎇ IT 䡚㠛㦮 ㏢䝚䔎㤾㠊 㠪㰖┞㠊✺㦖 ┺㟧䞲 㡺䝞㏢ 㓺⯒ 䢲㣿䟊 Ṳ⹲䞮ἶ 㧞┺. 㧊➢ ㌂㣿䞮⓪ 㡺䝞㏢㓺 㦮 䀾㟓㩦 ⹥ 䕾䂮䡚䢿㦚 䟃㌗ ⳾┞䎆Ⱇ䞶 㑮 㠜┺⓪ 䡚㔺㩗㧎 䞲ἚṖ 㫊㨂䞲┺. 㧊⩂䞲 䞲Ἒ⯒ ⁏⽋䞮₆ 㥚䟊 㧦㭒 ㌂㣿♮⓪ ㌗㥚 70 Ṳ㦮 㡺䝞㏢㓺㦮 䀾㟓㩦 ⹥ 䕾䂮 䡚䢿㦚 㔺㔲Ṛ㦒⪲ 㩦Ỗ䞶 㑮 㧞⓪ 㠊✲⹪㧊 㩖 䝚⪲⁎⧾ Ṳ⹲㦮 䞚㣪㎇㧊 㧞┺. ➆⧒㍲, 㔺㔲Ṛ㦒 ⪲ 㡺䝞㏢㓺㦮 ⽊㞞 㥚䡧ὒ 䕾䂮㦮 㞢⧢㦚 ⽊⌒ 㑮 㧞⓪ 㧦☯䢪♲ 䝚⪲⁎⧾㦚 Ṳ⹲䞮㡂 IT 㔺ⶊ㠦 䣾㥾 㦚 㯳㰚䞮ἶ ⌃゚♮⓪ 㔲Ṛὒ ゚㣿㦚 㾲㏢䢪䞮ἶ㧦 䟞┺. 1.2 ₆㫊 ㍲゚㓺㢖㦮 㹾⼚㩦 ₆㠛 ⌊㠦㍲ ㌂㣿 ゞ☚Ṗ ⏨㦖 㡺䝞㏢㓺 䕢㞛 ⹥ 䀾㟓㩦㦚 䢫㧎䞶 㑮 㧞┺. 㔺㩲 䋂⪺Ⱇ㦚 䐋䟊 䞚㣪 䞲 㩫⽊⯒ 㔲ṗ䢪䞮㡂 㩲Ὃ䞶 㑮 㧞┺. ⡦䞲, ❇⪳䟊 ⏩㦖 㧊Ⲫ㧒⪲ ╏㧒 㡺䝞㏢㓺㦮 䀾㟓㩦 Ⰲ㓺䔎⯒ 㩚 ㏷ ⹱㦚 㑮 㧞┺. 2. 懾嵦 2.1 㔲㓺䎲 Ṳ㣪 㡺䝞㏢㓺⯒ 䢲㣿䟊 Ṳ⹲㧊 㰚䟟♮⓪ 㧞⓪ ㌗䢿㠦㍲ 䟊╏ 㡺䝞㏢㓺㦮 䀾㟓㩦 ⹥ 䕾䂮 䡚䢿㦚 㔺㔲Ṛ㦒⪲ 㩲Ὃ䞮㡂 ザ⯊Ợ ╖㻮䞮⓪ ộ㧊 㭧㣪䞮┺. ➆⧒㍲ ⽎ 䝚⪲㩳䔎㠦㍲⓪ ₆㠛㠦㍲ 㧦㭒 ㌂㣿䞮⓪ 㡺䝞㏢㓺⯒ ㍶㩫䞮㡂 ⽊㞞 䀾㟓㩦 ⹥ 䕾䂮 䡚䢿㦚 㔺㔲Ṛ㦒⪲ 䢫 㧎䞶 㑮 㧞☚⪳ 䞲┺. 2.2 ₆⓻ ㍺Ἒ ㌂㣿㧦Ṗ ⽊㞞 䀾㟓㩦 ⹥ 䕾䂮 䡚䢿㦚 㔺㔲Ṛ㦒⪲ 䢫 㧎䞶 㑮 㧞☚⪳ 5 Ṗ㰖㦮 ₆⓻㦚 ㍺Ἒ䟞┺. 䚲 1 㭒㣪₆⓻ ₆⓻ ㍺ⳛ 䋂⪺Ⱇ ㍶⼚♲ 㡺䝞㏢㓺 ⽊㞞 䕾䂮 䡚䢿㠦 ╖ 䞲 䋂⪺Ⱇ ◆㧊䎆 ⿚㍳ ⹥ ṖὋ 䋂⪺Ⱇ ◆㧊䎆⯒ ⿚㍳ ⹥ ṖὋ䞮㡂 DB 㩖㧻

