期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于Fuzzing的软件漏洞发掘技术 被引量:1

Excavation Technology of Software Vulnerabilities Based on Fuzzing
下载PDF
导出
摘要 随着社会信息化的不断发展,软件的安全问题也越来越突出了。目前,绝大多数的软件都或多或少的存在着一些安全漏洞,而这些漏洞一旦被那些不怀好意的黑客利用,将会给软件公司和使用这些软件的人造成巨大的损失。所以,对软件的漏洞发掘工作就显得十分有必要,本文在总结Fuzzing技术的一些缺陷后,在测试数据生成、异常定位和自动分析方面对其进行了改进,设计了基于Fuzzing的漏洞发掘框架,并对一些核心模块加以实现,达到了预期目的。 With the continuous development of society informatization, the security problems of software are more and more highlighted. At present, the vast majority of software has security vulnerabilities more or less.Once these vulnerabilitiesare exploited by malicioushackers, huge losses will be caused for software companies and people who usingthe software.Therefore, theexcavations ofsecurity vulnerabilitiesare very necessary. This paper improves the aspects of test datageneratiou,abnonnal positioning and automated analysis after summarized somedefects of Fuzzing techniques,designsa vulnerabilityexcavation model based on Fuzzing and realizes some core modules to achieve thedesired purpose.
作者 李彤 黄轩 刘海燕 黄睿
机构地区 装甲兵工程学院信息工程系
出处 《价值工程》 2014年第3期197-199,共3页 Value Engineering
关键词 安全漏洞 漏洞发掘 FUZZING Fuzzer security vulnerabilities wllnerabilityexcavation Fuzzing Fuzzer
分类号 TP311.5 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献5

二级参考文献15

  • 1邵林,张小松,苏恩标.一种基于fuzzing技术的漏洞发掘新思路[J].计算机应用研究,2009,26(3):1086-1088. 被引量:17
  • 2徐良华,孙玉龙,高丰,朱鲁华.基于逆向工程的软件漏洞挖掘技术[J].微计算机信息,2006,22(08X):259-261. 被引量:10
  • 3[1]Jithra Khushbu.Microsoft Office Security[DB/OL].http://www.securityfocus.com/microsoft/infocus/1874,2007,3,1.
  • 4[3]Peter O.Violating Assumptions with Fuzzing.IEEE Security&Privacy,Pgs 58-62,March/April 2005.
  • 5SPIKE Proxy[EB/OL]. (2009-06-15). http://www.immunitysec. com/resources-freesoftware.shtml.
  • 6Sutton M, Greene A, Amini P. 模糊测试-强制性安全漏洞发掘[M]. 李虎, 译. 北京: 机械工业出版社, 2009.
  • 7王继刚, 曲慧文. 软件漏洞发掘与安全防范实战[M]. 北京:人民邮电出版社, 2010.
  • 8eEyE Security.eEye binary diffing suite(EBDS).Version1.0.5. http://research.eeye.com/html/tools/RT20060801-1.html .
  • 9I.Krsul.Software Vulnerability Analysis[]..1998
  • 10Flake H.Structural comparison of executable objects[].Proceedings of the IEEE Conference on Detection of Intrusions and Malware and Vulnerability Assessment(DIMVA).2004

共引文献46

同被引文献14

  • 1中国信息安全测评中心.信息安全漏洞周报[DB/OL].http ://www. cnnvd, org, cn/news/vulreport#, 2015-12-04.
  • 2Miller B P, Fredriksen L, So B. An empirical study of the reliability of Unix utilities [ J ]. Communications of the ACM, 1990,33(12) :32-44.
  • 3Hammersland R, Snekkenes E. Fuzz Testing of Web Ap- plications [ DB/OL]. http ://www. aqualab, cs. northwest- ern. edu/conferences/HotWeb08/papers/Hammersland- FTW. pdf, 2012-12-20.
  • 4Bozic J, Garn B, Kapsalis I, et al. Attack pattern-based combinatorial testing with constraints for Web security tes- ting[ C ]// Proceedings of the 2015 IEEE International Conference on Software Quality, Reliability and Security (QRS). 2015:207-212.
  • 5Gain B, Kapsalis I, Simos D E, et al. On the applicability of combinatorial testing to Web application security testing: A case study[ C]//Proceedings of the 2014 Workshop on Joining AcadeMiA and Industry Contributions to Test Auto- mation and Model-based Testing. 2014:16-21.
  • 6Duchene F, Groz R, Rawat S, et al. XSS vulnerability de- tection using model inference assisted evolutionary fuzzing [ C]// Proceedings of the IEEE 5th International Confer- ence on Software Testing, Verification and Validation. 2012:815-817.
  • 7Hydara I, Sultan A B M, Zulzalil H, et al. An approach for cross-site scripting detection and removal based on ge- netic algorithms[ C ]/! Proceedings of the 9th International Conference on Software Engineering Advances. 2014:227- 232.
  • 8Srivastava P R, Kim T. Application of genetic algorithm in software testing[ J]. International Journal of Software Engi- neering and Its Applications, 2009,3 (4) : 87 -96.
  • 9Bankovic Z, Stepanovi6 D, Bojanic S, et al. Improving network security using genetic algorithm approach [ J ]. Computers & Electrical Engineering, 2007,33 (5-6) :438- 451.
  • 10Islam A B M, Azad A, Alarm K, et al. Security attack de- tection using genetic algorithm (GA) in policy based net- work[ C ]// Proceedings of the 2007 International Confer- ence on Information and Communication Technology. 2007 : 341-347.

引证文献1

二级引证文献2

价值工程
2014年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部