Title

Automated Vulnerability Analysis: Leveraging Control Flow For Evolutionary Input Crafting

Abstract

We present an extension of traditional "black box" fuzz testing using a genetic algorithm based upon a Dynamic Markov Model fitness heuristic. This heuristic allows us to "intelligently" guide input selection based upon feedback concerning the "success" of past inputs that have been tried. Unlike many software testing tools, our implementation is strictly based upon binary code and does not require that source code be available. Our evaluation on a Windows server program shows that this approach is superior to random black box fuzzing for increasing code coverage and depth of penetration into program control flow logic. As a result, the technique may be beneficial to the development of future automated vulnerability analysis tools. © 2007 IEEE.

Publication Date

12-1-2007

Publication Title

Proceedings - Annual Computer Security Applications Conference, ACSAC

Number of Pages

477-486

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/ACSAC.2007.27

Socpus ID

48649084888 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/48649084888

This document is currently not available here.

Share

COinS