Leveraging Textual Specifications for Grammar-Based Fuzzing of Network Protocols | CU Experts

Overview

abstract

Grammar-based fuzzing is a technique used to find software vulnerabilities by injecting well-formed inputs generated following rules that encode application semantics. Most grammar-based fuzzers for network protocols rely on human experts to manually specify these rules. In this work we study automated learning of protocol rules from textual specifications (i.e. RFCs). We evaluate the automatically extracted protocol rules by applying them to a state-of-the-art fuzzer for transport protocols and show that it leads to a smaller number of test cases while finding the same attacks as the system that uses manually specified rules.

CU Boulder Authors

Pacheco Gonzalez, Maria

publication date

July 17, 2019

has restriction

bronze

Date in CU Experts

January 30, 2024 9:06 AM

Full Author List

Jero S; Pacheco ML; Goldwasser D; Nita-Rotaru C

author count

4

published in

Proceedings of the ... AAAI Conference on Artificial Intelligence. AAAI Conference on Artificial Intelligence Journal

Other Profiles

International Standard Serial Number (ISSN)

2159-5399

Electronic International Standard Serial Number (EISSN)

2374-3468

Digital Object Identifier (DOI)

https://doi.org/10.1609/aaai.v33i01.33019478

Additional Document Info

start page

9478

end page

9483

volume

33

issue

01

VIVO

Leveraging Textual Specifications for Grammar-Based Fuzzing of Network Protocols Conference Proceeding

Overview

abstract

CU Boulder Authors

publication date

has restriction

Date in CU Experts

Full Author List

author count

published in

Other Profiles

International Standard Serial Number (ISSN)

Electronic International Standard Serial Number (EISSN)

Digital Object Identifier (DOI)

Additional Document Info

start page

end page

volume

issue