㡺
㡺䝞㏢㓺
⽊㞞 䀾㟓㩦
䕾䂮
䡚
䡚䢿
㔺
㔺㔲Ṛ
㞢
㞢Ⱂ
㔲
㔲㓺䎲
㾲㰖㦖*, ῂ㡞Ⱂ**, 㩚㍶㰚*** 㤆㧎**** 㧊⼧䧂***** *▫㎇㡂㧦╖䞯ᾦ 䅊䜾䎆Ὃ䞯ὒ **ἓ₆╖䞯ᾦ 䅊䜾䎆ὒ䞯ὒ ***㒃㔺╖䞯ᾦ ㏢䝚䔎㤾㠊䞯 ****㑮㤦╖䞯ᾦ 㩫⽊⽊䢎䞯ὒ *****⍺㧊⻚(㭒)skskje312@naver.com, hoyu210@gmail.com, seonjinjeon.12@gmail.com, shionista@gmail.com, flittermouse@naver.com
G
OpenSource Security Vulnerability Real-Time Notification System
Ji Eun Choi*,Ye Lim Koo**, Seon Jin Jeon***, Woo In Park****, Byoung Hee Lee*****
* Dept. of Computer Engineering, Duksung Women’s University ** Dept. of Computer Science, Kyonggi University
*** Dept. of Software, Soongsil University **** Dept. of Information Security, SuwonUniversity
*****Naver 殚 檃檃 ₆㠛 ⌊㠦㍲⓪ ┺㟧䞲 㡺䝞㏢㓺⯒ 䢲㣿䞮ἶ 㧞┺. 㧊⩆ 䢮ἓ㠦㍲ 䟊╏ 㡺䝞㏢㓺㦮 䀾 㟓㩦 䕾䂮 䡚䢿㦚 㔺㔲Ṛ㦒⪲ 㩲Ὃ䞮㡂 ザ⯊Ợ ╖㻮䞮⓪ ộ㧊 㭧㣪䞮┺. Ⲓ㩖 ₆㠛 ⌊ 㠦㍲ Ⱔ㧊 ㌂㣿䞮⓪ 㡺䝞㏢㓺⯒ 㫆㌂䞲 䤚 Top 70 㡺䝞㏢㓺⯒ ㍶㩫䞮㡂 ⽊㞞 䀾㟓㩦 䕾䂮 䡚䢿㦚 䕢㞛䞲┺. 㔺㩲 䋂⪺Ⱇ㦚 䐋䟊 䀾㟓㩦㦚 㑮㰧䞲 䤚, 䞚㣪䞲 㩫⽊⯒ ṖὋ䞮㡂 㥏 ㍲゚㓺⪲ 㔲ṗ䢪 䞮㡂 㩲Ὃ䞲┺. ⡦䞲 䀾㟓㩦㧊 ㌳䟞㦚 ➢ ₆㠛㠦㍲⓪ 㔺㔲Ṛ Ⲫ㧒 㞢⧢ ㍲゚㓺⯒ 㞚⽒ 㑮 㧞⓪ ὒ㩫㦚 㩲㔲䞲┺. 1. 昢嵦 1.1 Ṳ ⺆ἓ 䞚㣪㎇ IT 䡚㠛㦮 ㏢䝚䔎㤾㠊 㠪㰖┞㠊✺㦖 ┺㟧䞲 㡺䝞㏢ 㓺⯒ 䢲㣿䟊 Ṳ䞮ἶ 㧞┺. 