Journal articles on the topic 'Security, Fuzzing'
To see the other types of publications on this topic, follow the link: Security, Fuzzing.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Security, Fuzzing.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Wu, Xiao Lei. "Research on Network Security Algorithm Based on ZigBee Technology." Applied Mechanics and Materials 608-609 (October 2014): 503–6. http://dx.doi.org/10.4028/www.scientific.net/amm.608-609.503.
Full textAbstract:
Paper study the MAC layer security mechanism and data frame structure in ZigBee protocol, improve the algorithm for random Fuzzing test technology, and test method of attack fusion boundary, structure of Fuzzing and the node clone, proposed a ZigBee routing protocol for the MAC layer security comprehensive detection algorithm. Fuzzing test show that the testing algorithm can not only greatly improve the test efficiency in Fuzzing, more than the structure of Fuzzing is increased by 50% in path coverage.
2
Sharkov, Ivan Vladimirovich, Vartan Andronikovich Padaryan, and Petr Vladimirovich Khenkin. "Features of fuzzing network interfaces without source codes." Proceedings of the Institute for System Programming of the RAS 33, no. 4 (2021): 211–26. http://dx.doi.org/10.15514/ispras-2021-33(4)-15.
Full textAbstract:
The digital transformation of society is leading to the creation of a large number of distributed automated information systems in various areas of modern life. The need to meet security and reliability requirements prompts the creation of tools for their automated testing. Fuzzing within the security development lifecycle (SDL) is a strictly required tool for solving this problem. Tools for fuzzing binary-only applications are in demand too. These kind of fuzzing tools provide the search for critical defects in already functioning systems. It is especially acute when researching the security of proprietary systems operating using closed protocols. In the course of the research, it was found out that for fuzzing network applications in the absence of source codes, the use of universal fuzzers is complicated by many factors. These circumstances are pushing for the creation of an easy-to-use tool for network applications fuzzing. The paper discusses the features of fuzzing of this kind of programs and suggests possible solutions to the identified tasks.
3
Song, Congxi, Xu Zhou, Qidi Yin, Xinglu He, Hangwei Zhang, and Kai Lu. "P-Fuzz: A Parallel Grey-Box Fuzzing Framework." Applied Sciences 9, no. 23 (November 25, 2019): 5100. http://dx.doi.org/10.3390/app9235100.
Full textAbstract:
Fuzzing is an effective technology in software testing and security vulnerability detection. Unfortunately, fuzzing is an extremely compute-intensive job, which may cause thousands of computing hours to find a bug. Current novel works generally improve fuzzing efficiency by developing delicate algorithms. In this paper, we propose another direction of improvement in this field, i.e., leveraging parallel computing to improve fuzzing efficiency. In this way, we develop P-fuzz, a parallel fuzzing framework that can utilize massive, distributed computing resources to fuzz. P-fuzz uses a database to share the fuzzing status such as seeds, the coverage information, etc. All fuzzing nodes get tasks from the database and update their fuzzing status to the database. Also, P-fuzz handles some data races and exceptions in parallel fuzzing. We compare P-fuzz with AFL and a parallel fuzzing framework Roving in our experiment. The result shows that P-fuzz can easily speed up AFL about 2.59× and Roving about 1.66× on average by using 4 nodes.
4
Vishnyakov, Alexey, Eli Kobrin, and Andrey Fedotov. "Error detection in binary code with dynamic symbolic execution." Proceedings of the Institute for System Programming of the RAS 34, no. 2 (2022): 25–42. http://dx.doi.org/10.15514/ispras-2022-34(2)-3.
Full textAbstract:
Modern software is rapidly developing, revealing new program errors. More and more companies follow security development lifecycle (SDL). Fuzzing and symbolic execution are among the most popular options for supporting SDL. They allow to automatically test programs and find errors. Hybrid fuzzing is one of the most effective ways to test programs, which combines these two techniques. Checking security predicates during symbolic execution is an advanced technique, which focuses on solving extra constraints for input data to find an error and generate an input file to reproduce it. In this paper we propose a method for automatically detecting errors with the help of dynamic symbolic execution, combining hybrid fuzzing and checking security predicates. Firstly, we run hybrid fuzzing, which is required to increase number of corpora seeds. Then we minimize corpora. Thus, it would give the same coverage as the original corpora. After that we check security predicates on minimized corpora. Thus, security predicates allow to find errors like division by zero, out of bounds access, integer overflow, and more. Security predicates results are later verified with sanitizers to filter false positive results. As a result of applying the proposed method to different open source programs, we found 11 new different errors in 5 projects.
5
Li, Tong, Xuan Huang, and Rui Huang. "Research on Software Security Vulnerability Discovery Based on Fuzzing." Applied Mechanics and Materials 635-637 (September 2014): 1609–13. http://dx.doi.org/10.4028/www.scientific.net/amm.635-637.1609.
Full textAbstract:
Nowadays, fuzzing is one of the most effective ways to identify software security vulnerabilities, especially when we want to discover vulnerabilities about documents. According to the principles and ideas of Fuzzing, a vulnerability discovery system named WFuzzer is developed. This system can overcome the disadvantage of old ways; it also effectively improves the detection of potential unknown security vulnerabilities. This system is more automated and performs better in finding new security vulnerabilities.
6
Hernández Ramos, Santiago, M. Teresa Villalba, and Raquel Lacuesta. "MQTT Security: A Novel Fuzzing Approach." Wireless Communications and Mobile Computing 2018 (2018): 1–11. http://dx.doi.org/10.1155/2018/8261746.
Full textAbstract:
The Internet of Things is a concept that is increasingly present in our lives. The emergence of intelligent devices has led to a paradigm shift in the way technology interacts with the environment, leading society to a smarter planet. Consequently, new advanced telemetry approaches appear to connect all kinds of devices with each other, with companies, or with other networks, such as the Internet. On the road to an increasingly interconnected world, where critical devices rely on communication networks to provide an essential service, there arises the need to ensure the security and reliability of these protocols and applications. In this paper, we discuss a security-based approach for MQTT (Message Queue Telemetry Transport), which stands out as a very lightweight and widely used messaging and information exchange protocol for IoT (Internet of Things) devices throughout the world. To that end, we propose the creation of a framework that allows for performing a novel, template-based fuzzing technique on the MQTT protocol. The first experimental results showed that performance of the fuzzing technique presented here makes it a good candidate for use in network architectures with low processing power sensors, such as Smart Cities. In addition, the use of this fuzzer in widely used applications that implement MQTT has led to the discovery of several new security flaws not hitherto reported, demonstrating its usefulness as a tool for finding security vulnerabilities.
7
Simon, Frank, and Daniel Simon. "Fuzzing: Testing Security in Maintenance Projects." Softwaretechnik-Trends 32, no. 2 (May 2012): 61–62. http://dx.doi.org/10.1007/bf03323481.
Full text
8
Godefroid, Patrice, Michael Y. Levin, and David Molnar. "SAGE: Whitebox Fuzzing for Security Testing." Queue 10, no. 1 (January 2012): 20–27. http://dx.doi.org/10.1145/2090147.2094081.
Full text
9
Gao, Yifei, Xu Zhou, Wei Xie, Baosheng Wang, Enze Wang, and Zhenhua Wang. "Optimizing IoT Web Fuzzing by Firmware Infomation Mining." Applied Sciences 12, no. 13 (June 24, 2022): 6429. http://dx.doi.org/10.3390/app12136429.
Full textAbstract:
IoT web fuzzing is an effective way to detect security flaws in IoT devices. However, without enough information of the tested targets, IoT web fuzzing is often blind and inefficient. In this paper, we propose to use static analysis to assist IoT web fuzzing. Our insight is that plenty of useful information is hidden in firmwares, which can be mined by static analysis and used to guide the subsequent dynamic analysis—fuzzing. Hence, our approach contains two stages: pre-fuzzing stage and fuzzing stage. In the pre-fuzzing stage, we perform static analysis on the IoT firmwares to exploit helpful information, such as web page paths, interfaces, and shared keywords. These kinds of information are used to construct diverse seeds for covering more web paths and interfaces, and are also used to prioritize seeds according to their importance (related to shared keywords) in the fuzzing stage. Based on this approach, we implement a prototype IoT web fuzzing system—IoTParser. Experiments show that IoTParser increased the vulnerability discovery capability by 44% on average, while increasing the vulnerability discovery efficiency by 48.2% on average compared with state-of-the-art IoT web fuzzer. In addition, IoTParser has found 13 vulnerabilities, including 7 0-day.
10
Qu, Sheng, Zheng Zhang, Bolin Ma, and Yuwen Shao. "Optimization Method of Web Fuzzy Test Cases Based on Genetic Algorithm." Journal of Physics: Conference Series 2078, no. 1 (November 1, 2021): 012015. http://dx.doi.org/10.1088/1742-6596/2078/1/012015.
Full textAbstract:
Abstract In order to solve the problems of low code coverage, few vulnerabilities found, and poor fuzzing effect caused by the small number of test cases and single types in Web fuzzing, on the basis of studying the current Web fuzzing methods, the existing fuzzing Web applications are tested Program research. A genetic algorithm-based method for optimizing fuzzing test cases for Web applications is proposed. It analyzes and counts the traffic of public network website business with Web service attack characteristics, and uses genetic algorithms to generate a large number of test cases with various types to explore the Web service vulnerability that exists. Based on the creation of a Web attack signature database with weights, this method uses genetic algorithms to randomly pre-generate the test cases of the fuzzing test, and uses the response of the Web service to repeatedly iterate the weights of different attack signatures in the Web attack signature database. So as to generate the best test cases. Experimental analysis shows that this method effectively finds security vulnerabilities in Web applications.
11
Vishnyakov, Alexey Vadimovich. "Analyzing properties of path predicate slicing algorithm." Proceedings of the Institute for System Programming of the RAS 34, no. 3 (2022): 7–12. http://dx.doi.org/10.15514/ispras-2022-34(3)-1.
Full textAbstract:
Security development lifecycle (SDL) is applied to improve software reliability and security. It extends program lifecycle with additional testing of security properties. Among other things, fuzz testing is widely used, which allows one to detect crashes and hangs of the analyzed code. The hybrid approach that combines fuzzing and dynamic symbolic execution showed even greater efficiency than classical fuzzing. Moreover, symbolic execution empowers one to add additional runtime checks called security predicates that detect memory errors and undefined behavior. This article explores the properties of the path predicate slicing algorithm that eliminates redundant constraints from a path predicate without accuracy loss. The article proves that the algorithm is finite and does not lose solutions. Moreover, the algorithm asymptotic complexity is estimated.
12
Dai, Huning, Christian Murphy, and Gail Kaiser. "CONFU." International Journal of Secure Software Engineering 1, no. 3 (July 2010): 41–55. http://dx.doi.org/10.4018/jsse.2010070103.
Full textAbstract:
Many software security vulnerabilities only reveal themselves under certain conditions, that is, particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, the authors present a new testing methodology called Configuration Fuzzing. Configuration Fuzzing is a technique whereby the configuration of the running application is mutated at certain execution points to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks “security invariants’’ that, if violated, indicate vulnerability. This paper discusses the approach and introduces a prototype framework called ConFu (CONfiguration FUzzing testing framework) for implementation. Additionally, the results of case studies that demonstrate the approach’s feasibility are presented along with performance evaluations.
13
Pietikäinen, Pekka, Atte Kettunen, and Juha Röning. "Steps Towards Fuzz Testing in Agile Test Automation." International Journal of Secure Software Engineering 7, no. 1 (January 2016): 38–52. http://dx.doi.org/10.4018/ijsse.2016010103.
Full textAbstract:
Including and automating secure software development activities into agile development processes is challenging. Fuzz testing is a practical method for finding vulnerabilities in software, but has some characteristics that do not directly map to existing processes. The main challenge is that fuzzing needs to continue to show value while requiring minimal effort. The authors present experiences and practical ways to utilize fuzzing in software development, and generic ways for developers to keep security in mind.
14
Serpanos, Dimitrios, and Konstantinos Katsigiannis. "Fuzzing: Cyberphysical System Testing for Security and Dependability." Computer 54, no. 9 (September 2021): 86–89. http://dx.doi.org/10.1109/mc.2021.3092479.
Full text
15
Minaev, V. A., A. V. Mazin, and G. S. Baidin. "AUTOMATED SEARCH OF SOFTWARE ERRORS BY FAZZING METHOD." Issues of radio electronics, no. 3 (March 20, 2019): 67–70. http://dx.doi.org/10.21778/2218-5453-2019-3-67-70.
Full textAbstract:
The paper considers fuzzing as a promising method of testing and error detection in software using the input of incorrect data to programs. Classification of the automated systems of errors search in the software with indication of their shortcomings is made. The substantiation of errors search advantages under the name Driller is given. The stages of Driller cyclic operation are considered including test data input, actual fuzzing, mixed execution and fuzzing repetition. It is emphasized that the Driller is an open source project. In addition, attention is drawn to the possibility of the specified program to eliminate the «exponential explosion» of considered execution paths number, and it effectiveness at a multiplicity of crossings between the paths of the program under test. It was shown that the Driller allows to effectively solve the problems of information security.
16
Pan, Yan, Wei Lin, Liang Jiao, and Yuefei Zhu. "Model-Based Grey-Box Fuzzing of Network Protocols." Security and Communication Networks 2022 (May 5, 2022): 1–13. http://dx.doi.org/10.1155/2022/6880677.
Full textAbstract:
The widely used network protocols play a crucial role in various systems. However, the protocol vulnerabilities caused by the design of the network protocol or its implementation by programmers lead to multiple security incidents and substantial losses. Hence, it is important to study the protocol fuzzing in order to ensure its correctness. However, the challenges of protocol fuzzing are the mutation of protocol messages and the deep interactivity of the protocol implementation. This paper proposes a model-based grey-box fuzzing approach for protocol implementations, including the server-side and client-side. The proposed method is divided into two phases: automata learning based on the minimally adequate teacher (MAT) framework and grey-box fuzzing guided by the learned model and code coverage. The StateFuzzer tool used for evaluation is presented to demonstrate the validity and feasibility of the proposed approach. The server-side fuzzing can achieve similar or higher code coverage and vulnerability discovery capability than those of AFLNET and StateAFL. Considering the client, the results show that it achieves 1.5X branch coverage (on average) compared with the default AFL, and 1.3X branch coverage compared with AFLNET and StateAFL, using the typical implementations such as OpenSSL, LibreSSL, and Live555. The StateFuzzer identifies a new memory corruption bug in Live555 (2021-08-25) and 14 distinct discrepancies based on differential testing.
17
Luo, Jian-Zhen, Chun Shan, Jun Cai, and Yan Liu. "IoT Application-Layer Protocol Vulnerability Detection using Reverse Engineering." Symmetry 10, no. 11 (November 1, 2018): 561. http://dx.doi.org/10.3390/sym10110561.
