发明名称 |
FEEDBACK-GUIDED FUZZ TESTING FOR LEARNING INPUTS OF COMA |
摘要 |
Embodiments of the present invention combine static analysis, source code instrumentation and feedback-guided fuzz testing to automatically detect resource exhaustion denial of service attacks in software and generate inputs of coma for vulnerable code segments. The static analysis of the code highlights portions that are potentially vulnerable, such as loops and recursions whose exit conditions are dependent on user input. The code segments are dynamically instrumented to provide a feedback value at the end of each execution. Evolutionary techniques are then employed to search among the possible inputs to find inputs that maximize the feedback score.
|
申请公布号 |
US2010058475(A1) |
申请公布日期 |
2010.03.04 |
申请号 |
US20090397041 |
申请日期 |
2009.03.03 |
申请人 |
NEC LABORATORIES AMERICA, INC. |
发明人 |
THUMMALAPENTA SURESH;JIANG GUOFEI;SANKARANARAYANAN SRIRAM;IVANCIC FRANJO |
分类号 |
G06F15/18;G06F11/00 |
主分类号 |
G06F15/18 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|