Zhenhua Yu¹, Zhengqi Liu¹, Xuya Cong^1,*, Xiaobo Li², Li Yin³

CMC-Computers, Materials & Continua, Vol.78, No.1, pp. 1-29, 2024, DOI:10.32604/cmc.2023.042361

Abstract As one of the most effective techniques for finding software vulnerabilities, fuzzing has become a hot topic in software security. It feeds potentially syntactically or semantically malformed test data to a target program to mine vulnerabilities and crash the system. In recent years, considerable efforts have been dedicated by researchers and practitioners towards improving fuzzing, so there are more and more methods and forms, which make it difficult to have a comprehensive understanding of the technique. This paper conducts a thorough survey of fuzzing, focusing on its general process, classification, common application scenarios, and some state-of-the-art techniques that have been… More >

Jihyeon Yu¹, Juhwan Kim¹, Youngwoo Lee¹, Fayozbek Rustamov², Joobeom Yun^1,*

CMC-Computers, Materials & Continua, Vol.75, No.2, pp. 3291-3315, 2023, DOI:10.32604/cmc.2023.035835

Abstract Internet of things (IoT) devices are being increasingly used in numerous areas. However, the low priority on security and various IoT types have made these devices vulnerable to attacks. To prevent this, recent studies have analyzed firmware in an emulation environment that does not require actual devices and is efficient for repeated experiments. However, these studies focused only on major firmware architectures and rarely considered exotic firmware. In addition, because of the diversity of firmware, the emulation success rate is not high in terms of large-scale analyses. In this study, we propose the adaptive emulation framework for multi-architecture (AEMA). In… More >

Pengzhi Xu^1,2, Zetian Mai^1,2, Yuhao Lin¹, Zhen Guo^1,2,*, Victor S. Sheng³

Journal of Information Hiding and Privacy Protection, Vol.3, No.4, pp. 165-179, 2021, DOI:10.32604/jihpp.2021.027280

Abstract With the increase of software complexity, the security threats faced by the software are also increasing day by day. So people pay more and more attention to the mining of software vulnerabilities. Although source code has rich semantics and strong comprehensibility, source code vulnerability mining has been widely used and has achieved significant development. However, due to the protection of commercial interests and intellectual property rights, it is difficult to obtain source code. Therefore, the research on the vulnerability mining technology of binary code has strong practical value. Based on the investigation of related technologies, this article firstly introduces the… More >

Abdullah Alabdulatif¹, Syed Sajjad Hussain Rizvi^2,*

Intelligent Automation & Soft Computing, Vol.32, No.2, pp. 827-840, 2022, DOI:10.32604/iasc.2022.021879

Abstract Network intrusion detection is the pressing need of every communication network. Many network intrusion detection systems (NIDS) have been proposed in the literature to cater to this need. In recent literature, plug-and-play NIDS, Kitsune, was proposed in 2018 and greatly appreciated in the literature. The Kitsune datasets were divided into 70% training set and 30% testing set for machine learning algorithms. Our previous study referred that the variants of the Tree algorithms such as Simple Tree, Medium Tree, Coarse Tree, RUS Boosted, and Bagged Tree have reported similar effectiveness but with slight variation inefficiency. To further extend this investigation, we… More >

Chunlai Du¹, Tong Jin¹, Yanhui Guo^2,*, Binghao Jia¹, Bin Li³

CMC-Computers, Materials & Continua, Vol.69, No.3, pp. 3845-3855, 2021, DOI:10.32604/cmc.2021.017697

Abstract While the size and complexity of software are rapidly increasing, not only is the number of vulnerabilities increasing, but their forms are diversifying. Vulnerability has become an important factor in network attack and defense. Therefore, automatic vulnerability discovery has become critical to ensure software security. Fuzzing is one of the most important methods of vulnerability discovery. It is based on the initial input, i.e., a seed, to generate mutated test cases as new inputs of a tested program in the next execution loop. By monitoring the path coverage, fuzzing can choose high-value test cases for inclusion in the new seed… More >

Ming Wan¹, Shiyan Zhang¹, Yan Song², Jiangyuan Yao^3,*, Hao Luo¹, Xingcan Cao⁴

Intelligent Automation & Soft Computing, Vol.28, No.3, pp. 857-871, 2021, DOI:10.32604/iasc.2021.017214

Abstract Due to the lack of security consideration in the original design of industrial communication protocols, industrial fuzzing test which can successfully exploit various potential security vulnerabilities has become one new research hotspot. However, one critical issue is how to improve its testing efficiency. From this point of view, this paper proposes a novel fuzzing test case optimization approach based on improved genetic algorithm for industrial communication protocols. Moreover, a new individual selection strategy is designed as the selection operator in this genetic algorithm, which can be actively engaged in the fuzzing test case optimization process. In this individual selection strategy,… More >

Xiaoyi Li, Xiaojun Pan, Yanbin Sun^*

Journal on Artificial Intelligence, Vol.3, No.1, pp. 21-31, 2021, DOI:10.32604/jai.2021.017328

Abstract The rise of the Internet of Things (IoT) exposes more and more important embedded devices to the network, which poses a serious threat to people’s lives and property. Therefore, ensuring the safety of embedded devices is a very important task. Fuzzing is currently the most effective technique for discovering vulnerabilities. In this work, we proposed PS-Fuzz (Protocol State Fuzz), a gray-box fuzzing technique based on protocol state orientation. By instrumenting the program that handles protocol fields in the firmware, the problem of lack of guidance information in common protocol fuzzing is solved. By recording and comparing state transition paths, the… More >

Zaoyu Wei^1,*, Jiaqi Wang², Xueqi Shen¹, Qun Luo¹

Journal of Information Hiding and Privacy Protection, Vol.2, No.1, pp. 35-45, 2020, DOI:10.32604/jihpp.2020.010331

Abstract Smart contract has greatly improved the services and capabilities of blockchain, but it has become the weakest link of blockchain security because of its code nature. Therefore, efficient vulnerability detection of smart contract is the key to ensure the security of blockchain system. Oriented to Ethereum smart contract, the study solves the problems of redundant input and low coverage in the smart contract fuzz. In this paper, a taint analysis method based on EVM is proposed to reduce the invalid input, a dangerous operation database is designed to identify the dangerous input, and genetic algorithm is used to optimize the… More >

Zaoyu Wei^{1, *}, Jiaqi Wang², Xueqi Shen¹, Qun Luo¹

Journal of Quantum Computing, Vol.2, No.1, pp. 11-24, 2020, DOI:10.32604/jqc.2020.010815

Abstract Smart contract has greatly improved the services and capabilities of blockchain, but it has become the weakest link of blockchain security because of its code nature. Therefore, efficient vulnerability detection of smart contract is the key to ensure the security of blockchain system. Oriented to Ethereum smart contract, the study solves the problems of redundant input and low coverage in the smart contract fuzz. In this paper, a taint analysis method based on EVM is proposed to reduce the invalid input, a dangerous operation database is designed to identify the dangerous input, and genetic algorithm is used to optimize the… More >