A Study on Hybrid Fuzzing using Dynamic Analysis for Automatic Binary Vulnerability Detection |
Kim, Taeeun
(Korea Internet & Security Agency)
Jurn, Jeesoo (Korea Internet & Security Agency) Jung, Yong Hoon (Dept. of Computer Science, SoongSil University) Jun, Moon-Seog (Dept. of Computer Science, SoongSil University) |
1 | S.H. Oh, T.E. Kim, H.W. Kim, "Technology Analysis on Automatic Detection and Defense of SW Vulnerabilities", Journal of the Korea Academia-Industrial cooperation Society, Vol. 18, No. 11, pp. 94-103, 2017. DOI: https://doi.org/10.5762/KAIS.2017.18.11.94 DOI |
2 | Defense Advanced Research Projects Agency(DARPA), Program, DARPA, c2016, From: https://www.darpa.mil/program/cyber-grand-challenge, (accessed Oct., 11, 2017). |
3 | Miller, B.P.; Fredriksen, L.; So, B. "An empirical study of the reliability of UNIX utilities", Commun. ACM 1990, 33, 32.44. DOI |
4 | Bekrar, S.; Bekrar, C.; Groz, R.; Mounier, L. "A taint based approach for smart fuzzing". In Proceedings of the IEEE Fifth International Conference on Software Testing, Verification and Validation, Montreal, QC, Canada, 17-21 April 2012; pp. 818-825. |
5 | American Fuzzy Lop. Available online: http://lcamtuf.coredump.cx/afl/ (accessed April 30, 2018). |
6 | King, J.C. "Symbolic execution and program testing". Commun. ACM 1976, 19, 385-394. DOI |
7 | Cha, S.K.; Avgerinos, T.; Rebert, A.; Brumley, "D. Unleashing mayhem on binary code". In Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 20-23 May 2012; pp. 380-394. |
8 | Stephens, N.; Grosen, J.; Salls, C.; Dutcher, A.;Wang, R.; Corbetta, J.; Shoshitaishvili, Y.; Kruegel, C.; Vigna, G. "Driller: Augmenting Fuzzing through Selective Symbolic Execution". NDSS 2016, 16, 1-16. |
9 | U.S. National Vulnerability Database. Available online: http://cve.mitre.org/cve/ (accessed April 30, 2019). |