Full textAbstract:
Fuzzing is regarded as the most promising method for protocol vulnerabilities discovering in network security of Internet of Things (IoT). However, one fatal drawback of existing fuzzing methods is that a huge number of test files are required to maintain a high test coverage. In this paper, a novel method based on protocol reverse engineering is proposed to reduce the amount of test files for fuzzing. The proposed method uses techniques in the field of protocol reverse engineering to identify message formats of IoT application-layer protocol and create test files by generating messages with error fields according to message formats. The protocol message treated as a sequence of bytes is assumed to obey a statistic process with change-points indicating the boundaries of message fields. Then, a multi-change-point detection procedure is introduced to identify change-points of byte sequences according to their statistic properties and divide them into segments according to their change-points. The message segments are further processed via a position-based occurrence probability test analysis to identify keyword fields, data fields and uncertain fields. Finally, a message generation procedure with mutation operation on message fields is applied to construct test files for fuzzing test. The results show that the proposed method can effectively find out the message fields and significantly reduce the amount of test files for fuzzing test.
18
Wang, Ming-Hung, Han-Chi Wang, You-Ru Chen, and Chin-Laung Lei. "Automatic Test Pattern Generator for Fuzzing Based on Finite State Machine." Security and Communication Networks 2017 (2017): 1–11. http://dx.doi.org/10.1155/2017/7819590.
Full textAbstract:
With the rapid development of the Internet, several emerging technologies are adopted to construct fancy, interactive, and user-friendly websites. Among these technologies, HTML5 is a popular one and is widely used in establishing modern sites. However, the security issues in the new web technologies are also raised and are worthy of investigation. For vulnerability investigation, many previous studies used fuzzing and focused on generation-based approaches to produce test cases for fuzzing; however, these methods require a significant amount of knowledge and mental efforts to develop test patterns for generating test cases. To decrease the entry barrier of conducting fuzzing, in this study, we propose a test pattern generation algorithm based on the concept of finite state machines. We apply graph analysis techniques to extract paths from finite state machines and use these paths to construct test patterns automatically. According to the proposal, fuzzing can be completed through inputting a regular expression corresponding to the test target. To evaluate the performance of our proposal, we conduct an experiment in identifying vulnerabilities of the input attributes in HTML5. According to the results, our approach is not only efficient but also effective for identifying weak validators in HTML5.
19
Song, Guang Jun, Chun Lan Zhao, and Ming Li. "Study on Software Vulnerability Dynamic Discovering System." Applied Mechanics and Materials 151 (January 2012): 673–77. http://dx.doi.org/10.4028/www.scientific.net/amm.151.673.
Full textAbstract:
Developed a new system model of software vulnerability discovering, which was based on fuzzing, feature matching of API sequences and data mining. Overcame the disadvantages of old techniques, this new method effectively improves the detection of potential unknown security vulnerabilities in software. Besides, this method is more automated and performs better in finding new security vulnerabilities.
20
Mi, Xianya, Baosheng Wang, Yong Tang, Pengfei Wang, and Bo Yu. "SHFuzz: Selective Hybrid Fuzzing with Branch Scheduling Based on Binary Instrumentation." Applied Sciences 10, no. 16 (August 6, 2020): 5449. http://dx.doi.org/10.3390/app10165449.
Full textAbstract:
Hybrid fuzzing is a popular software testing technique that combines random fuzzing with concolic execution. It is widely used in the security domain known for its ability to find deeply hidden vulnerabilities and reach high code coverage. Hybrid fuzzing is based on negating branches in the execution path of a specific input to generate new test cases. However, due to numerous inputs and related branches, it does not show the best of its effectiveness without input and branch selection methods. In this paper, we systematically analyze the branch scheduling problem in the internal attributes of hybrid fuzzing, focusing on the synchronization mechanism. To solve the problems, we propose the Selective Hybrid Fuzzing (SHF) approach with branch scheduling based on binary instrumentation. There are two major parts to the SHF approach: (1) we propose a critical branch selection algorithm to select critical branches by three metrics: hit accuracy, solvability, and complexity; (2) we propose a priority score calculation algorithm to select inputs by the number of critical branches. With the SHF approach, we choose only the branches that can be negated to generate new coverage, instead of repeatedly executing the same branches and generating duplicates of inputs. We implement a hybrid fuzzer called SHFuzz with our SHF approach and compare it with the state-of-the-art hybrid fuzzer QSYM. In the evaluation, SHFuzz outperforms QSYM in 20 real-world applications from the Google Fuzzer Test Suite and other program suites in a 12 h test. On average, SHFuzz achieves 8.40% more code coverage and 100 more unique crashes in each application. Our work also finds existing vulnerabilities 7.85× faster than QSYM. We also find new bugs by SHFuzz, which QSYM fails to find. Our evaluation shows that the selective hybrid fuzzing approach can reduce the number of branches executed in concolic execution, enhancing hybrid fuzzing on code coverage and bug finding capabilities.
21
Wang, Zhiqiang, Yuheng Lin, Zihan Zhuo, Jieming Gu, and Tao Yang. "GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on Fuzzing." Security and Communication Networks 2021 (June 28, 2021): 1–14. http://dx.doi.org/10.1155/2021/9946022.
Full textAbstract:
Near-field communication (NFC) is a set of communication protocols that enable two electronic devices. Its security and reliability are welcomed by mobile terminal manufactures, banks, telecom operators, and third-party payment platforms. Simultaneously, it has also drawn more and more attention from hackers and attackers, and NFC-enabled devices are facing increasing threats. To improve the security of the NFC technology, the paper studied the technology of discovering security vulnerabilities of NFC Data Exchange Format (NDEF), the most important data transmission protocol. In the paper, we proposed an algorithm, GTCT (General Test Case Construction and Test), based on fuzzing to construct test cases and test the NDEF protocol. GTCT adopts four strategies to construct test cases, manual, generation, mutation, and “reverse analysis,” which can detect logic vulnerabilities that fuzzing cannot find and improve the detection rate. Based on GTCT, we designed an NDEF vulnerability discovering framework and developed a tool named “GNFCVulFinder” (General NFC Vulnerability Finder). By testing 33 NFC system services and applications on Android and Windows Phones, we found eight vulnerabilities, including DoS vulnerabilities of NFC service, logic vulnerabilities about opening Bluetooth/Wi-Fi/torch, design flaws about the black screen, and DoS of NFC applications. Finally, we give some security suggestions for the developer to enhance the security of NFC.
22
Wang, Xiaoyin, Jiaze Sun, Chunyang Hu, Panpan Yu, Bin Zhang, and Donghai Hou. "EtherFuzz: Mutation Fuzzing Smart Contracts for TOD Vulnerability Detection." Wireless Communications and Mobile Computing 2022 (August 26, 2022): 1–8. http://dx.doi.org/10.1155/2022/1565007.
