Dissertation
Dissertation > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer software > Program design,software engineering > Software Engineering > Software Maintenance

Research of Fuzzing Based on Genetic Algorithm

Author ZhangShuQin
Tutor XuLanFang
School Huazhong University of Science and Technology
Course Information Security
Keywords Vulnerability Discovery Evolutionary Fuzzing Genetic Algorithms Code Coverage
CLC TP311.53
Type Master's thesis
Year 2011
Downloads 16
Quotes 0
Download Dissertation

With an increase in software security vulnerabilities numbers, more and more researcher pay attention to the discovering technology of software security vulnerabilies, and fuzzing is one of the most widely used. Existing fuzzing methods have some defects in protocols vulnerabilities discovery such as can not evaluate the fulfillment degree of fuzzing、low hit of test case and automated protocol dissection, resulted in ineffectiveness in fuzzing and harder to find more bugs.To improve the traditional fuzzing on test case generation and automated protocol dissection, by the idea of evolutionary test, using GA to search for the test case which learn the protocol more in the generation process of fuzz data, this paper proposes a evolutionary fuzzing to achieve the purpose of automated protocol fuzzing. According to the character of network access data, this paper designed and implemented the GA for the evolutionary fuzzing, including the encode mode, population initialization, fitness function, crossover and mutation, and discuss the question evolving on functions hit or basic blocks hit would be better, finally applies the fuzzing heuristics. By using IDA and PaiMei, on the basis of GPF, combining with the evolutionary fuzzing to complete the fuzzer.This fuzzer is used to do three experiments of discovering software vulnerabilities on Gold FTP server. Comparative study on the fitness of pool and session and crash tool, analysis various factors that may influence the experimental results.The results of experiments show that the evolutionary fuzzing can provide helps on automating protocol dissection through improving code coverage.Consider the difference between code coverage and path coverage, it also needs to analysis path coverage to cover all attack surface for evolutionary fuzzing.

Related Dissertations
More Dissertations