Abstract
Current knowledge-based Fuzzing technologies mainly focus on Fuzzing target software based on a single data sample with one or multi-dimension input mutation, and thus the vulnerability mining results are not stable, false negatives of vulnerability are high and the selection of data sample depends on human analysis. To solve these problems, this paper proposes a model named Fuzzing Test Suite Generation model using multiple data sample combination (FTSGc), which can automatically select multiple data samples combination from a large scale data sample set to fuzz target software and generate the test cases that can cover more instances of software vulnerabilities. To solve FTSGc, a theorem named Maximum Coverage Theorem is given to select the data sample combination. Practical experimental results show that the proposed Fuzzing technology works much better than the current Fuzzing technologies on the Ability of Vulnerability Mining (AVM).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wu, Z., William Atwood, J., Zhu, X.: A New Fuzzing Technique for Software Vulnerability Mining. In: Proceedings of the IEEE CONSEG 2009, Chennai, India, pp. 59–66 (2009)
Oehlert, P.: Violating Assumptions with Fuzzing. IEEE Security & Privacy 3(2), 58–62 (2005)
Andrea, L., Lorenzo, M., Mattia, M., Roberto, P.: A Smart Fuzzer for x86 Executables. In: Proceedings of the Third International Workshop on Software Engineering for Secure Systems. IEEE Computer Society, Los Alamitos (2007)
Godefroid, P., Levin, M., Molnar, D.: Automated Whitebox Fuzz Testing. NDSS (2008)
Godefroid, P., de Halleux, P., Aditya, V., et al.: Automating Software Testing Using Program Analysis. IEEE Software 25(5), 30–37 (2008)
Liu, G.-H., Wu, G., Tao, Z., Shuai, J.-M., Tang, Z.-C.: Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing. In: Third 2008 International Conference on Convergence Hybird Information Technology (ICCIT), pp. 491–497 (2008)
Sparks, S., Cunningham, R., Embleton, S., Zou, C.C.: Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting. In: 23rd Annual Computer Security Softwares Conference (ACSAC), Miami Beach, Florida, pp. 477–486 (2007)
Lan, G., DePuy, G.W., Whitehouse, G.E.: An Effective and Simple Heuristic for the Set Covering Problem. European Journal of Operation Research 176(3), 1387–1403 (2007)
Johnson, D.S.: Approximation Algorithms for Combinatorial Problems. In: Proceedings of the Fifth Annual ACM Symposium on Theory of Computing, Austin, Texas, United States, pp. 38–49 (1973)
LibPng, http://www.libpng.org (visited on September 2009)
Boutell, T., et al.: PNG (Portable Network Grapics) Specification, Version 1.0. IETF Request for Comments 2083
Greg Roelofs, P.N.G.: The Definitive Guide: O′ REILLY (September 2009), http://www.libpng.org/pub/png/book
Ntafos, S.: A Comparison of Some Structural Testing Strategies. IEEE Trans. Software Eng. 14(6), 868–874 (1988)
Beizer, B.: Software Testing Techniques, 2nd edn. Van Nostrand Reinhold, New York (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wu, Z., Zhu, X., Atwood, J.W. (2011). A Fuzzing Technology Using Multiple Data Samples Combination. In: Yu, Y., Yu, Z., Zhao, J. (eds) Computer Science for Environmental Engineering and EcoInformatics. CSEEE 2011. Communications in Computer and Information Science, vol 158. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22694-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-22694-6_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22693-9
Online ISBN: 978-3-642-22694-6
eBook Packages: Computer ScienceComputer Science (R0)