Full textAbstract:
With the development of Internet of Things technology, the use of Internet of Things is expanding, and its security risk will become an important factor restricting the development of Internet of Things technology. The application of blockchain technology in the security field of the Internet of Things can improve security problems, and the blockchain has immutable characteristics. Therefore, it is particularly important to ensure the security of blockchain smart contracts. However, the order of transaction in smart contracts is easy to be operated by miners, and there is a relative lack of tools to detect TOD (transaction-ordering dependent) vulnerabilities. The current smart contract vulnerability detection methods have the problems of low efficiency and low accuracy. Therefore, based on the study of TOD vulnerability principle, this paper creatively highlights a mutation fuzzy testing method EtherFuzz to specifically detect TOD vulnerability in smart contracts. Use the intelligent contract ABI (application binary interface) to generate test cases, test the byte code of the intelligent contract, use TOD to test oracle to detect TOD vulnerabilities, and then, mutate the tested data to generate new test cases. Finally, the behavior of smart contract operation is recorded, and the fuzzy test process is controlled until the vulnerability is detected. The experimental results show that when 987 token contracts are selected as Ethereum test objects, the false-positive rate, detection time overhead, and detection storage overhead of EtherFuzz are reduced by 74.4%, 30.1%, and 28.1%, respectively. Therefore, EtherFuzz has high speed, efficiency, and accuracy in detecting TOD vulnerabilities and has excellent application value.
23
He, Ziheng, Peng Jia, Yong Fang, Yuying Liu, and Hairu Luo. "SwitchFuzz: Switch Short-Term Goals in Directed Grey-Box Fuzzing." Applied Sciences 12, no. 21 (November 2, 2022): 11097. http://dx.doi.org/10.3390/app122111097.
Full textAbstract:
In recent years, fuzzing has become a powerful tool for security researchers to uncover security vulnerabilities. It is used to discover software vulnerabilities by continuously generating malformed inputs to trigger bugs. Directed grey-box fuzzing has also been widely used in the verification of patch testing and in vulnerability reproduction. For directed grey-box fuzzing, the core problem is to make test cases reach the target and trigger vulnerabilities faster. Selecting seeds that are closer to the target site to be mutated first is an effective method. For this purpose, the DGF calculates the distance between the execution path and the target site by a specific algorithm. However, as time elapses in the execution process, the seeds covering a larger amount of basic blocks may be overlooked due to their long distances. At the same time, directed fuzzing often ignores the impact of coverage on test efficiency, resulting in a local optimum problem without accumulating enough valuable test cases. In this paper, we analyze and discuss these problems and propose SwitchFuzz, a fuzzer that can switch short-term goals during execution. SwitchFuzz keeps shortening the distance of test cases to reach the target point when it performs well and prioritizes reaching the target point. When positive feedback is not achieved over a period of time, SwitchFuzz tries to explore more possibilities. We compared the efficiency of SwitchFuzz with that of AFLGO in setting single target and multiple targets for crash recurrence in our experiments, respectively. The results show that SwitchFuzz produces a significant improvement over AFLGO in both the speed and the probability of triggering a specified crash. SwitchFuzz can discover more edges than AFLGO in the same amount of time and can generate seeds with smaller distances.
24
Pachnik, Marcin. "Methods of generating test data for carrying out the fuzzing process." Computer Science and Mathematical Modelling, no. 9/2019 (November 30, 2019): 27–32. http://dx.doi.org/10.5604/01.3001.0013.6603.
Full textAbstract:
The article presents and compares modern methods of generating test data in the process of automatic software security testing, so called fuzz testing. The publication contains descriptions of methods used, among others, in local, network or web applications, and then compares them and evaluates their effectiveness in the process of ensuring software security. The impact of the quality of test data corpus on the effectiveness of automated security testing has been assessed.
25
Feng, Tao, and Jinkun Liu. "Optimization Research of Directed Fuzzing Based on AFL." Electronics 11, no. 24 (December 7, 2022): 4066. http://dx.doi.org/10.3390/electronics11244066.
Full textAbstract:
Fuzz testing is the process of testing programs by continually producing unique inputs in order to detect and identify security flaws. It is often used in vulnerability mining. The most prevalent fuzzing approach is grey-box fuzzing, which combines lightweight code instrumentation with data-feedback-driven generation of fresh program input seeds. AFL (American Fuzzy Lop) is an outstanding grey-box fuzzing tool that is well known for its quick fork server execution, dependable genetic algorithm, and numerous mutation techniques. AFLGO proposes and executes power scheduling based on a simulated annealing process for a more appropriate energy allocation to seeds, however it is neither reliable nor successful. To tackle this issue, we offer an energy-dynamic scheduling strategy based on the algorithm of the fruit fly. Adjusting the energy of the seeds dynamically controls the production of test cases. The findings demonstrate that the approach suggested in this research can test the target region more rapidly and thoroughly and has a high application value for patch testing and vulnerability replication.
26
Guan, Quan Long, Guo Xiang Yao, Kai Bin Ni, and Mei Xiu Zhou. "Research on Fuzzing Test Data Engine for Web Vulnerability." Advanced Materials Research 211-212 (February 2011): 500–504. http://dx.doi.org/10.4028/www.scientific.net/amr.211-212.500.
Full textAbstract:
With the rapid growth of e-commerce, various types of complex applications appear in web environments. web-based system testing is different from traditional software testing. The unpredictability of Internet and web systems makes it difficult to test web-based system. This paper presents an engine for Fuzzing test data towards web control vulnerabilities, and introduces "heuristic rules" and "tagged words" to generate the test data. This method can increase the intelligence of security testing and build the foundation of web vulnerability detection model.
27
Gu, Yeming, Hui Shu, Rongkuan Ma, Lin Yan, and Lei Zhu. "SpotFuzzer: Static Instrument and Fuzzing Windows COTs." Security and Communication Networks 2022 (August 30, 2022): 1–13. http://dx.doi.org/10.1155/2022/4911587.
Full textAbstract:
The security research on Windows has received little attention in the academic circle. Most of the new methods are usually designed for the Linux system and are difficult to transplant to Windows. Fuzzing for Windows programs always suffers from its closed source. Therefore, we need to find an appropriate way to achieve feedback from Windows programs. To our knowledge, there are no stable and scalable static instrumentation tools for Windows yet, and dynamic tools, such as DynamoRIO, have been criticized for their performance. To make matters worse, dynamic instrumentation tools have very limited usage scenarios and are impotent for many system services or large commercial software. In this paper, we proposed SpotInstr, a novel static tool for instrumenting Windows binaries. It is lightweight and can instrument most Windows PE programs in a very short time. At the same time, SpotInstr provides a set of filters, which can be used to select instrumentation points or restrict the target regions. Based on these filters, we propose a novel selective instrumentation method which can speed up both instrumentation and fuzzing. After that, we design a system called SpotFuzzer, which leverages the ability of SpotInstr and can fuzz most Windows binaries. We tested SpotInstr and SpotFuzzer in multiple dimensions to show their superior performance and stability.
28
Okokpujie, Kennedy, Grace Chinyere Kennedy, Vingi Patrick Nzanzu, Mbasa Joaquim Molo, Emmanuel Adetiba, and Joke Badejo. "ANOMALY-BASED INTRUSION DETECTION FOR A VEHICLE CAN BUS: A CASE FOR HYUNDAI AVANTE CN7." Journal of Southwest Jiaotong University 56, no. 5 (October 30, 2021): 144–56. http://dx.doi.org/10.35741/issn.0258-2724.56.5.14.
Full textAbstract:
Flooding, spoofing, replay, and fuzzing are common in various types of attacks faced by enterprises and various network systems. In-vehicle network systems are not immune to attacks and threats. Intrusion detection systems using different algorithms are proposed to enhance the security of the in-vehicle network. We use a dataset provided and collected in "Car Hacking: Attack and Defense Challenge" during 2020. This dataset has been realized by the organizers of the challenge for security researchers. With the aid of this dataset, the work aimed to develop attack and detection techniques of Controller Area Network (CAN) using different algorithms such as support vector machine and Feedforward Neural Network. This research work also provides a comparison of the rendering of these algorithms. Based on experimental results, this work will help future researchers to benchmark their results for the given dataset. The results obtained in this work show that the model selection does not depend only on the model's accuracy that is explained by the accuracy paradox. Therefore, for the overall result accuracy of 62.65%, they show that the support vector machine presents the most satisfying output in terms of precision and recall. The Radial basis kernel gives 65% and 67% precision for fuzzing and flooding and the recall of 64% and 100% for replay and spoofing, respectively.
