Leveraging Textual Specifications for Grammar-Based Fuzzing of Network Protocols

被引：0

作者：

Jero, Samuel ^{[1
]}

Pacheco, Maria Leonor ^{[1
]}

Goldwasser, Dan ^{[1
]}

Nita-Rotaru, Cristina ^{[2
]}

机构：

[1] Purdue Univ, W Lafayette, IN 47907 USA

[2] Northeastern Univ, Boston, MA 02115 USA

来源：

THIRTY-THIRD AAAI CONFERENCE ON ARTIFICIAL INTELLIGENCE / THIRTY-FIRST INNOVATIVE APPLICATIONS OF ARTIFICIAL INTELLIGENCE CONFERENCE / NINTH AAAI SYMPOSIUM ON EDUCATIONAL ADVANCES IN ARTIFICIAL INTELLIGENCE | 2019年

关键词：

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Grammar-based fuzzing is a technique used to find software vulnerabilities by injecting well-formed inputs generated following rules that encode application semantics. Most grammar-based fuzzers for network protocols rely on human experts to manually specify these rules. In this work we study automated learning of protocol rules from textual specifications (i.e. RFCs). We evaluate the automatically extracted protocol rules by applying them to a state-of-the-art fuzzer for transport protocols and show that it leads to a smaller number of test cases while finding the same attacks as the system that uses manually specified rules.

引用

页码：9478 / 9483

页数：6

共 50 条

[1] Grammar-based Fuzzing
Sargsyan, Sevak
Kurmangaleev, Shamil
Mehrabyan, Matevos
Mishechkin, Maksim
Ghukasyan, Tsolak
Asryan, Sergey
[J]. 2018 IVANNIKOV MEMORIAL WORKSHOP (IVMEM 2018), 2018, : 32 - 35
[2] SpecFuzzer: A Tool for Inferring Class Specifications via Grammar-based Fuzzing
Molina, Facundo
d'Amorim, Marcelo
Aguirre, Nazareno
[J]. 2023 38TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING, ASE, 2023, : 2094 - 2097
[3] SpecFuzzer: A Tool for Inferring Class Specifications via Grammar-Based Fuzzing
Molina, Facundo
D'Amorim, Marcelo
Aguirre, Nazareno
[J]. Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering, ASE 2023, 2023, : 2094 - 2097
[4] Grammar-based Whitebox Fuzzing
Godefroid, Patrice
Kiezun, Adam
Levin, Michael Y.
[J]. PLDI'08: PROCEEDINGS OF THE 2008 SIGPLAN CONFERENCE ON PROGRAMMING LANGUAGE DESIGN & IMPLEMENTATION, 2008, : 206 - +
[5] Grammar-based whitebox fuzzing
Godefroid, Patrice
Kiezun, Adam
Levin, Michael Y.
[J]. ACM SIGPLAN NOTICES, 2008, 43 (06) : 206 - 215
[6] A Novel Network Protocol Syntax Extracting Method for Grammar-Based Fuzzing
Li, Huashan
Zhang, Lei
Zhao, Dawei
Xu, Lijuan
Li, Xin
Yang, Shumian
Han, Xiaohui
[J]. APPLIED SCIENCES-BASEL, 2024, 14 (06):
[7] Bottleneck Analysis via Grammar-based Performance Fuzzing
Koroglu, Yavuz
Wotawa, Franz
[J]. 2023 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION WORKSHOPS, ICSTW, 2023, : 180 - 185
[8] Grammar-based Adaptive Fuzzing: Evaluation on SCADA Modbus Protocol
Yoo, Hyunguk
Shon, Taeshik
[J]. 2016 IEEE INTERNATIONAL CONFERENCE ON SMART GRID COMMUNICATIONS (SMARTGRIDCOMM), 2016,
[9] TREELINE and SLACKLINE: Grammar-Based Performance Fuzzing on Coffee Break
Alsaeed, Ziyad
Young, Michal
[J]. PROCEEDINGS OF THE 32ND ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS, ISSTA 2023, 2023, : 1507 - 1510
[10] Conformance Testing of Formal Semantics Using Grammar-Based Fuzzing
Marmsoler, Diego
Brucker, Achim D.
[J]. TESTS AND PROOFS (TAP 2022), 2022, 13361 : 106 - 125

← 1 2 3 4 5 →