㧊➢ ㌂㣿䞮⓪ 㡺䝞㏢㓺 㦮 䀾㟓㩦 䕾䂮䡚䢿㦚 䟃㌗ ⳾┞䎆Ⱇ䞶 㑮 㠜┺⓪ 䡚㔺㩗㧎 䞲ἚṖ 㫊㨂䞲┺. 㧊⩂䞲 䞲Ἒ⯒ ⁏⽋䞮₆ 㥚䟊 㧦㭒 ㌂㣿♮⓪ ㌗㥚 70 Ṳ㦮 㡺䝞㏢㓺㦮 䀾㟓㩦 䕾䂮 䡚䢿㦚 㔺㔲Ṛ㦒⪲ 㩦Ỗ䞶 㑮 㧞⓪ 㠊✲㧊 㩖 䝚⪲⁎⧾ Ṳ㦮 䞚㣪㎇㧊 㧞┺. ➆⧒㍲, 㔺㔲Ṛ㦒 ⪲ 㡺䝞㏢㓺㦮 ⽊㞞 㥚䡧ὒ 䕾䂮㦮 㞢⧢㦚 ⽊⌒ 㑮 㧞⓪ 㧦☯䢪♲ 䝚⪲⁎⧾㦚 Ṳ䞮㡂 IT 㔺ⶊ㠦 䣾㥾 㦚 㯳㰚䞮ἶ ⌃゚♮⓪ 㔲Ṛὒ ゚㣿㦚 㾲㏢䢪䞮ἶ㧦 䟞┺. 1.2 ₆㫊 ㍲゚㓺㢖㦮 㹾⼚㩦 ₆㠛 ⌊㠦㍲ ㌂㣿 ゞ☚Ṗ ⏨㦖 㡺䝞㏢㓺 䕢㞛 䀾㟓㩦㦚 䢫㧎䞶 㑮 㧞┺. 㔺㩲 䋂⪺Ⱇ㦚 䐋䟊 䞚㣪 䞲 㩫⽊⯒ 㔲ṗ䢪䞮㡂 㩲Ὃ䞶 㑮 㧞┺. ⡦䞲, ❇⪳䟊 ⏩㦖 㧊Ⲫ㧒⪲ ╏㧒 㡺䝞㏢㓺㦮 䀾㟓㩦 Ⰲ㓺䔎⯒ 㩚 ㏷ 㦚 㑮 㧞┺. 2. 懾嵦 2.1 㔲㓺䎲 Ṳ㣪 㡺䝞㏢㓺⯒ 䢲㣿䟊 Ṳ㧊 㰚䟟♮⓪ 㧞⓪ ㌗䢿㠦㍲ 䟊╏ 㡺䝞㏢㓺㦮 䀾㟓㩦 䕾䂮 䡚䢿㦚 㔺㔲Ṛ㦒⪲ 㩲Ὃ䞮㡂 ザ⯊Ợ ╖㻮䞮⓪ ộ㧊 㭧㣪䞮┺. ➆⧒㍲ ⽎ 䝚⪲㩳䔎㠦㍲⓪ ₆㠛㠦㍲ 㧦㭒 ㌂㣿䞮⓪ 㡺䝞㏢㓺⯒ ㍶㩫䞮㡂 ⽊㞞 䀾㟓㩦 䕾䂮 䡚䢿㦚 㔺㔲Ṛ㦒⪲ 䢫 㧎䞶 㑮 㧞☚⪳ 䞲┺. 2.2 ₆⓻ ㍺Ἒ ㌂㣿㧦Ṗ ⽊㞞 䀾㟓㩦 䕾䂮 䡚䢿㦚 㔺㔲Ṛ㦒⪲ 䢫 㧎䞶 㑮 㧞☚⪳ 5 Ṗ㰖㦮 ₆⓻㦚 ㍺Ἒ䟞┺. 䚲 1 㭒㣪₆⓻ ₆⓻ ㍺ⳛ 䋂⪺Ⱇ ㍶⼚♲ 㡺䝞㏢㓺 ⽊㞞 䕾䂮 䡚䢿㠦 ╖ 䞲 䋂⪺Ⱇ ◆㧊䎆 ㍳ ṖὋ 䋂⪺Ⱇ ◆㧊䎆⯒ ㍳ ṖὋ䞮㡂 DB 㩖㧻
135
-2020 온라인 춘계학술발표대회 논문집 제27권 제1호 (-2020. 5)㔺㔲Ṛ 㞢⧢ 㡺䝞㏢㓺㧊㣿䞲 ⽊㞞 㭧㣪☚㠦 ➆⯎ Ⲫ㧒㦚 㔺㔲Ṛ 㞢Ⱂ ◆㧊䎆 㔲ṗ 䢪 㡺䝞㏢㓺㠦 ὖ䞲 CVE 䐋Ἒ 㔺㔲Ṛ ⳾┞䎆Ⱇ ◆㧊䎆 ⻞㡃 㡺䝞㏢㓺 㩫⽊ 㡗䞲⻞㡃 2.3 ㍲゚㓺 䦦⯚☚ ㍺Ἒ ⁎Ⱂٻڌٻ☯㧧ٻ䦦⯚☚ٻ 3. 割割笊 冶刂 3.1 䋂⪺Ⱇ CVE 䀾㟓㩦 ㌂㧊䔎㧎 NVD 㠦㍲ 㡺䝞㏢㓺㦮 䀾㟓㩦 㦚 䋂⪺Ⱇ䞮㡂 DB 㠦 㩖㧻䟞┺. 