29
Ashraf, Imran, Xiaoxue Ma, Bo Jiang, and W. K. Chan. "GasFuzzer: Fuzzing Ethereum Smart Contract Binaries to Expose Gas-Oriented Exception Security Vulnerabilities." IEEE Access 8 (2020): 99552–64. http://dx.doi.org/10.1109/access.2020.2995183.
Full text
30
Liu, Yuying, Pin Yang, Peng Jia, Ziheng He, and Hairu Luo. "MalFuzz: Coverage-guided fuzzing on deep learning-based malware classification model." PLOS ONE 17, no. 9 (September 15, 2022): e0273804. http://dx.doi.org/10.1371/journal.pone.0273804.
Full textAbstract:
With the continuous development of deep learning, more and more domains use deep learning technique to solve key problems. The security issues of deep learning models have also received more and more attention. Nowadays, malware has become a huge security threat in cyberspace. Traditional signature-based malware detection methods are not adaptable to the current large-scale malware detection. Thus many deep learning-based malware detection models are widely used in real malware detection scenarios. Therefore, we need to secure the deep learning-based malware detection models. However, model testing currently focuses on image and natural language processing models. There is no related work to test deep learning-based malware detection models specifically. Therefore, to fill this gap, we propose MalFuzz. MalFuzz uses the idea of coverage-guided fuzzing to test deep learning-based malware detection models. To solve the model state representation problem, MalFuzz uses the first and last layer neuron values to approximately represent the model state. To solve the new coverage calculation problem, MalFuzz uses the fast approximate nearest neighbor algorithm to compute the new coverage. The mutation strategy and seed selection strategy in image model or natural language processing model testing is not appropriate in deep learning-based malware detection model testing. Hence MalFuzz designs the seed selection strategy and seed mutation strategy for malware detection model testing. We performed extensive experiments to demonstrate the effectiveness of MalFuzz. Based on MalConv, Convnet, and CNN 2-d, we compared the modified TensorFuzz and MAB-malware with MalFuzz. Experiment results show that MalFuzz can detect more model classification errors. Likewise, the mutation operation of MalFuzz can retain the original functionality of malware with high probability. Moreover, the seed selection strategy of MalFuzz can help us explore the model state space quickly.
31
Cheng, Yixuan, Wenqing Fan, Wei Huang, Gaoqing Yu, Yu Han, Hang Dong, and Wen Liu. "PDFuzzerGen: Policy-Driven Black-Box Fuzzer Generation for Smart Devices." Security and Communication Networks 2022 (April 27, 2022): 1–14. http://dx.doi.org/10.1155/2022/9788219.
Full textAbstract:
Black-box fuzzing is a testing technique to find both known and unknown vulnerabilities in software. When applying black-box fuzzing to smart devices, the main idea is to take a smart device as a black box and provide random input through a network-based interface, such as a Web interface. Due to the diversity of Web interface implementations and complex data format, a blind mutation of the message makes the message unable to pass the verification of the device component. Therefore, each Web interface needs a unique fuzzer, which precisely defines a message format of the target interface, a state maintenance method, the field positions to be mutated, and a specific input mutation method. At the time of writing, a fuzzer is completely developed by a security engineer. To save human labor, we present PDFuzzerGen, a tool to automatically synthesize complex black-box fuzzers for smart devices. PDFuzzerGen generates multiple fuzzing policies by analyzing raw messages and then synthesizes fuzzers based on policies. PDFuzzerGen requires no human intervention and can be applied to a wide range of smart devices. Furthermore, the generated fuzzers can expose bugs and flaws that rest deep in smart devices. PDFuzzerGen was evaluated to generate fuzzers for 19 different smart devices from 6 vendors. It has found 14 previously unknown vulnerabilities, 5 of which were confirmed and disclosed by the China National Vulnerability Database (CNVD) and 2 of which were confirmed and disclosed by Common Vulnerabilities and Exposures (CVE). The generated fuzzers outperform some manually crafted fuzzers on a few metrics, including the vulnerability detection rate and time cost of a newly developed fuzzer, which demonstrates the effectiveness and efficiency of PDFuzzerGen.
32
Yin, Qidi, Xu Zhou, and Hangwei Zhang. "FirmHunter: State-Aware and Introspection-Driven Grey-Box Fuzzing towards IoT Firmware." Applied Sciences 11, no. 19 (September 29, 2021): 9094. http://dx.doi.org/10.3390/app11199094.
Full textAbstract:
IoT devices are exponentially increasing in all aspects of our lives. Via the web interfaces of IoT devices, attackers can control IoT devices by exploiting their vulnerabilities. In order to guarantee IoT security, testing these IoT devices to detect vulnerabilities is very important. In this work, we present FirmHunter, an automated state-aware and introspection-driven grey-box fuzzer towards Linux-based firmware images on the basis of emulation. It employs a message-state queue to overcome the dependency problem in test cases. Furthermore, it implements a scheduler collecting execution information from system introspection to drive fuzzing towards more interesting test cases, which speeds up vulnerability discovery. We evaluate FirmHunter by emulating and fuzzing eight firmware images including seven routers and one IP camera with a state-of-the-art IoT fuzzer FirmFuzz and a web application scanner ZAP. Our evaluation results show that (1) the message-state queue enables FirmHunter to parse the dependencies in test cases and find real-world vulnerabilities that other fuzzers cannot detect; (2) our scheduler accelerates the discovery of vulnerabilities by an average of 42%; and (3) FirmHunter is able to find unknown vulnerabilities.
33
Sun, Li Yuan, and Yan Mei Zhang. "The Research and Application of the Variant Fuzz Testing Framework for Log Based on the Structured Data." Applied Mechanics and Materials 602-605 (August 2014): 1749–52. http://dx.doi.org/10.4028/www.scientific.net/amm.602-605.1749.
Full textAbstract:
Fuzz testing is a software testing technique,which provides invalid, unexpected, or random data to the inputs of a computer program to test the robustness and security of procedures[1]. For structured data like logging, the variant fuzz testing framework adopts a configuration file, apply traverse and stream processing to complete the structured fuzzing. This article starts with the features of the structured data, then introduces the design and implementation of the variant fuzz testing framework, including function modules, class structure, and logic processing. As a conclusion, this framework is compared with zzuf tool, and the advanced nature of this framework is elaborated.
34
Pan, Zulie, Liqun Zhang, Zhihao Hu, Yang Li, and Yuanchao Chen. "SATFuzz: A Stateful Network Protocol Fuzzing Framework from a Novel Perspective." Applied Sciences 12, no. 15 (July 25, 2022): 7459. http://dx.doi.org/10.3390/app12157459.
