Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Sherri Sparks Articles by Shawn Embleton Articles by Ryan Cunningham Articles by Cliff Zou

Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)

Miami Beach, Florida, USA

December 10-December 14

ISBN: 0-7695-3060-5

	ASCII Text	x
	Sherri Sparks, Shawn Embleton, Ryan Cunningham, Cliff Zou, "Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting," Computer Security Applications Conference, Annual, pp. 477-486, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), 2007.

	BibTex	x
	@article{ 10.1109/ACSAC.2007.27, author = {Sherri Sparks and Shawn Embleton and Ryan Cunningham and Cliff Zou}, title = {Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2007}, issn = {1063-9527}, pages = {477-486}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2007.27}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting SN - 1063-9527 SP477 EP486 A1 - Sherri Sparks, A1 - Shawn Embleton, A1 - Ryan Cunningham, A1 - Cliff Zou, PY - 2007 VL - 0 JA - Computer Security Applications Conference, Annual ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2007.27

We present an extension of traditional "black box" fuzz testing using a genetic algorithm based upon a Dynamic Markov Model fitness heuristic. This heuristic allows us to "intelligently" guide input selection based upon feedback concerning the "success" of past inputs that have been tried. Unlike many software testing tools, our implementation is strictly based upon binary code and does not require that source code be available. Our evaluation on a Windows server program shows that this approach is superior to random black box fuzzing for increasing code coverage and depth of penetration into program control flow logic. As a result, the technique may be beneficial to the development of future automated vulnerability analysis tools.

Citation:

Sherri Sparks, Shawn Embleton, Ryan Cunningham, Cliff Zou, "Automated Vulnerability Analysis: Leveraging Control Flow for Evolutionary Input Crafting," acsac, pp.477-486, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.