To search, Click below search items. |
| All Published Papers Search Service |
|
|
|
Title |
AutoFuzz: Automated Network Protocol Fuzzing Framework |
|
Author |
Serge Gorbunov, Arnold Rosenbloom |
| Citation |
Vol. 10 No. 8 pp. 239-245 |
|
Abstract |
Assessing software security involves steps such as code review, risk analysis, penetration testing and fuzzing. During the fuzzing phase, the tester¡¯s goal is to find flaws in software by sending unexpected input to the target application and monitoring its behavior. In this paper we introduce the AutoFuzz [1] - extendable, open source framework used for testing network protocol implementations. AutoFuzz is a ¡®smart¡¯, man-in-the-middle, semi-deterministic network protocol fuzzing framework. AutoFuzz learns a protocol implementation by constructing a Finite State Automaton (FSA) which captures the observed communications between a client and a server [5]. In addition, AutoFuzz learns individual message syntax, including fields and probable types, by applying the bioinformatics techniques of [2]. Finally, AutoFuzz can fuzz client or server protocol implementations by intelligently modifying the communication sessions between them using the FSA as a guide. AutoFuzz was applied to a variety of File Transfer Protocol (FTP) server implementations, confirming old and discovering new vulnerabilities. |
|
Keywords |
Automated Fuzzing, Software Security, Vulnerability Detection |
|
URL |
