Browse > Article
http://dx.doi.org/10.14400/JDC.2017.15.3.175

A Design of Smart Fuzzing System Based on Hybrid Analysis  

Kim, Mansik (Dept. of Computer Science & Engineering, Soongsil University)
Kang, Jungho (Dept. of Computer Science & Engineering, Soongsil University)
Jun, Moon-seog (Dept. of Computer Science & Engineering, Soongsil University)
Publication Information
Journal of Digital Convergence / v.15, no.3, 2017 , pp. 175-180 More about this Journal
Abstract
In accordance with the development of IT industry worldwide, software industry has also grown tremendously, and it is exerting influence on the general society starting from daily life to financial organizations and public institutions. However, various security threats that can inflict serious threat to provided services in proportion to the growing software industry, have also greatly increased. In this thesis, we suggest a smart fuzzing system combined with black box and white box testing that can effectively detectxdistinguish software vulnerability which take up a large portion of the security incidents in application programs.
Keywords
Smart Fuzzing; Black box test; White box test; Hybrid analysis; Software Vulnerability;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Sutton, Michael, Adam Greene, and Pedram Amini. Fuzzing: brute force vulnerability discovery. Pearson Education, 2007.
2 Patton, Ron. Software testing. Sams Pub., 2006.
3 KHAN, Mohd Ehmer; KHAN, Farmeena. A Comparative Study of White Box, Black Box and Grey Box Testing Techniques. Editorial Preface, 2012.
4 Bekrar, S., Bekrar, C., Groz, R., & Mounier, L. Finding software vulnerabilities by smart fuzzing. In Software Testing, Verification and Validation (ICST), IEEE Fourth International Conference, pp. 427-430. 2011.
5 BALL, Thomas; RAJAMANI, Sriram K. The S LAM project: debugging system software via static analysis. In: ACM SIGPLAN Notices. ACM, pp. 1-3, 2002.
6 OWASP, Top. Top 10-2013. The Ten Most Critical Web Application Security Risks, 2013.
7 Ministry of Government Administration and Home Affairs, Software development security guide for developer and operator in E-government SW, 2012
8 NEWSOME, James; SONG, Dawn. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. 2005.
9 LS Kim, "Convergence of Information Technology and Corporate Strategy", Korea Convergence Society, Vol. 6, No. 6, pp. 17-26, 2015
10 SH Lee, DW LEE,"A Study on u-Health Fusion Field based on Internet of Thing", Korea Convergence Society, Vol 7, No. 4, pp. 19-24, 2016
11 SS Shin, GS Chae, TH Lee, "An Investigation Study to Reduce Security Threat in the Internet of Things Environment", Convergence Society for SMB, Vol. 5, No. 4, pp. 31-16, 2015
12 Software security weaknesses diagnostic guide, KISA, 2012.
13 Robert C. Seacord, The CERT C Secure Coding Standard, Addison-Wesley, October 2008.
14 MS Gu, YZ Li, "A Study of Countermeasures for Advanced Persistent Threats attacks by malicious code", Convergence Society for SMB, Vol. 5, No. 4, pp. 37-42, 2015
15 Symantec, "2013 Internet Security Threat Report, Volume 18," 2013.
16 Christey, S. M., and R. P. Glenn. Common weakness enumeration. 2013.
17 Robert C. Seacord, Secure Coding in C and C++, Addison-Wesley, May 2010.
18 Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda The CERT Java Secure Coding Standard, Addison-Wesley, September 2011.