Skip to Main content Skip to Navigation
Conference papers

Fuzz in the Dark: Genetic Algorithm for Black-Box Fuzzing

Abstract : Fuzzing (aka Fuzz-Testing) consists of automatically creating and evaluating inputs towards discovering vulnerabilities. Traditional undirected fuzzing may get stuck into one direction and thus may not be efficient in finding a broad range of local optima. In this work, we combine artificial intelligence and security testing techniques to guide the fuzzing via an evolutionary algorithm. Our work is the first application of a genetic algorithm for black-box fuzzing for vulnerability detection. We designed heuristics for fuzzing PDF interpreters searching for memory corruption vulnerabilities and for fuzzing websites for cross site scripting. Our evolutionary fuzzers ShiftMonkey and KameleonFuzz outperform traditional black-box fuzzers both in vulnerability detection capabilities and efficiency.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-00978844
Contributor : Catherine Oriat <>
Submitted on : Monday, April 14, 2014 - 5:31:03 PM
Last modification on : Thursday, November 19, 2020 - 12:59:52 PM

Identifiers

  • HAL Id : hal-00978844, version 1

Collections

CNRS | LIG | UGA

Citation

Fabien Duchene. Fuzz in the Dark: Genetic Algorithm for Black-Box Fuzzing. Black-Hat, 2013, São Paulo, Brazil. ⟨hal-00978844⟩

Share

Metrics

Record views

1291