Title :
Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing
Author :
Liu Guang-Hong ; Wu Gang ; Tao, Zheng ; Shuai Jian-Mei ; Tang Zhuo-Chun
Author_Institution :
Dept. of Autom., Univ. of Sci. & Technol. of China, Hefei
Abstract :
Fuzzing was successfully used to discover security bugs in popular programs, though released without source code. It becomes a major tool in security analysis, but needs large input space, ineffective. This paper presents a new method for the identification of vulnerabilities in executable program called GAFuzzing (genetic algorithm fuzzing), which combines static and dynamic analysis to extend random fuzzing. First, it uses static analysis to obtain the structural behavior, interface and interest region of code, then formally describes test requirement. Second, it uses genetic algorithm to intelligently direct test data generation and improve the testing objective. Unlike many software testing tools, our implementation analyzes the executables without source code directly. Our evaluation shows that GAFuzzing is superior to random fuzzing for vulnerability analysis.
Keywords :
genetic algorithms; program diagnostics; program testing; GAFuzzing; X86 executables; dynamic analysis; executable program; genetic algorithm; random fuzzing; software testing tool; static analysis; test data generation; vulnerability analysis; Algorithm design and analysis; Automation; Computer bugs; Data analysis; Genetic algorithms; Information analysis; Information security; Information technology; Space technology; Testing; Fuzzing; Genetic Algorithm; Vulnerability Analysis;
Conference_Titel :
Convergence and Hybrid Information Technology, 2008. ICCIT '08. Third International Conference on
Conference_Location :
Busan
Print_ISBN :
978-0-7695-3407-7
DOI :
10.1109/ICCIT.2008.9
