IFuzzer: An Evolutionary Interpreter Fuzzer Using Genetic Programming

Created by W.Langdon from gp-bibliography.bib Revision:1.8051

@InProceedings{conf/esorics/VeggalamRHB16,

• title = "{IFuzzer}: An Evolutionary Interpreter Fuzzer Using Genetic Programming",
• author = "Spandan Veggalam and Sanjay Rawat and Istvan Haller and Herbert Bos",
• bibdate = "2017-05-23",
• bibsource = "DBLP, http://dblp.uni-trier.de/db/conf/esorics/esorics2016-1.html#VeggalamRHB16",
• booktitle = "Proceedings of the 21st European Symposium on Research in Computer Security, ESORICS 2016, Part I",
• publisher = "Springer",
• year = "2016",
• volume = "9878",
• editor = "Ioannis G. Askoxylakis and Sotiris Ioannidis and Sokratis K. Katsikas and Catherine A. Meadows",
• isbn13 = "978-3-319-45743-7",
• pages = "581--601",
• month = sep # " 26-30",
• address = "Heraklion, Greece",
• series = "Lecture Notes in Computer Science",
• keywords = "genetic algorithms, genetic programming, SBSE, fuzzing system, security vulnerability, evolutionary computing",
• URL = "https://link.springer.com/chapter/10.1007%2F978-3-319-45744-4_29",
• DOI = "doi:10.1007/978-3-319-45744-4_29",
• abstract = "We present an automated evolutionary fuzzing technique to find bugs in JavaScript interpreters. Fuzzing is an automated black box testing technique used for finding security vulnerabilities in the software by providing random data as input. However, in the case of an interpreter, fuzzing is challenging because the inputs are piece of codes that should be syntactically/semantically valid to pass the interpreter's elementary checks. On the other hand, the fuzzed input should also be uncommon enough to trigger exceptional behaviour in the interpreter, such as crashes, memory leaks and failing assertions. In our approach, we use evolutionary computing techniques, specifically genetic programming, to guide the fuzzer in generating uncommon input code fragments that may trigger exceptional behaviour in the interpreter. We implement a prototype named IFuzzer to evaluate our technique on real-world examples. IFuzzer uses the language grammar to generate valid inputs. We applied IFuzzer first on an older version of the JavaScript interpreter of Mozilla (to allow for a fair comparison to existing work) and found 40 bugs, of which 12 were exploitable. On subsequently targeting the latest builds of the interpreter, IFuzzer found 17 bugs, of which four were security bugs.",

}

Genetic Programming entries for Spandan Veggalam Sanjay Rawat Istvan Haller Herbert Bos

Citations