Full textAbstract:
Stateful network protocol fuzzing is one of the essential means for ensuring network communication security. However, the existing methods have problems, including frequent auxiliary message interaction, no in-depth state-space exploration, and high shares of invalid interaction time. To this end, we propose SATFuzz, a stateful network protocol fuzzing framework. SATFuzz first prioritizes the states identified by the status codes in response messages, then randomly selects a state to test among the high-priority states, and determines its corresponding optimal test sequence, which is composed of the minimum pre-lead sequence, the test case, and the fittest post-end sequence. Finally, SATFuzz uses a quasi-recurrent neural network (QRNN) to filter the test cases before performing interaction, and only the optimal test sequence, including the valid test case, can be fed to the protocol entity. To verify the proposed framework, we conduct extensive experiments with the state-of-the-art fuzzer on two popular protocols. The results show that the vulnerability discovery efficiency of the proposed approach increases by at least 1.48 times (at most by 3.06 times), making it superior to the rival methods. This not only confirms the effectiveness of SATFuzz in terms of improving the vulnerability discovery efficiency but also shows that SATFuzz has significant advantages.
35
Wang, Enze, Baosheng Wang, Wei Xie, Zhenhua Wang, Zhenhao Luo, and Tai Yue. "EWVHunter: Grey-Box Fuzzing with Knowledge Guide on Embedded Web Front-Ends." Applied Sciences 10, no. 11 (June 10, 2020): 4015. http://dx.doi.org/10.3390/app10114015.
Full textAbstract:
At present, embedded devices have become a part of people’s lives, so detecting security vulnerabilities contained in devices becomes imperative. There are three challenges in detecting embedded device vulnerabilities: (1) Most network protocols are stateful; (2) the communication between the web front-end and the device is encrypted or encoded; and (3) the conditional constraints of programs in the device reduce the depth and breadth of fuzz testing. To address these challenges, we propose a new type of gray-box fuzz testing framework in this paper, called EWVHunter, which is mainly used to find authentication bypass and command injection vulnerabilities in embedded devices. The key idea in this paper is based on the observation that most embedded devices are controlled through the web front-end. Such embedded devices often contain rich information in the communication protocol between the web front-end and device. Therefore, by filling data at the input source on the web front-end and reusing web front-end program logic, we can effectively solve the impact of the stateful network protocol and communication data encryption on fuzzing without relying on any knowledge about the communication protocol. Additionally, we use firmware information extraction to enhance EWVHunter so that it can detect vulnerabilities in deep layer codes and hidden interfaces. In our research, we implemented EWVHunter and evaluated 8 real-world embedded devices, and our approach identified 12 vulnerabilities (including 7 zero-days), which affect a total of 31,996 online devices.
36
Chi, Hongmei, Jinwei Liu, Weifeng Xu, Mingming Peng, and Jon DeGoicoechea. "Design Hands-on Lab Exercises for Cyber-physical Systems Security Education." Journal of The Colloquium for Information Systems Security Education 9, no. 1 (March 8, 2022): 8. http://dx.doi.org/10.53735/cisse.v9i1.140.
Full textAbstract:
The integration of cyber-physical systems (CPS) has been extremely advantageous to society, it merges the attention of cybersecurity for vehicles as a timely concern as a matter of public and individual. The failure of any vehicle system could have a serious impact on vehicle control and cause undesired consequences. With the growing demand for security in CPS, there are few hands-on labs/modules available for training current students, future engineers, or IT professionals to understand cybersecurity in CPS. This study describes the execution of a free security testbed to replicate a vehicle’s network system and the implementation of this testbed via hands-on lab designed to introduce concepts of vehicle control systems. The hands-on lab simulates insider threat scenarios where students had to use can-utils toolkits and SavvyCAN to send, modify, and capture the network packet and exploit the system vulnerability threats such as replay attacks and fuzzing attacks on the vehicle system. We conducted a case study with 21 university-level students, and all students completed the hands-on lab, pretest, posttest, and a satisfaction survey as part of a non-graded class assignment. The experimental results show that most students were not familiar with cyber-physical systems and vehicle control systems and never had the chance to do any hands-on lab in this field before. Furthermore, students reported that the hands-on lab helped them learn about CAN-bus and rated high scores for enjoyment. We discussed the design of an affordable tool to teach about vehicle control systems and proposed directions for future work.
37
Liu, Xiao, Xiaoting Li, Rupesh Prajapati, and Dinghao Wu. "DeepFuzz: Automatic Generation of Syntax Valid C Programs for Fuzz Testing." Proceedings of the AAAI Conference on Artificial Intelligence 33 (July 17, 2019): 1044–51. http://dx.doi.org/10.1609/aaai.v33i01.33011044.
Full textAbstract:
Compilers are among the most fundamental programming tools for building software. However, production compilers remain buggy. Fuzz testing is often leveraged with newlygenerated, or mutated inputs in order to find new bugs or security vulnerabilities. In this paper, we propose a grammarbased fuzzing tool called DEEPFUZZ. Based on a generative Sequence-to-Sequence model, DEEPFUZZ automatically and continuously generates well-formed C programs. We use this set of new C programs to fuzz off-the-shelf C compilers, e.g., GCC and Clang/LLVM. We present a detailed case study to analyze the success rate and coverage improvement of the generated C programs for fuzz testing. We analyze the performance of DEEPFUZZ with three types of sampling methods as well as three types of generation strategies. Consequently, DEEPFUZZ improved the testing efficacy in regards to the line, function, and branch coverage. In our preliminary study, we found and reported 8 bugs of GCC, all of which are actively being addressed by developers.
38
Devyanin, Petr Nikolaevich, Vladimir Iurevich Telezhnikov, and Alexey Vladimirovich Khoroshilov. "Building a methodology for secure system software development on the example of operating systems." Proceedings of the Institute for System Programming of the RAS 33, no. 5 (2021): 25–40. http://dx.doi.org/10.15514/ispras-2021-33(5)-2.
Full textAbstract:
System software is a cornerstone of any software system, so building secure system software in accordance with requirements of certification authorities and state-of-the-art practices is an important scientific and technical problem. One of possible approaches to cope with the problem is to build a methodology for secure system software development including advanced scientific technologies and industry best practices. The paper presents current results achieved in building such methodology in the following directions. The first one is regulatory framework improvement including development of GOST R specifications defining requirements to formal models of access control policies and their formal verification. The second direction is design and verification of formal models of corresponding security functional requirements. The third direction is application of new and well established technologies of static and run-time analysis of systems software. The considered technologies include static analysis, fuzzing, functional and unit testing as well as testing the system software against formal models of its functional security requirements. The forth direction is development of methods for acquisition of results of all kinds of the analysis and for its analytical processing. All the directions are illustrated by practical examples of application of the methodology to development of Astra Linux operating system distribution that is certified according to the highest evaluation assurance levels.
39
Zhang, Yujian, and Daifu Liu. "Toward Vulnerability Detection for Ethereum Smart Contracts Using Graph-Matching Network." Future Internet 14, no. 11 (November 11, 2022): 326. http://dx.doi.org/10.3390/fi14110326.
Full textAbstract:
With the blooming of blockchain-based smart contracts in decentralized applications, the security problem of smart contracts has become a critical issue, as vulnerable contracts have resulted in severe financial losses. Existing research works have explored vulnerability detection methods based on fuzzing, symbolic execution, formal verification, and static analysis. In this paper, we propose two static analysis approaches called ASGVulDetector and BASGVulDetector for detecting vulnerabilities in Ethereum smart contacts from source-code and bytecode perspectives, respectively. First, we design a novel intermediate representation called abstract semantic graph (ASG) to capture both syntactic and semantic features from the program. ASG is based on syntax information but enriched by code structures, such as control flow and data flow. Then, we apply two different training models, i.e., graph neural network (GNN) and graph matching network (GMN), to learn the embedding of ASG and measure the similarity of the contract pairs. In this way, vulnerable smart contracts can be identified by calculating the similarity to labeled ones. We conduct extensive experiments to evaluate the superiority of our approaches to state-of-the-art competitors. Specifically, ASGVulDetector improves the best of three source-code-only static analysis tools (i.e., SmartCheck, Slither, and DR-GCN) regarding the F1 score by 12.6% on average, while BASGVulDetector improves that of the three detection tools supporting bytecode (i.e., ContractFuzzer, Oyente, and Securify) regarding the F1 score by 25.6% on average. We also investigate the effectiveness and advantages of the GMN model for detecting vulnerabilities in smart contracts.
