To search, Click below search items.

 

All Published Papers Search Service

Title

AutoFuzz: Automated Network Protocol Fuzzing Framework

Author

Serge Gorbunov, Arnold Rosenbloom

Citation

Vol. 10  No. 8  pp. 239-245

Abstract

Assessing software security involves steps such as code review, risk analysis, penetration testing and fuzzing. During the fuzzing phase, the tester’s goal is to find flaws in software by sending unexpected input to the target application and monitoring its behavior. In this paper we introduce the AutoFuzz [1] - extendable, open source framework used for testing network protocol implementations. AutoFuzz is a ‘smart’, man-in-the-middle, semi-deterministic network protocol fuzzing framework. AutoFuzz learns a protocol implementation by constructing a Finite State Automaton (FSA) which captures the observed communications between a client and a server [5]. In addition, AutoFuzz learns individual message syntax, including fields and probable types, by applying the bioinformatics techniques of [2]. Finally, AutoFuzz can fuzz client or server protocol implementations by intelligently modifying the communication sessions between them using the FSA as a guide. AutoFuzz was applied to a variety of File Transfer Protocol (FTP) server implementations, confirming old and discovering new vulnerabilities.

Keywords

Automated Fuzzing, Software Security, Vulnerability Detection

URL

http://paper.ijcsns.org/07_book/201008/20100836.pdf