Skip to Main content Skip to Navigation
Conference papers

Fuzz in the Dark: Genetic Algorithm for Black-Box Fuzzing

Abstract : Fuzzing (aka Fuzz-Testing) consists of automatically creating and evaluating inputs towards discovering vulnerabilities. Traditional undirected fuzzing may get stuck into one direction and thus may not be efficient in finding a broad range of local optima. In this work, we combine artificial intelligence and security testing techniques to guide the fuzzing via an evolutionary algorithm. Our work is the first application of a genetic algorithm for black-box fuzzing for vulnerability detection. We designed heuristics for fuzzing PDF interpreters searching for memory corruption vulnerabilities and for fuzzing websites for cross site scripting. Our evolutionary fuzzers ShiftMonkey and KameleonFuzz outperform traditional black-box fuzzers both in vulnerability detection capabilities and efficiency.
Document type :
Conference papers
Complete list of metadata
Contributor : Catherine Oriat Connect in order to contact the contributor
Submitted on : Monday, April 14, 2014 - 5:31:03 PM
Last modification on : Sunday, June 26, 2022 - 4:59:41 AM


  • HAL Id : hal-00978844, version 1




Fabien Duchene. Fuzz in the Dark: Genetic Algorithm for Black-Box Fuzzing. Black-Hat, 2013, São Paulo, Brazil. ⟨hal-00978844⟩



Record views