40
Liu, Zhonglin, Yong Fang, Cheng Huang, and Yijia Xu. "GAXSS: Effective Payload Generation Method to Detect XSS Vulnerabilities Based on Genetic Algorithm." Security and Communication Networks 2022 (March 30, 2022): 1–15. http://dx.doi.org/10.1155/2022/2031924.
Full textAbstract:
In the fields of social networking, media, and management, web applications on the Internet play a very indispensable role. A large amount of personal privacy information and login tokens make web applications often targeted by hackers. Cross-site scripting attacks are the most common method used to steal data from web applications. To solve the security risks caused by cross-site scripting vulnerabilities, security personnel need to actively discover these vulnerabilities to better defend against the harm. We proposed a novel genetic algorithm-based fuzzing scheme to address this problem. First, a small number of initial attack vectors are generated according to the interactive environment of the web application and then the attack vectors are sequenced into genes. Combined with the grammatical structure features of cross-site scripting and common bypass methods, the gene sequences are iteratively optimized and improved. Finally, the generated high-quality vectors are used to detect potential cross-site scripting threats in the application (we named the implementation of this approach GAXSS). The method we proposed can automatically detect the vulnerability of page interaction points and can obtain better detection results without a large number of test dictionaries, and the time cost is also reasonable. We have conducted vulnerability tests on many common open-source web applications, with a precision rate of 1.0 and an accuracy rate over 0.98. In addition, we also compared GAXSS with other well-known scanners and state-of-the-art detection methods. Its comprehensive performance is better, and it can effectively detect vulnerabilities.
41
Pan, Yan, Wei Lin, Yubo He, and Yuefei Zhu. "Coverage-guided differential testing of TLS implementations based on syntax mutation." PLOS ONE 17, no. 1 (January 24, 2022): e0262176. http://dx.doi.org/10.1371/journal.pone.0262176.
Full textAbstract:
Transport layer security (TLS) protocol is the most widely used security protocol in modern network communications. However, protocol vulnerabilities caused by the design of the network protocol or its implementation by programmers emerge one after another. Meanwhile, various versions of TLS protocol implementations exhibit different behavioral characteristics. Researchers are attempting to find the differences in protocol implementations based on differential testing, which is conducive to discovering the vulnerabilities. This paper provides a solution to find the differences more efficiently by targeting the TLS protocol handshake process. The differences of different implementations during the fuzzing process, such as code coverage and response data, are taken to guide the mutation of test cases, and the seeds are mutated based on the TLS protocol syntax. In addition, the definition of duplicate discrepancies is theoretically explored to investigate the root cause of the discrepancies and to reduce the number of duplicate cases that are caused by the same reason. Besides, the necessary conditions for excluding duplicate cases are further analyzed to develop the deduplication strategy. The proposed method is developed based on open-source tools, i.e., NEZHA and TLS-diff. Three types of widely used TLS protocol implementations, i.e., OpenSSL, BoringSSL, and LibreSSL, are taken for experimental testing. The experimental results show that the proposed method can effectively improve the ability to find differences between different implementations. Under the same test scale or the same time, the amount of discrepancies increases by about 20% compared to TLS-diff, indicating the effectiveness of the deduplication strategy.
42
Papp, Dorottya, Kristóf Tamás, and Levente Buttyán. "IoT Hacking – A Primer." Infocommunications journal, no. 2 (2019): 2–13. http://dx.doi.org/10.36244/icj.2019.2.1.
Full textAbstract:
The Internet of Things (IoT) enables many new and exciting applications, but it also creates a number of new risks related to information security. Several recent attacks on IoT devices and systems illustrate that they are notoriously insecure. It has also been shown that a major part of the attacks resulted in full adversarial control over IoT devices, and the reason for this is that IoT devices themselves are weakly protected and they often cannot resist even the most basic attacks. Penetration testing or ethical hacking of IoT devices can help discovering and fixing their vulnerabilities that, if exploited, can result in highly undesirable conditions, including damage of expensive physical equipment or even loss of human life. In this paper, we give a basic introduction into hacking IoT devices. We give an overview on the methods and tools for hardware hacking, firmware extraction and unpacking, and performing basic firmware analysis. We also provide a survey on recent research on more advanced firmware analysis methods, including static and dynamic analysis of binaries, taint analysis, fuzzing, and symbolic execution techniques. By giving an overview on both practical methods and readily available tools as well as current scientific research efforts, our work can be useful for both practitioners and academic researchers.
43
Wu, Zehui, Wenbin Zhang, Yunchao Wang, and Chenyu Yan. "Vulnerability Digging for Software-Defined Network Controller Using Event Flow Graph Analysis." Security and Communication Networks 2022 (June 24, 2022): 1–19. http://dx.doi.org/10.1155/2022/9642517.
Full textAbstract:
Software-defined network (SDN) controllers, the core of SDN network architecture, need to deal with network events of the whole network, which has huge program state space and complex logic dependency, with security issues related. Vulnerabilities in the SDN controller can paralyze the whole network. Existing controller testing methods are difficult to dig into the hidden logic vulnerability for their ignorance of the complex events interactions among controllers, apps, and data plane inputs. Different from file processing software, network software is driven by events, and the event flow can more accurately and comprehensively reflect the execution process. In this work, we propose an SDN controller vulnerability digging method based on event flow graph analysis. The proposed method consists of three main steps: first, we execute the instrumented controller in a normal environment and generate event flow graphs and then extract their features as reference. Second, we generate and execute test cases using the fuzzing method and dig the newly built event flow graphs with potential vulnerabilities. Finally, we manually examine and validate the potential vulnerabilities. To accurately discover abnormal subgraphs, we utilize graph feature extraction and analysis technologies, such as graph mining and clustering, to distinguish the normal graph and abnormal graph. We implement our method on the Ryu controller and compare it with other SDN testing methods, such as BEADS and Delta. The evaluation indicates that our method uncovered three new vulnerabilities that other methods failed to find.
44
Azam, Naveed Ahmed. "A Novel Fuzzy Encryption Technique Based on Multiple Right Translated AES Gray S-Boxes and Phase Embedding." Security and Communication Networks 2017 (2017): 1–9. http://dx.doi.org/10.1155/2017/5790189.
Full textAbstract:
This paper presents a novel image encryption technique based on multiple right translated AES Gray S-boxes (RTSs) and phase embedding technique. First of all, a secret image is diffused with a fuzzily selected RTS. The fuzzy selection of RTS is variable and depends upon pixels of the secret image. Then two random masks are used to enhance confusion in the spatial and frequency domains of the diffused secret image. These random masks are generated by applying two different RTSs on a host image. The decryption process of the proposed cryptosystem needs the host image for generation of masks. It is therefore, necessary, to secure the host image from unauthorized users. This task is achieved by diffusing the host image with another RTS and embedding the diffused secret image into the phase terms of the diffused host image. The cryptographic strength of the proposed security system is measured by implementing it on several images and applying rigorous analyses. Performance comparison of the proposed security technique with some of the state-of-the-art security systems, including S-box cryptosystem and steganocryptosystems, is also performed. Results and comparison show that the newly developed cryptosystem is more secure.
