Presenting an Intelligence Test Data Generation Method to Discover Software Vulnerabilities

Document Type : -

Authors

Imam Hossein Comprehensive University

Abstract

In this paper, a gray box fuzzer is presented to detect vulnerabilities in executable binary code. The literature surveys show that fuzz testing has three major problems. At first, the input space provided by the fuzzers to coverage execution paths in a binary program, can be very large. Secondly, most fuzzers can not support sufficient coverage of execution paths because of large input space. Finally, a large number of possible vulnerabilities can not reveal within an unseen execution path because of this unsufficient coverage. The proposed method, resolves the problem of large input space, in an evolutionary process, by conducting the test data generation towards suspicious paths in which one or more vulnerability patterns are observed. In the presented method, when a vulnerablility pattern is observed in an execution path by a test data, the next test data is generated revealing the vulnerablity. As a result, the number of detected vulnerabilities can increase. Our evaluations show better performance of presented method compared to other fuzz testing methods.

Keywords


[1]     Takanen, A.; Demott, J. D.; Miller, C. “Fuzzing for Software Security Testing and Quality Assurance”; Artech. House, 2008.
[2]     Godefroid, P.; Levin, M.; Molnar, Y. “Automated White Box Fuzz Testing”; Proceedings of Network and Distributed Systems Security 2008.
[3]     Marcellino, B. A.; Hsiao, M. S. “Dynamic Partitioning Strategy to Enhance Symbolic Execution”; Design, Automation & Test in Europe Conference & Exhibition 2016, 774-779.
[4]     Yang, S.; Man, T.; Xu, J.; Zeng, F.; Li, K. “RGA: A Lightweight and Effective Regeneration Genetic Algorithm for Coverage-oriented Software Test Data Generation”; Information and Software Technology 2016, 76, 19-30.
[5]     Chen, T. Y.; Kuo, F. C.; Merkel, R. G.; Tse, T. H. “Adaptive Random Testing: The Art of Test Case Diversity”; J. Systems and Software 2010, 83, 60-66.
[6]     Barus, A. C.; Chen, T. Y.; Kuo, F. C.; Liu, H.; Merkel, R.; Rothermel, G. “A Cost-Effective Random Testing Method for Programs with Non-Numeric Inputs”; IEEE Trans. Computers 2016, 99, 1-4.
[7]     Liu, B.; Shi, L.; Cai, Z.; Li, M. “Software Vulnerability Discovery Techniques: A Survey”; Fourth International Conference on Multimedia Information Networking and Security 2012, 152-156.
[8]     Nouman, M.; Pervez, U.; Hasan, O.; Saghar, K. “Software Testing: A Survey and Tutorial on White and Black-Box Testing of C/C++ Programs”; Region 10 Symposium IEEE 2016, 225-230.
[9]     McNally, R.; Yiu, K.; Grove, D.; Gerhardy, D. “Fuzzing: The State of the Art”; Defense Science and Technology Organization Edinburgh (Australia), 2012.
[10]  Mouzarani, M.; Sadeghiyan, B.; Zolfaghari, M. “A Smart Fuzzing Method for Detecting Stack-based Buffer Overflow in Binary Codes”; IET Software 2016, 10, 96-107.
[11]  Chen, T.; Zhang, X. S.; Guo, S. Z.; Li, H. Y.; Wu, Y. “State of the Art: Dynamic Symbolic Execution for Automated Test Generation”; Future Generation Computer Systems 2013, 29, 1758-1773.
[12]  Mouzarani, M.; Sadeghiyan, B.; Zolfaghari, M. “A Smart Fuzzing Method for Detecting Heap-Based Buffer Overflow in Executable Codes”; IEEE 21st Pacific Rim Int. Symposium Dependable Computing 2015, 42-49.
[13]  Fangquan, D.; Chaoqun, D.; Yao, Z.; Teng, L. “Binary-Oriented Hybrid Fuzz Testing”; I6th IEEE Int. Conf. Software Engineering and Service Science 2015, 345-348,.
[14]  Pham, V. T.; Ng, W. B.; Rubinov, K.; Roychoudhury, A. “Hercules: Reproducing Crashes in Real-World Application Binaries”; 37th Int. Conf. Software Eng. 2015, 891-901.
[15]  Khatun, S.; Rabbi, K. F.; Yaakub, C. Y.; Klaib, M. J. “A Random Search Based Effective Algorithm for Pairwise Test Data Generation”; Int. Conf. Electrical, Control and Computer Engineering 2011, 293-297.
[16]  Huang, R.; Xie, X.; Chen, T. Y.; Lu, Y. “Adaptive Random Test Case Generation for Combinatorial Testing”; IEEE 36th Annual Computer Software and Applications Conference 2012, 52-61.
[17]  Chen, T. Y.; Kuo, F. C.; Merkel, R. G.; Ng, S .P. “Mirror Adaptive Random Testing”; In Information and Software Technology 2004, 46, 1001-1010.
[18]  Huang, R.; Liu, H.; Xie, X. “Enhancing Mirror Adaptive Random Testing Through Dynamic Partitioning”; Information and Software Technology 2015, 67, 13-29.
[19]  Shuai, B.; Li, M.; Li, H.; Zhang, Q. “Test Case Generation for Vulnerability Detection Using Genetic Algorithm”; 4rd Int. Conf. Consumer Electronics, Communications and Networks 2015, 1198-1203.
[20]  Shuai, B.; Li, M.; Li, H.; Zhang, Q. “Software Vulnerability Detection Using Genetic Algorithm and Dynamic Taint Analysis”; 3rd Int. Conf. Consumer Electronics, Communications and Networks 2013, 589-593.
 [21]  Shuai, B.; Li, H.; Zhang, L.; Zhang, Q. “Software Vulnerability Detection Based on Code Coverage and Test Cost”; 11th Int. Conf. Comput. Intelligence and Security 2015, 317-321.
[22]  Yi, M. “The Research of Path-Oriented Test Data Generation Based on a Mixed Ant Colony System Algorithm and Genetic algorithm”; 8th Int. Conf. Wireless Communications, Networking and Mobile Computing 2012, 1-4.
[23]  Aleti, A.; Grunske, L. “Test Data Generation with a Kalman Filter-Based Adaptive Genetic Algorithm”; J. Systems and Software 2015, 103, 343-352.
 [24]  Mann, M.; Sangwan, O. P.; Singh, S. “Automatic Goal-Oriented Test Data Generation Using a Genetic Algorithm and Simulated Annealing”; 6th Int. Conf. Cloud System and Big Data Engineering 2016, 83-87.
[25]  Kun, W.; Yichen, W. “Software Test Case Generation Based on the Fault Propagation Path Coverage”; Annual Reliability and Maintainability Symposium 2016, 1-4.
  • Receive Date: 24 June 2018
  • Revise Date: 12 December 2018
  • Accept Date: 13 February 2019
  • Publish Date: 23 September 2019