{"title":"一种寻找缓冲区溢出漏洞的进化计算方法:以昏暗光线下瞄准为例","authors":"S. Rawat, L. Mounier","doi":"10.1109/EC2ND.2010.14","DOIUrl":null,"url":null,"abstract":"We propose an approach in the form of a light weight smart fuzzer to generate string based inputs to detect buffer overflow vulnerability in C code. The approach is based on an evolutionary algorithm which is a combination of genetic algorithm and evolutionary strategies. In this preliminary work we focus on the problem that there are constraints on string inputs that must be satisfied in order to reach the vulnerable statement in the code and we have very little or no knowledge about them. Unlike other similar approaches, our approach is able to generate such inputs without knowing these constraints explicitly. It learns these constraints automatically while generating inputs dynamically by executing the vulnerable program. We provide few empirical results on a benchmarking dataset-Verisec suite of programs.","PeriodicalId":375908,"journal":{"name":"2010 European Conference on Computer Network Defense","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":"{\"title\":\"An Evolutionary Computing Approach for Hunting Buffer Overflow Vulnerabilities: A Case of Aiming in Dim Light\",\"authors\":\"S. Rawat, L. Mounier\",\"doi\":\"10.1109/EC2ND.2010.14\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose an approach in the form of a light weight smart fuzzer to generate string based inputs to detect buffer overflow vulnerability in C code. The approach is based on an evolutionary algorithm which is a combination of genetic algorithm and evolutionary strategies. In this preliminary work we focus on the problem that there are constraints on string inputs that must be satisfied in order to reach the vulnerable statement in the code and we have very little or no knowledge about them. Unlike other similar approaches, our approach is able to generate such inputs without knowing these constraints explicitly. It learns these constraints automatically while generating inputs dynamically by executing the vulnerable program. We provide few empirical results on a benchmarking dataset-Verisec suite of programs.\",\"PeriodicalId\":375908,\"journal\":{\"name\":\"2010 European Conference on Computer Network Defense\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"25\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 European Conference on Computer Network Defense\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EC2ND.2010.14\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 European Conference on Computer Network Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EC2ND.2010.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Evolutionary Computing Approach for Hunting Buffer Overflow Vulnerabilities: A Case of Aiming in Dim Light
We propose an approach in the form of a light weight smart fuzzer to generate string based inputs to detect buffer overflow vulnerability in C code. The approach is based on an evolutionary algorithm which is a combination of genetic algorithm and evolutionary strategies. In this preliminary work we focus on the problem that there are constraints on string inputs that must be satisfied in order to reach the vulnerable statement in the code and we have very little or no knowledge about them. Unlike other similar approaches, our approach is able to generate such inputs without knowing these constraints explicitly. It learns these constraints automatically while generating inputs dynamically by executing the vulnerable program. We provide few empirical results on a benchmarking dataset-Verisec suite of programs.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
