May 16, 2017: Folmer Heikamp: Guided Fuzzing of Network Applications Using a Genetic Algorithm

May 16, 2017Guided Fuzzing of Network Applications Using a Genetic Algorithm
Room: Hal B 2BFolmer Heikamp
12:30-13:30

Fuzzing is used for automated testing. A fuzzer usually sends random or semi-random data to a target in order to find vulnerabilities.
There is however no guarantee that a fuzzer will find all vulnerabilities. There is also no guarantee that the fuzzer has a good code coverage.
In this research a fuzzer is extended with a genetic algorithm, to see if it can be used to improve the performance.
The fitness of testcases is based on metrics which have to do with code coverage e.g. new code is executed.
If the results for guided fuzzing seem promising, experiments will be done in order to find (sub)-optimal parameter settings.
In this presentation I will talk about the limitations of fuzzing, how these limitations can be overcome, my approach, the preliminary results and future work.