Exploring Effective Fuzzing Strategies to Analyze Communication Protocols
作者: Yurong Chen , Yongsheng Mei , Tian Lan , Guru Venkataramani
关键词: Computer science 、 Handshake 、 Communications protocol 、 Computer network 、 Protocol (object-oriented programming) 、 Stateful firewall 、 Code (cryptography) 、 Network packet 、 Fuzz testing 、 Code coverage
摘要: … greybox fuzzer. In order to achieve higher code coverage, we design stateful protocol fuzzing strategies for communication protocols to explore the code related to different protocol …
acm.org
sci-hub.st 参考文章(26)
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
Sang Kil Cha, Maverick Woo, David Brumley, Program-Adaptive Mutational Fuzzing 2015 IEEE Symposium on Security and Privacy. pp. 725- 741 ,(2015) , 10.1109/SP.2015.50
Cristian Cadar, Daniel Dunbar, Dawson Engler, KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs operating systems design and implementation. pp. 209- 224 ,(2008) , 10.5555/1855741.1855756
Erik Poll, Joeri De Ruiter, Protocol state fuzzing of TLS implementations usenix security symposium. pp. 193- 206 ,(2015)
Ulf Kargén, Nahid Shahmehri, Turning programs against each other: high coverage fuzz-testing using binary-code mutation and dynamic slicing foundations of software engineering. pp. 782- 792 ,(2015) , 10.1145/2786805.2786844
Serge Gorbunov, Arnold Rosenbloom, AutoFuzz: Automated Network Protocol Fuzzing Framework ,(2010)
Hugo Gascon, Christian Wressnegger, Fabian Yamaguchi, Daniel Arp, Konrad Rieck, Pulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols international conference on security and privacy in communication systems. pp. 330- 347 ,(2015) , 10.1007/978-3-319-28865-9_18
Yongbo Li, Fan Yao, Tian Lan, Guru Venkataramani, SARRE: Semantics-Aware Rule Recommendation and Enforcement for Event Paths on Android IEEE Transactions on Information Forensics and Security. ,vol. 11, pp. 2748- 2762 ,(2016) , 10.1109/TIFS.2016.2596141
Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, None, Driller: Augmenting Fuzzing Through Selective Symbolic Execution. network and distributed system security symposium. ,(2016) , 10.14722/NDSS.2016.23368
Patrice Godefroid, Hila Peleg, Rishabh Singh, Learn&Fuzz: machine learning for input fuzzing automated software engineering. pp. 50- 59 ,(2017) , 10.1109/ASE.2017.8115618