TY - JOUR
AU - 
AB - IEICE TRANS. INF. & SYST., VOL.E94–D, NO.5 MAY 2011 PAPER A State-Aware Protocol Fuzzer Based on Application-Layer Protocols †a) † † ,†† Takahisa KITAGAWA , Miyuki HANAOKA , Nonmembers, and Kenji KONO , Member SUMMARY In the face of constant malicious attacks to network- that cannot survive fuzzing have a high probability of secu- connected software systems, software vulnerabilities need to be discov- rity holes. Fuzzing is known to be a quick and cost-effective ered early in the development phase. In this paper, we present AspFuzz, a approach to finding security flaws; according to the “Month state-aware protocol fuzzer based on the specifications of application-layer of Browser Bugs” project, a new vulnerability was discov- protocols. AspFuzz automatically generates anomalous messages that ex- ered each day of July 2006 [2] by use of fuzzing. ploit possible vulnerabilities. The key observation behind AspFuzz is that most attack messages violate the strict specifications of application-layer To apply fuzzing to networked software, network mes- protocols. For example, they do not conform to the rigid format or syntax sages must be created carefully because random inputs may required of each message. In addition, some attack messages ignore the not conform to the specifications of 
TI - A State-Aware Protocol Fuzzer Based on Application-Layer Protocols
JF - IEICE Transactions on Information and Systems
DO - 10.1587/transinf.e94.d.1008
DA - 2011-01-01
UR - https://www.deepdyve.com/lp/unpaywall/a-state-aware-protocol-fuzzer-based-on-application-layer-protocols-m2ARE0iSfW
DP - DeepDyve
ER -