Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting

13 years 11 months ago

Download www.acsac.org

We present an extension of traditional "black box" fuzz testing using a genetic algorithm based upon a Dynamic Markov Model fitness heuristic. This heuristic allows us to "intelligently" guide input selection based upon feedback concerning the "success" of past inputs that have been tried. Unlike many software testing tools, our implementation is strictly based upon binary code and does not require that source code be available. Our evaluation on a Windows server program shows that this approach is superior to random black box fuzzing for increasing code coverage and depth of penetration into program control flow logic. As a result, the technique may be beneficial to the development of future automated vulnerability analysis tools.

Sherri Sparks, Shawn Embleton, Ryan Cunningham, Cl

Real-time Traffic

ACSAC 2007 | Black Box | Fuzz Testing | Markov Model Fitness | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	02 Jun 2010
Updated	02 Jun 2010
Type	Conference
Year	2007
Where	ACSAC
Authors	Sherri Sparks, Shawn Embleton, Ryan Cunningham, Cliff Changchun Zou

Comments (0)

Sciweavers

Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting

ACSAC 2007 | Black Box | Fuzz Testing | Markov Model Fitness | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers