Meta-control for Adaptive Cybersecurity in FUZZBUSTER

David J. Musliner, Scott E. Friedman, Jeffrey M. Rye, Tom Marble
2013 2013 IEEE 7th International Conference on Self-Adaptive and Self-Organizing Systems  
Modern cyber attackers use sophisticated, highlyautomated vulnerability search and exploit development tools to find new ways to break into target computers. To protect against such threats, we are developing FUZZBUSTER, a hostbased adaptive security system that automatically discovers faults in hosted applications and incrementally refines and repairs the underlying vulnerabilities. To perform this selfadaptation, FUZZBUSTER uses meta-control to coordinate a diverse and growing set of custom
more » ... d off-the-shelf fuzz-testing tools. FUZZBUSTER's greedy meta-control strategy considers adaptation deadlines, the exploit potential of vulnerabilities, the usage schedule of vulnerable applications, and the expected performance of its various fuzz-testing and adaptation tools. In this paper, we demonstrate how FUZZBUSTER's meta-control reasons efficiently about these factors, managing task selection to maximize the system's safety and effectiveness.
doi:10.1109/saso.2013.29 dblp:conf/saso/MuslinerFRM13 fatcat:g4u5lefas5h3lk4azkyjlcgf7i