Abstract
In order to ensure the network system security, many fuzzing strategies have been proposed recently, how to formally measure the performance of various fuzzing strategies, and choose the optimal strategy to improve the efficiency and effectiveness of vulnerabilities mining are becoming more and more important, this paper designed a fuzzing strategy evaluation framework, generated the taint data graph by the tracker, generated semantic tree by the parser, constructed a mapping from the taint data graph to semantic tree, quantitative calculated strategy performance using effective value and entropy value, selected optimal strategy according to evaluation value. The experiment proved that this method is reasonable and feasible, and optimal strategy selected by it can effectively improve the code coverage and vulnerability exploration effectiveness.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cai, Z., Chen, M., Chen, S., Qiao, Y.: Searching for widespread events in large networked systems by cooperative monitoring. In: International Conference on Network Protocols, pp. 123–133. IEEE, Francisco (2015)
Liu, Y., Cai, Z.-P., Zhong, P.: Detection approach of DDoS attacks based on conditional random fields. J. Softw. 22(8), 1897–1910 (2011)
Cai, Z., Wang, Z., Zheng, K.: A distributed TCAM coprocessor architecture for integrated longest prefix matching, policy filtering, and content filtering. IEEE Trans. Comput. 62(3), 417–427 (2015)
Fang, S., et al.: Feature selection method based on class discriminative degree for intelligent medical diagnosis. Comput., Mater. Continua 55(3), 419–433 (2018)
Luo, M., Ke, W., Cai, Z., Liu, A., Li, Y., Cheang, C.F.: Using imbalanced triangle synthetic data for machine learning anomaly detection. Comput., Mater. Continua 55(7), 15–26 (2018)
Cui, J., Zhang, Y., Cai, Z., Liu, A., Li, Y.: Security display path for security sensitive application on mobile devices. Comput., Mater. Continua 55(1), 17–35 (2018)
Tiantian, T., Baosheng, W., Zhou, X., Yong, T.: The new progress in the research of binary vulnerability exploits. In: Xingming, S., Zhaoqing, P., Elisa, B. (eds.) Conference 2018, LNCS, vol. 11064, pp. 277–286. Springer, Heidelberg (2018)
Tiantian, T., Baosheng, W., Zhou, X., Yong, T.: The new progress in the research of binary vulnerability analysis. In: Xingming, S., Zhaoqing, P., Elisa, B. (eds.) Conference 2018, LNCS, vol. 11064, pp. 265–276. Springer, Heidelberg (2018)
Jianjun, X., Sun Lechang, W., Zhiyong, W.H., Jingjv, L.: PNG vulnerability exploiting technique based on fuzzing. Comput. Digit. Eng. 27(8), 2811–2812 (2010)
Lanzi, A., Martignoni, L., Monga, M., et al.: A smart fuzzer for x86 executables. In: Proceeding of the 3rd International Workshop on Software Engineering for Secure Systems, p. 7. IEEE Computer Society, Washington (2007)
Miller, C., Petersonzn, J.: Analysis of mutation and generation based fuzzing. http://securityevaluators.com/files/papers/analysisfuzzing.pdf 01 March 2007
Peach. http://www.peachFuzzer.com 01 June 2009
Lin, S., Xiao-song, Z., Enbiao, S.: New method of software vulnerability detection based on fuzzing. Appl. Res. Comput. 2(5), 99–110 (2016)
Zhiyong, W., Hongchuan, W.: Survey on fuzzing. Appl. Res. Comput. 27(3), 1086–1088 (2010)
Vuagnoux, M.: Autodafe: an act of software torture. http://autodafe.sourceforge.net/docs/autodafe.pdf 05 August 2006
SPIKE proxy. http://www.immunitysec.com/recources-freesoftware.html June 2009
Xu, H., Chapin, S.: Address-space layout randomization using code islands. J. Comput. Secur. 17(3), 331–362 (2009)
Ho, A., Fetterman, M., Clark, C., et al.: Practical taint-based protection using demand emulation. In: Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems, pp. 29–41. ACM Press, New York (2006)
Brooks, C.H., Montanez, N.: Improved annotation of the blogosphere via autotagging and hierarchical clustering. In: Proceedings of the 15th Intenational Conference on World Wide Web, pp. 625–632. ACM Press, New York (2006)
Howard, M., Lipner, S.: Inside the windows security push. IEEE Secur. Priv. 1(1), 57–61 (2003)
Kaksonen, R.: A Functional Method for Assessing Protocol Implementation Security. University of Oulu, Finland (2001)
Home FTP server’s SITE INDEX’ command remote denial of service vulnerability, http://www.securityfocus.com/bid/37033. 16 November 2009
XM easy personal FTP server file/folder remote denial of service vulnerability. http://www.securityfocus.com/bid/37112. 24 November 2009
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Tan, T. et al. (2019). A New Quantitative Evaluation Method for Fuzzing. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11633. Springer, Cham. https://doi.org/10.1007/978-3-030-24265-7_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-24265-7_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24264-0
Online ISBN: 978-3-030-24265-7
eBook Packages: Computer ScienceComputer Science (R0)