䟊╏ 䋂⪺Ⱇ㦖 䞮⬾ 㠦 䞲⻞㦮 㭒₆⪲ 㔺䟟♮㠊 ◆㧊䎆⯒ 㿪㿲䟊 㩖㧻䞲 ┺. 㧊 ➢, ₆㫊㠦 䢫㧎♲ 䀾㟓㩦㠦 ╖䟊㍲⓪ ┺㔲 䢫 㧎䞮㰖 㞠☚⪳ ㍺Ἒ䞮㡂 ㎇⓻ 䁷Ⳋ㦮 Ⰲ㓺䋂⯒ 㾲㏢ 䢪 䞮㡖┺. ⁎Ⱂٻڍٻڟڝ 㠦ٻ㩖㧻♲ٻ䀾㟓㩦ٻⰂ㓺䔎ٻ 3.2 㔺㔲Ṛ 㞢⧢ 䋂⪺Ⱇ ◆㧊䎆 㭧 ╏㧒 ㌳䞲 㡺䝞㏢㓺㦮 䀾㟓㩦㦚 㿪㿲䞮㡂, ❇⪳♲ ㌂㣿㧦㦮 㧊Ⲫ㧒⪲ ╏㧒 㡺䝞㏢㓺 䀾㟓㩦 Ⰲ㓺䔎⯒ 㩚㏷䞲┺. ⁎ⰒٻڎٻⲪ㧒⪲ٻ㩚㏷♲ٻ㡺䝞㏢㓺ٻ䀾㟓㩦ٻ㔺㔲Ṛٻ㞢⧢ٻ 3.3 ◆㧊䎆 㔲ṗ䢪 CVE 䐋Ἒ 㔺㔲Ṛ ⳾┞䎆Ⱇ㦚 㥚䟊 䀾㟓㩦 ◆㧊 䎆⯒ 㔲ṗ䢪 䞲┺. 㔲ṗ䢪㦮 䟋㕂㦖 㰗ὖ㩗㦒⪲ 㞢 㑮 㧞㠊㟒䞮ἶ 㥚䡧 ⩞㠦 ➆⯎ ῂ㧊 Ṗ⓻䞮☚⪳ ㍺Ἒ䞮㡖┺. ⁎Ⱂٻڏٻ㡺䝞㏢㓺ٻ䀾㟓㩦ٻ◆㧊䎆ٻ㔲ṗ䢪ٻ 4. 冶嵦 愕 窫篊 櫶割 㾲⁒ ┺㟧䞲 ㌆䞯㡆㠦㍲ 㡺䝞㏢㓺㦮 䢲㣿㧊 㯳Ṗ䞮 ἶ 㧞┺. 䟊╏ 㔲㓺䎲㦖 㧊⩂䞲 Ὁ㠦㍲ 㡺䝞㏢㓺 䀾 㟓㩦㠦 ╖䞲 㔺㔲Ṛ 㞢⧢㦚 䐋䞲 㔶㏣䞲 ╖㦧 Ṗ⓻䞶
136
-2020 온라인 춘계학술발표대회 논문집 제27권 제1호 (-2020. 5)ộ㦒⪲ ₆╖♲┺. ⡦䞲, 㾲㔶 ⽊㞞 䀾㟓㩦 ἓ䟻 䕢㞛 㦒⪲ 㡺䝞㏢㓺 䢲㣿㠦 ╖䞲 ⽊㞞 㥚䡧 㾲㏢䢪㠦 ☚㤖 㦚 㭚 㑮 㧞㦚 ộ㧊┺. Ⱎ㰖Ⱏ㦒⪲ Threat Intelligence 㦒⪲ ⽊㞞 㥚䡧㠦 ╖䞲 㧦☯䢪♲ ╖㦧 㼊Ἒ 䢫Ⱃ䞶 ộ㦚 ₆╖䞲┺. 䟻䤚 䋂⪺Ⱇ䞲 㡺䝞㏢㓺 䀾㟓㩦 ◆㧊䎆㦮 㕂䂋 ㍳ 㥚䡧 ⩞㠦 ╖䞲 ṖὋ㦚 㰚䟟䞶 ộ㧊┺. ⻞㡃 API ⯒ 㧊㣿䞲 㡗䞲 ⻞㡃㦚 䐋䟊 ╊╏㧦Ṗ 㓓Ợ 㥚䡧 㦚 䕦┾ 䞶 㑮 㧞☚⪳ 䢫㧻䞶 㡞㩫㧊┺. ⡦䞲 㡺䝞㏢ 㓺㦮 䢫㧻㦚 䐋䟊 㫖 ▪ Ⱔ㦖 㡺䝞㏢㓺 䀾㟓㩦㦚 㔺 㔲Ṛ㦒⪲ 䌦㰖䞮ἶ 㡗䞶 㑮 㧞☚⪳ 䞶 ộ㧊┺. 焾焾処怾竒 [1] ㏷㍳Ⰲ, 㧊䡚㞚. “⳾⚦㦮 ◆㧊䎆 ㍳ with 䕢㧊㗂”, 2019 [2] ㌂䃊䌖 䆪㧊䂮. “㡞㩲⪲ 㓓Ợ ⺆㤆⓪ 㓺䝚Ⱇ 䝚⩞ 㧚㤢䋂 3.0”, 2012