135

-2020 온라인 춘계학술발표대회 논문집 제27권 제1호 (-2020. 5)

㔺㔲Ṛ 㞢⧢ 㡺䝞㏢㓺_㧊㣿䞲 ⽊㞞 㭧㣪☚㠦 ➆⯎ Ⲫ㧒㦚 㔺㔲Ṛ 㞢Ⱂ ◆㧊䎆 㔲ṗ 䢪 㡺䝞㏢㓺㠦 ὖ䞲 CVE 䐋Ἒ ⹥ 㔺㔲Ṛ ⳾┞䎆Ⱇ ◆㧊䎆 ⻞㡃 㡺䝞㏢㓺 㩫⽊ 㡗䞲⻞㡃 2.3 ㍲゚㓺 䦦⯚☚ ㍺Ἒ ⁎Ⱂٻڌٻ☯㧧ٻ䦦⯚☚ٻ 3. 割割笊 冶刂 3.1 䋂⪺Ⱇ CVE 䀾㟓㩦 ㌂㧊䔎㧎 NVD 㠦㍲ 㡺䝞㏢㓺㦮 䀾㟓㩦 㦚 䋂⪺Ⱇ䞮㡂 DB 㠦 㩖㧻䟞┺. 䟊╏ 䋂⪺Ⱇ㦖 䞮⬾ 㠦 䞲⻞㦮 㭒₆⪲ 㔺䟟♮㠊 ◆㧊䎆⯒ 㿪㿲䟊 㩖㧻䞲 ┺. 㧊 ➢, ₆㫊㠦 䢫㧎♲ 䀾㟓㩦㠦 ╖䟊㍲⓪ ┺㔲 䢫 㧎䞮㰖 㞠☚⪳ ㍺Ἒ䞮㡂 ㎇⓻ 䁷Ⳋ㦮 Ⰲ㓺䋂⯒ 㾲㏢ 䢪 䞮㡖┺. ⁎Ⱂٻڍٻڟڝ 㠦ٻ㩖㧻♲ٻ䀾㟓㩦ٻⰂ㓺䔎ٻ 3.2 㔺㔲Ṛ 㞢⧢ 䋂⪺Ⱇ ◆㧊䎆 㭧 ╏㧒 ⹲㌳䞲 㡺䝞㏢㓺㦮 䀾㟓㩦㦚 㿪㿲䞮㡂, ❇⪳♲ ㌂㣿㧦㦮 㧊Ⲫ㧒⪲ ╏㧒 㡺䝞㏢㓺 䀾㟓㩦 Ⰲ㓺䔎⯒ 㩚㏷䞲┺. ⁎ⰒٻڎٻⲪ㧒⪲ٻ㩚㏷♲ٻ㡺䝞㏢㓺ٻ䀾㟓㩦ٻ㔺㔲Ṛٻ㞢⧢ٻ 3.3 ◆㧊䎆 㔲ṗ䢪 CVE 䐋Ἒ ⹥ 㔺㔲Ṛ ⳾┞䎆Ⱇ㦚 㥚䟊 䀾㟓㩦 ◆㧊 䎆⯒ 㔲ṗ䢪 䞲┺. 㔲ṗ䢪㦮 䟋㕂㦖 㰗ὖ㩗㦒⪲ 㞢 㑮 㧞㠊㟒䞮ἶ 㥚䡧 ⩞⻾㠦 ➆⯎ ῂ⿚㧊 Ṗ⓻䞮☚⪳ ㍺Ἒ䞮㡖┺. ⁎Ⱂٻڏٻ㡺䝞㏢㓺ٻ䀾㟓㩦ٻ◆㧊䎆ٻ㔲ṗ䢪ٻ 4. 冶嵦 愕 窫篊 櫶割 㾲⁒ ┺㟧䞲 ㌆䞯㡆㠦㍲ 㡺䝞㏢㓺㦮 䢲㣿㧊 㯳Ṗ䞮 ἶ 㧞┺. 䟊╏ 㔲㓺䎲㦖 㧊⩂䞲 Ὁ㠦㍲ 㡺䝞㏢㓺 䀾 㟓㩦㠦 ╖䞲 㔺㔲Ṛ 㞢⧢㦚 䐋䞲 㔶㏣䞲 ╖㦧 Ṗ⓻䞶

