Fuzz in the Dark: Genetic Algorithm for Black-Box Fuzzing

Abstract : Fuzzing (aka Fuzz-Testing) consists of automatically creating and evaluating inputs towards discovering vulnerabilities. Traditional undirected fuzzing may get stuck into one direction and thus may not be efficient in finding a broad range of local optima. In this work, we combine artificial intelligence and security testing techniques to guide the fuzzing via an evolutionary algorithm. Our work is the first application of a genetic algorithm for black-box fuzzing for vulnerability detection. We designed heuristics for fuzzing PDF interpreters searching for memory corruption vulnerabilities and for fuzzing websites for cross site scripting. Our evolutionary fuzzers ShiftMonkey and KameleonFuzz outperform traditional black-box fuzzers both in vulnerability detection capabilities and efficiency.
Type de document :
Communication dans un congrès
Black-Hat, 2013, São Paulo, Brazil. 2013
Liste complète des métadonnées

Contributeur : Catherine Oriat <>
Soumis le : lundi 14 avril 2014 - 17:31:03
Dernière modification le : jeudi 11 octobre 2018 - 08:48:01


  • HAL Id : hal-00978844, version 1



Fabien Duchene. Fuzz in the Dark: Genetic Algorithm for Black-Box Fuzzing. Black-Hat, 2013, São Paulo, Brazil. 2013. 〈hal-00978844〉



Consultations de la notice