본문 바로가기
  • Home

Cluster-Based Similarity Calculation of IT Assets: Method of Attacker's Next Targets Detection

  • Journal of The Korea Society of Computer and Information
  • Abbr : JKSCI
  • 2024, 29(5), pp.1-10
  • DOI : 10.9708/jksci.2024.29.05.001
  • Publisher : The Korean Society Of Computer And Information
  • Research Area : Engineering > Computer Science
  • Received : April 29, 2024
  • Accepted : May 20, 2024
  • Published : May 31, 2024

Dongsung Kim 1 Seon-Gyoung Shon 2 Dan Dongseong Kim 3 Huy-Kang Kim 1

1고려대학교
2한국전자통신연구원
3University of Queensland

Accredited

ABSTRACT

Attackers tend to use similar vulnerabilities when finding their next target IT assets. They also continuously search for new attack targets. Therefore, it is essential to find the potential targets of attackers in advance. Our method proposes a novel approach for efficient vulnerable asset management and zero-day response. In this paper, we propose the ability to detect the IT assets that are potentially infected by the recently discovered vulnerability based on clustering and similarity results. As the experiment results, 86% of all collected assets are clustered within the same clustering. In addition, as a result of conducting a similarity calculation experiment by randomly selecting vulnerable assets, assets using the same OS and service were listed.

Citation status

* References for papers published after 2022 are currently being built.

This paper was written with support from the National Research Foundation of Korea.