45
Yun, Joobeom, Fayozbek Rustamov, Juhwan Kim, and Youngjoo Shin. "Fuzzing of Embedded Systems: A Survey." ACM Computing Surveys, July 28, 2022. http://dx.doi.org/10.1145/3538644.
Full textAbstract:
Security attacks abuse software vulnerabilities of IoT devices; hence, detecting and eliminating these vulnerabilities immediately are crucial. Fuzzing is an efficient method to identify vulnerabilities automatically, and many publications have been released to date. However, fuzzing for embedded systems has not been studied extensively owing to various obstacles, such as multi-architecture support, crash detection difficulties, and limited resources. Thus, the paper introduces fuzzing techniques for embedded systems and the fuzzing differences for desktop and embedded systems. Further, we collect state-of-the-art technologies, discuss their advantages and disadvantages, and classify embedded system fuzzing tools. Finally, future directions for fuzzing research of embedded systems are predicted and discussed.
46
Ren, Mengfei, Xiaolei Ren, Huadong Feng, Jiang Ming, and Yu Lei. "Security Analysis of Zigbee Protocol Implementation via Device-agnostic Fuzzing." Digital Threats: Research and Practice, September 14, 2022. http://dx.doi.org/10.1145/3551894.
Full textAbstract:
Zigbee is widely adopted as a resource-efficient wireless protocol in the IoT network. IoT devices from manufacturers have recently been affected due to major vulnerabilities in Zigbee protocol implementations. Security testing of Zigbee protocol implementations is becoming increasingly important. However, applying existing vulnerability detection techniques such as fuzzing to Zigbee protocol is not a simple task. Dealing with low-level hardware events still remains a big challenge. For the Zigbee protocol, which communicates over a radio channel, many existing protocol fuzzing tools lack a sufficient execution environment. To narrow the gap, we designed Z-Fuzzer , a device-agnostic fuzzing tool for detecting security flaws in Zigbee protocol implementations. To simulate Zigbee protocol execution, Z-Fuzzer leverages a commercial embedded device simulator with pre-defined peripherals and hardware interrupts setups to interacts with the fuzzing engine. Z-Fuzzer generates more high-quality test cases with code-coverage heuristics. We compare Z-Fuzzer with advanced protocol fuzzing tools, BooFuzz and Peach fuzzer, on top of Z-Fuzzer’s simulation platform. Our findings suggest that Z-Fuzzer can achieve greater code coverage in Z-Stack, a widely used Zigbee protocol implementation. Compared to BooFuzz and Peach, Z-Fuzzer found more vulnerabilities with less test cases. Three of them have been assigned CVE IDs with high CVSS scores (7.5 ∼ 8.2).
47
Zhu, Xiaogang, Sheng Wen, Seyit Camtepe, and Yang Xiang. "Fuzzing: A Survey for Roadmap." ACM Computing Surveys, January 28, 2022. http://dx.doi.org/10.1145/3512345.
Full textAbstract:
Fuzz testing (fuzzing) has witnessed its prosperity in detecting security flaws recently. It generates a large number of test cases and monitors the executions for defects. Fuzzing has detected thousands of bugs and vulnerabilities in various applications. Although effective, there lacks systematic analysis of gaps faced by fuzzing. As a technique of defect detection, fuzzing is required to narrow down the gaps between the entire input space and the defect space. Without limitation on the generated inputs, the input space is infinite. However, defects are sparse in an application, which indicates that the defect space is much smaller than the entire input space. Besides, because fuzzing generates numerous test cases to repeatedly examine targets, it requires fuzzing to perform in an automatic manner. Due to the complexity of applications and defects, it is challenging to automatize the execution of diverse applications. In this paper, we systematically review and analyze the gaps as well as their solutions, considering both breadth and depth. This survey can be a roadmap for both beginners and advanced developers to better understand fuzzing.
48
Kwon, Soonhong, Sang‐Jin Son, Yangseo Choi, and Jong‐Hyouk Lee. "Protocol fuzzing to find security vulnerabilities of RabbitMQ." Concurrency and Computation: Practice and Experience, September 14, 2020. http://dx.doi.org/10.1002/cpe.6012.
Full text
49
Lin, Pei-Yi, Chia-Wei Tien, Ting-Chun Huang, and Chin-Wei Tien. "ICPFuzzer: proprietary communication protocol fuzzing by using machine learning and feedback strategies." Cybersecurity 4, no. 1 (August 3, 2021). http://dx.doi.org/10.1186/s42400-021-00087-5.
Full textAbstract:
AbstractThe fuzzing test is able to discover various vulnerabilities and has more chances to hit the zero-day targets. And ICS(Industrial control system) is currently facing huge security threats and requires security standards, like ISO 62443, to ensure the quality of the device. However, some industrial proprietary communication protocols can be customized and have complicated structures, the fuzzing system cannot quickly generate test data that adapt to various protocols. It also struggles to define the mutation field without having prior knowledge of the protocols. Therefore, we propose a fuzzing system named ICPFuzzer that uses LSTM(Long short-term memory) to learn the features of a protocol and generates mutated test data automatically. We also use the responses of testing and adjust the weight strategies to further test the device under testing (DUT) to find more data that cause unusual connection status. We verified the effectiveness of the approach by comparing with the open-source and commercial fuzzers. Furthermore, in a real case, we experimented with the DLMS/COSEM for a smart meter and found that the test data can cause a unusual response. In summary, ICPFuzzer is a black-box fuzzing system that can automatically execute the testing process and reveal vulnerabilities that interrupt and crash industrial control communication. Not only improves the quality of ICS but also improves safety.
50
Blair, William, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, and Manuel Egele. "HotFuzz: Discovering Temporal and Spatial Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing." ACM Transactions on Privacy and Security, May 20, 2022. http://dx.doi.org/10.1145/3532184.
Full textAbstract:
Fuzz testing repeatedly assails software with random inputs in order to trigger unexpected program behaviors, such as crashes or timeouts, and has historically revealed serious security vulnerabilities. In this paper, we present HotFuzz, a framework for automatically discovering Algorithmic Complexity (AC) time and space vulnerabilities in Java libraries. HotFuzz uses micro-fuzzing, a genetic algorithm that evolves arbitrary Java objects in order to trigger the worst-case performance for a method under test. We define Small Recursive Instantiation (SRI) as a technique to derive seed inputs represented as Java objects to micro-fuzzing. After micro-fuzzing, HotFuzz synthesizes test cases that triggered AC vulnerabilities into Java programs and monitors their execution in order to reproduce vulnerabilities outside the fuzzing framework. HotFuzz outputs those programs that exhibit high resource utilization as witnesses for AC vulnerabilities in a Java library. We evaluate HotFuzz over the Java Runtime Environment (JRE), the 100 most popular Java libraries on Maven, and challenges contained in the DARPA Space and Time Analysis for Cybersecurity (STAC) program. We evaluate SRI’s effectiveness by comparing the performance of micro-fuzzing with SRI, measured by the number of AC vulnerabilities detected, to simply using empty values as seed inputs. In this evaluation, we verified known AC vulnerabilities, discovered previously unknown AC vulnerabilities that we responsibly reported to vendors, and received confirmation from both IBM and Oracle. Our results demonstrate that micro-fuzzing finds AC vulnerabilities in real-world software, and that micro-fuzzing with SRI-derived seed inputs outperforms using empty values in both the temporal and spatial domains.