Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.2.327

File Analysis Data Auto-Creation Model For Peach Fuzzing  

Kim, Minho (Chonnam National University SSRC)
Park, Seongbin (Chonnam National University SSRC)
Yoon, Jino (Chonnam National University SSRC)
Kim, Minsoo (Mokpo National University)
Noh, Bong-Nam (Chonnam National University SSRC)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.2, 2014 , pp. 327-333 More about this Journal
Abstract
The rapid expansion of the software industry has brought a serious security threat and vulnerability. Many softwares are constantly attacked by exploit codes using security vulnerabilities. Smart fuzzing is automated method to find software vulnerabilities. However, Many resources are consumed in fuzzing, because the fuzzing needs to create data model for target software and to analyze a data file and software binary. Therefore, The automated method for efficient smart fuzzing is needed to develop the automated data model. In this paper, through analysing the input file format and optimizing the data structure, we propose an efficient data modeling framework for smart fuzzing and implement the framework for detect software vulnerabilities.
Keywords
Smart fuzzing; Data Analysis; Data Model;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 A. Takanen, J. DeMott, and C. Miller, Fuzzing for software security testing and quality assurance, Artech House Publishers, 2008.
2 Zhao Zhang, Qiao-Yan Wen, and Wen Tang, "An Efficient Mutation-Based Fuzz Testing Approach for Detecting Flaws of Network Protocol", Computer Science & Service System International Conference, pp. 814-817, Aug. 2012.
3 Sofia Bekrar, Chaouki Bekrar, and Roland Groz, "A Taint Based Approach for Smart Fuzzing," Software Testing and Verification and Validation (ICST) IEEE Fifth International Conference, pp. 818-825, Apr. 2012.
4 Michael Sutton, "filefuzz", http://packet stormsecurity.com/files/39626/FileFuzz.zip.html.
5 ioctlfuzzer, https://code.google.com/p/ioctlfuzzer/.
6 Michael Eddington, Demystifying Fuzzers, 2009 Black Hat USA, Leviathan Security Group Inc, Jul. 2009.
7 Peach Fuzzing Platform, http://old.peachfuzzer.com/v3/DataModel.html.
8 Min-ho Kim, Minsoo Kim, and Bong-nam Noh, "The Framework for Malware Analysis using Statistical Information of Registry," Journal of the KITS, 10(9), pp. 97-104, Sep. 2012.
9 Symantec, "2013 Internet Security Threat Report, Volume 18," 2013.
10 IBM, "IBM X-Force 2013 Mid-Year Trend and Risk Report," 2013.