Program behavior-based fuzzing and vulnerability discovery

May 6, 2016 12:00 AM

Who: Gustavo Grieco (CIFASIS - CONICET and VERIMAG) When: 11:00, May 6 in Where: room EDIT 8103 Title: {{ page.title }}

Mutational fuzzing is a powerful tool to detect vulnerabilities in software. It requires a initial set of inputs for the program to test. A traditional criteria to select inputs is to maximize code coverage in order to try to use all the instructions at least once. Unfortunately it is still insufficient to deal with real-world code like complex parsers in order to discover vulnerable conditions.

In this talk we introduce a new approach based on program behaviors, in which traces are extracted and analyzed using Machine Learning to detect similarity between executions. Using this approach, we show how to perform vulnerability detection as well as preliminary results on how to improve seed selection for mutational fuzzing.

Previous Talks

{: .t60 } {% include list-posts tag=‘csstalk’%}