136

-2020 온라인 춘계학술발표대회 논문집 제27권 제1호 (-2020. 5)

ộ㦒⪲ ₆╖♲┺. ⡦䞲, 㾲㔶 ⽊㞞 䀾㟓㩦 ἓ䟻 䕢㞛 㦒⪲ 㡺䝞㏢㓺 䢲㣿㠦 ╖䞲 ⽊㞞 㥚䡧 㾲㏢䢪㠦 ☚㤖 㦚 㭚 㑮 㧞㦚 ộ㧊┺. Ⱎ㰖Ⱏ㦒⪲ Threat Intelligence 㦒⪲ ⽊㞞 㥚䡧㠦 ╖䞲 㧦☯䢪♲ ╖㦧 㼊Ἒ 䢫Ⱃ䞶 ộ㦚 ₆╖䞲┺. 䟻䤚 䋂⪺Ⱇ䞲 㡺䝞㏢㓺 䀾㟓㩦 ◆㧊䎆㦮 㕂䂋 ⿚ ㍳ ⹥ 㥚䡧 ⩞⻾㠦 ╖䞲 ṖὋ㦚 㰚䟟䞶 ộ㧊┺. ⻞㡃 API ⯒ 㧊㣿䞲 㡗䞲 ⻞㡃㦚 䐋䟊 ╊╏㧦Ṗ 㓓Ợ 㥚䡧 㦚 䕦┾ 䞶 㑮 㧞☚⪳ 䢫㧻䞶 㡞㩫㧊┺. ⡦䞲 㡺䝞㏢ 㓺㦮 䢫㧻㦚 䐋䟊 㫖 ▪ Ⱔ㦖 㡺䝞㏢㓺 䀾㟓㩦㦚 㔺 㔲Ṛ㦒⪲ 䌦㰖䞮ἶ ⹮㡗䞶 㑮 㧞☚⪳ 䞶 ộ㧊┺. 焾焾処怾竒 [1] ㏷㍳Ⰲ, 㧊䡚㞚. “⳾⚦㦮 ◆㧊䎆 ⿚㍳ with 䕢㧊㗂”, 2019 [2] ㌂䃊䌖 䆪㧊䂮. “㡞㩲⪲ 㓓Ợ ⺆㤆⓪ 㓺䝚Ⱇ 䝚⩞ 㧚㤢䋂 3.0”, 2012

⽎G ⏒ⶎ㦖G ὒ䞯₆㑶㩫⽊䐋㔶⿖G

㩫⽊䐋㔶㺓㦮㧎㨂㟧㎇㌂㠛㦮G 㰖㤦㦚G 䐋䟊G 㑮䟟䞲



pj{Ⲯ䏶ⰗG 䝚⪲㩳䔎G ἆὒⶒ㧛┞┺U



137

-2020 온라인 춘계학술발표대회 논문집 제27권 제1호 (-2020. 5)