Meta-control for Adaptive Cybersecurity in FUZZBUSTER

Abstract

Modern cyber attackers use sophisticated, highly-automated vulnerability search and exploit development tools to find new ways to break into target computers. To protect against such threats, we are developing FUZZBUSTER, a host-based adaptive security system that automatically discovers faults in hosted applications and incrementally refines and repairs the underlying vulnerabilities. To perform this self-adaptation, FUZZBUSTER uses meta-control to coordinate a diverse and growing set of custom and off-the-shelf fuzz-testing tools. FUZZ Buster's greedy meta-control strategy considers adaptation deadlines, the exploit potential of vulnerabilities, the usage schedule of vulnerable applications, and the expected performance of its various fuzz-testing and adaptation tools. In this paper, we demonstrate how FUZZ Buster's meta-control reasons efficiently about these factors, managing task selection to maximize the system's safety and effectiveness.