29 Hits in 1.6 sec

Fuzzing: Challenges and Reflections

Marcel Boehme, Cristian Cadar, Abhik ROYCHOUDHURY
2020 IEEE Software  
A gray-box fuzzer uses program feedback to boost the efficiency of finding errors. However, this program feedback introduces an adaptive bias.  ...  Theoretical Limitations What are the theoretical limitations of black-, gray-, white-box fuzzing? Blackand gray box-fuzzers are highly efficient-but at the cost of effectiveness.  ... 
doi:10.1109/ms.2020.3016773 fatcat:rwed32prwffdplwi7y6aw4frwy

Exploratory Review of Hybrid Fuzzing for Automated Vulnerability Detection

Fayozbek Rustamov, Juhwan Kim, Jihyeon Yu, Joobeom Yun
2021 IEEE Access  
Similarly, symbolic execution has gained the most attention as an efficient testing tool for producing smart test-inputs and discovering hard-to-reach bugs using search-based heuristics and compositional  ...  Recently, software testing has become a significant component of information security.  ...  Contrary to the CE of a traditional hybrid fuzzer that invokes an SMT solver to achieve an efficient solution directly, Pangolin produces a description of these unexplored basic blocks that denote the  ... 
doi:10.1109/access.2021.3114202 fatcat:6yvqxkcqcvg5xl4g2bjf6ndsue

DeepHunter: Hunting Deep Neural Network Defects via Coverage-Guided Fuzzing [article]

Xiaofei Xie, Lei Ma, Felix Juefei-Xu, Hongxu Chen, Minhui Xue, Bo Li, Yang Liu, Jianjun Zhao, Jianxiong Yin, Simon See
2018 arXiv   pre-print
In this paper, we propose DeepHunter, an automated fuzz testing framework for hunting potential defects of general-purpose DNNs.  ...  DeepHunter performs metamorphic mutation to generate new semantically preserved tests, and leverages multiple plugable coverage criteria as feedback to guide the test generation from different perspectives  ...  To boost the efficiency of fuzzing, we expect to mutate more images that have higher mutation potential.  ... 
arXiv:1809.01266v3 fatcat:xyjpjnlvojazvhqv5u6wpod4qu

MUZZ: Thread-aware Grey-box Fuzzing for Effective Bug Hunting in Multithreaded Programs [article]

Hongxu Chen, Shengjian Guo, Yinxing Xue, Yulei Sui, Cen Zhang, Yuekang Li, Haijun Wang, Yang Liu
2020 arXiv   pre-print
Therefore, mainstream grey-box fuzzers cannot effectively test problematic segments in multithreaded programs despite they might obtain high code coverage statistics.  ...  It serves as the baseline fuzzer. 4) MOPT [33] is the recently proposed general-purpose fuzzer that leverages adaptive mutations to increase the overall fuzzing efficiency.  ...  In particular, we observed that, theoretically, at most 4 CVE records could be detected by grey-box fuzzers that work on user-space programs.  ... 
arXiv:2007.15943v1 fatcat:lnjyjzixh5c5fnnlizhlm6yph4

Robustness Evaluations of Sustainable Machine Learning Models Against Data Poisoning Attacks in the Internet of Things

Corey Dunn, Nour Moustafa, Benjamin Turnbull
2020 Sustainability  
It is an ongoing research challenge to develop trustworthy machine learning models resilient and sustainable against data poisoning attacks in IoT networks.  ...  We studied the effects of data poisoning attacks on machine learning models, including the gradient boosting machine, random forest, naive Bayes, and feed-forward deep learning, to determine the levels  ...  The nature of IoT is unique, and differs from other applications from several perspectives; from a network perspective, from a cyber-security perspective [22] , and also from a machine learning perspective  ... 
doi:10.3390/su12166434 fatcat:gthsao5jxvde5iwyzthd5bkmb4

Densely Connected Residual Network for Attack Recognition [article]

Peilun Wu, Nour Moustafa, Shiyi Yang, Hui Guo
2020 arXiv   pre-print
From the algorithmic perspective, both classical and deep learning approaches have advantages and drawbacks.  ...  NULL Fuzzer: OSPF Database Description Packet: Basic NULL Fuzzer: HTTP GET Request Invalid URI Generic CVE 2011-2748 McAfee SiteManager ActiveX Control ExportSiteList Buffer Overflow CVE  ... 
arXiv:2008.02196v1 fatcat:qfspusuj75gxvliu3lychkgs5m

Abstracts from the 9th DACH+ Conference on Energy Informatics

2020 Energy Informatics  
Based on a structured process for fuzzing in this specific domain we develop a fuzzer that has been made publicly available to ensure repeatability of the results and ease further security assessments  ...  Availability of data and materials After the final publication of the results, the model and the model results will be made freely accessible via an online platform.  ...  For example, if households will adopt appliances with higher energy efficiency, an efficiency factor can be used to scale down the residential load profile; if PV-battery systems will be installed in households  ... 
doi:10.1186/s42162-020-00113-9 fatcat:dgbgi6ybzjextfsllsuv4wqokq

Towards Effective Network Intrusion Detection: From Concept to Creation on Azure Cloud

Smitha Rajagopal, Poornima Panduranga Kundapur, K. S Hareesha
2021 IEEE Access  
We have validated the efficiency of the proposed design using three contemporary datasets namely UNSW NB-15, CICIDS 2017, and CICDDOS 2019.  ...  There is an incessant need to safeguard these resources to avoid further damage.  ...  As elaborated in [58] , the primary techniques used to combine classifiers are bagging, boosting and stacking.  ... 
doi:10.1109/access.2021.3054688 fatcat:bp3g5iqds5fuxokzwup2o5cvmm

Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing

Jinghan Wang, Chengyu Song, Heng Yin
2021 Proceedings 2021 Network and Distributed System Security Symposium   unpublished
However, if the fuzzer can preserve important waypoints, e.g., by breaking the 32-bit magic number into four 8-bit number [25] , then solving this checking will be much more efficient since the answer  ...  To better illustrate this, consider flipping a magic number check a = 0xdeadbeef as an example.  ...  Entropic [7] targets on the test cases that a seed has generated, evaluating the diversity of coverage features they exercise via the information-theoretic entropy.  ... 
doi:10.14722/ndss.2021.24486 fatcat:rop3plcwcbcolgsncsw37jckiq

Automated Use-After-Free Detection and Exploit Mitigation: How Far Have We Gone

Binfa Gui, Wei Song, Hailong Xiong, Jeff Huang
2021 IEEE Transactions on Software Engineering  
Sekar, “An efficient and rity, CCS’14, 2014, pp. 1529–1531.  ...  In this section, From a broad perspective, UAFs are essentially equiv- we first provide an overview of UAF detection and exploit alent  ... 
doi:10.1109/tse.2021.3121994 fatcat:35opzmr2gbg67mnftjkdedm7y4

Benchmarking of Machine Learning for Anomaly-Based Intrusion Detection Systems in the CICIDS2017 Dataset

Ziadoon K. Maseer, Robiah Yusof, Nazrulazhar Bahaman, Salama A. Mostafa, Cik Feresa Mohd Foozy
2021 IEEE Access  
The training and testing time for ML-AIDS models are also considered in measuring their performance efficiency given that time complexity is an important factor in AIDSs.  ...  An intrusion detection system (IDS) is an important protection instrument for detecting complex network attacks.  ...  ACKNOWLEDGMENT The authors would like to thank the INSFORNET, Center for Advanced Computing Technology (C-ACT), Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka.  ... 
doi:10.1109/access.2021.3056614 fatcat:a3gldrutmvcg5bsbkyxa25zqvm

Cyber-Physical Systems Security: Limitations, Issues and Future Trends

Jean-Paul A. Yaacoub, Ola Salman, Hassan N. Noura, Nesrine Kaaniche, Ali Chehab, Mohamad Malli
2020 Microprocessors and microsystems  
Since cyber security is not limited to a single aspect, it can be considered from different perspectives, such as: • Centring Information: which requires protecting the data flow during the storage phase  ...  extensible components, it also supports ICCP, modbus and DNP3 fuzzing modules SPIKE [253] designed to focus on finding exploitable bugs It is a fuzzer creation kit, it provides an API to allow users  ... 
doi:10.1016/j.micpro.2020.103201 pmid:32834204 pmcid:PMC7340599 fatcat:omeihta4vbe55cohyhbhi56mzm

A GAN and Feature Selection-Based Oversampling Technique for Intrusion Detection

Xiaodong Liu, Tong Li, Runzi Zhang, Di Wu, Yongheng Liu, Zhen Yang, Savio Sciancalepore
2021 Security and Communication Networks  
The development of efficient and reliable Intrusion Detection Systems (IDSs) is an effective countermeasure against the growing cyber threats.  ...  Based on the findings, we take the perspective of imbalance and high dimensionality of datasets in the field of intrusion detection and propose an oversampling technique based on Generative Adversarial  ...  Conclusion and Future Work In this paper, we take the perspective of imbalance and high dimensionality of datasets in intrusion detection and propose an oversampling intrusion detection technique based  ... 
doi:10.1155/2021/9947059 fatcat:g7eba72uarfwni4tqwazltjdg4

A Review on Machine Learning Approaches for Network Malicious Behavior Detection in Emerging Technologies

Mahdi Rabbani, Yongli Wang, Reza Khoshkangini, Hamed Jelodar, Ruxin Zhao, Sajjad Bagheri Baba Ahmadi, Seyedvalyallah Ayobi
2021 Entropy  
Therefore, this paper offers an exhaustive overview of different aspects of anomaly-based network intrusion detection systems (NIDSs).  ...  Datasets The dataset is an important component of any anomaly detection system to assess the efficiency and effectiveness of a detection and recognition system.  ...  Boosting, bagging and stacking in ensemble learning approaches.  ... 
doi:10.3390/e23050529 pmid:33923125 fatcat:d7sfiqhbkzhtre3vtl74eh67qy

Use of Security Logs for Data Leak Detection: A Systematic Literature Review

Ricardo Ávila, Raphaël Khoury, Richard Khoury, Fábio Petrillo, Flavio Lombardi
2021 Security and Communication Networks  
By analyzing them, security experts can pick out anomalies that reveal the presence of cyber attacks or information leaks and stop them quickly before serious damage occurs.  ...  Our findings are fourfold: (i) we propose a new classification of information leaks, which uses the GDPR principles; (ii) we identify the twenty most widely used publicly available datasets in threat detection  ...  Adaptive Boosting, or simply Adaboost, is an algorithm that consists of sequentially combining several weaker models.  ... 
doi:10.1155/2021/6615899 fatcat:ung2fccx25cvdne2ey2u25btuu
« Previous Showing results 1 — 15 out of 29 results