Soonhong Kwon
ABSTRACT
Based on the 4th Industrial Revolution, numerous ICT technologies are developing, and for this reason, IoT devices are formed around us. Accordingly, hackers are inflicting financial and physical damage to our lives by using software vulnerabilities in IoT devices around us based on intelligent hacking technology. Automated security vulnerability response systems are required to respond to attacks through continuously occurring software vulnerabilities. In this paper, we analyze the hybrid fuzzing system that complements the technical limitations of the existing fuzzing technology as the base technology for an automated security vulnerability response system. In addition, we propose a hybrid fuzzing system based on an automatic seed generation mechanism for coverage efficiency in order to find vulnerabilities inherent in software quickly and efficiently.
- MANÈS, Valentin JM, et al. Fuzzing: Art, science, and engineering. IEEE Transactions on Software Engineering, 2019. https://doi.org/10.1109/TSE.2019.2946563Google Scholar
- LIANG, Hongliang, et al. Fuzzing: State of the art. IEEE Transactions on Reliability, 67.3: 1199-1218, 2018. https://doi.org/10.1109/TR.2018.2834476Google Scholar
- CHEN, Yaohui, et al. MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing. arXiv preprint arXiv:2002.08568, 2020.Google Scholar
- STEPHENS, Nick, et al. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In: NDSS. p. 1--16 2016.Google Scholar
- YUN, Insu, et al. {QSYM}: A practical concolic execution engine tailored for hybrid fuzzing. In: 27th {USENIX} Security Symposium ({USENIX} Security 18). p. 745--761. 2018. Google ScholarDigital Library
- Taeeum Kim, et al. A Study on Hybrid Fuzzing using Dynamic Analysis for Automatic Binary Vulnerability Detection. Korea Academia-Industrial cooperation Society Journal, 20.6: 541-547, 2019.Google Scholar
- ZHAO, Lei, et al. Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing. In: NDSS. 2019.Google Scholar
- CHEN, Yaohui, et al. SAVIOR: towards bug-driven hybrid testing. In: 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 2020. p. 1580--1596. https://doi.org/10.1109/SP40000.2020.00002Google Scholar
- LYU, Chenyang, et al. Smartseed: Smart seed generation for efficient fuzzing. arXiv preprint arXiv:1807.02606, 2018.Google Scholar
- https://angr.io/, Accessed September 20, 2020.Google Scholar
- MCCABE, Thomas J. A complexity measure. IEEE Transactions on software Engineering, 1976, 4: 308 320. https://doi.org/10.1109/TSE.1976.233837 Google ScholarDigital Library
Index Terms
- Automatic Seed Generation based Hybrid Fuzzing for Code Coverage Efficiency
Recommendations
A Survey of Hybrid Fuzzing based on Symbolic Execution
CIAT 2020: Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced TechnologiesFuzzing has now developed into an efficient method of vulnerability mining. Symbolic execution is also a popular software vulnerability mining technology. Both are research hotspots in the field of network and information security. Hybrid fuzzing is the ...
LLVM-based Hybrid Fuzzing with LibKluzzer (Competition Contribution)
Fundamental Approaches to Software EngineeringAbstractLibKluzzer is a novel implementation of hybrid fuzzing, which combines the strengths of coverage-guided fuzzing and dynamic symbolic execution (a.k.a. whitebox fuzzing). While coverage-guided fuzzing can discover new execution paths at nearly ...
The Application of Fuzzing in Web Software Security Vulnerabilities Test
ITA '13: Proceedings of the 2013 International Conference on Information Technology and ApplicationsWeb applications need for extensive testing before deployment and use, for early detecting security vulnerabilities to improve the quality of the safety of the software, the purpose of this paper is to research the fuzzing applications in security ...
Comments