You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

63 lines
6.6 KiB

@book{takanen2018fuzzing,
title={Fuzzing for software security testing and quality assurance},
author={Takanen, Ari and Demott, Jared D and Miller, Charles and Kettunen, Atte},
year={2018},
publisher={Artech House}
}
@misc{anon2021a,
title = "CWE Top 25 Most Dangerous Software Weaknesses",
year = "2021",
howpublished = "\url{https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html}",
month = "July~" # "26--26"
}
@article{Chakkaravarthy2019,
title = "A Survey on malware analysis and mitigation techniques",
ISSN = "1574-0137",
DOI = "https://doi.org/10.1016/j.cosrev.2019.01.002",
volume = "32",
year = "2019",
URL = "https://www.sciencedirect.com/science/article/pii/S1574013718301114",
journal = "Computer Science Review",
pages = "1--23",
author = "Chakkaravarthy, Sibi S. and Sangeetha, D. and Vaidehi, V.",
abstract = "In recent days, malwares are advanced, sophisticatedly engineered to attack the target. Most of such advanced malwares are highly persistent and capable of escaping from the security systems. This paper explores such an advanced malware type called Advanced Persistent Threats (APTs). APTs pave the way for most of the Cyber espionages and sabotages. APTs are highly sophisticated, target specific and operate in a stealthy mode till the target is compromised. The intention of the APTs is to deploy target specific automated malwares in a host or network to initiate an on-demand attack based on continuous monitoring. Encrypted covert communication and advanced, sophisticated attack techniques make the identification of APTs more challenging. Conventional security systems like antivirus, anti-malware systems which depend on signatures and static analysis fail to identify these APTs. The Advanced Evasive Techniques (AET) used in APTs are capable of bypassing the stateful firewalls housed in the enterprise choke points at ease. Hence, this paper presents a detailed study on sophisticated attack and evasion techniques used by the contemporary malwares. Furthermore, existing malware analysis techniques, application hardening techniques and CPU assisted application security schemes are also discussed. Finally, the study concludes by presenting the System and Network Security Design (SNSD) using existing mitigation techniques.",
file = "Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing-Paper:http://blackhole.federationhq.de/wikindxindex.php?action=attachments{\_}ATTACHMENTS{\_}CORE{\&}method=downloadAttachment{\&}id=20{\&}resourceId=50{\&}filename=9cee10ce7e8e33e77915ff2ce4d88d13a3505d8e:pdf",
keywords = "Evasion,Malware,Malware analysis,Packers,Sandboxes,Advanced persistent threats"
}
@inproceedings{Chen2018,
title = "IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing.",
year = "2018",
booktitle = "NDSS",
author = "Chen, Jiongyi and Diao, Wenrui and Zhao, Qingchuan and Zuo, Chaoshun and Lin, Zhiqiang and Wang, XiaoFeng and Lau, Wing Cheong and Sun, Menghan and Yang, Ronghai and Zhang, Kehuan",
file = "Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing-Paper:http://blackhole.federationhq.de/wikindxindex.php?action=attachments{\_}ATTACHMENTS{\_}CORE{\&}method=downloadAttachment{\&}id=18{\&}resourceId=48{\&}filename=1961c82250cf02079c34d3f4b990ae8f81c06e15:pdf"
}
@article{Chen2018a,
title = "A systematic review of fuzzing techniques",
ISSN = "0167-4048",
DOI = "https://doi.org/10.1016/j.cose.2018.02.002",
volume = "75",
year = "2018",
URL = "https://www.sciencedirect.com/science/article/pii/S0167404818300658",
journal = "Computers \& Security",
pages = "118--137",
author = "Chen, Chen and Cui, Baojiang and Ma, Jinxin and Wu, Runpu and Guo, Jianchao and Liu, Wenqian",
abstract = "Fuzzing is an effective and widely used technique for finding security bugs and vulnerabilities in software. It inputs irregular test data into a target program to try to trigger a vulnerable condition in the program execution. Since the first random fuzzing system was constructed, fuzzing efficiency has been greatly improved by combination with several useful techniques, including dynamic symbolic execution, coverage guide, grammar representation, scheduling algorithms, dynamic taint analysis, static analysis and machine learning. In this paper, we will systematically review these techniques and their corresponding representative fuzzing systems. By introducing the principles, advantages and disadvantages of these techniques, we hope to provide researchers with a systematic and deeper understanding of fuzzing techniques and provide some references for this field.",
file = "Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing-Paper:http://blackhole.federationhq.de/wikindxindex.php?action=attachments{\_}ATTACHMENTS{\_}CORE{\&}method=downloadAttachment{\&}id=21{\&}resourceId=51{\&}filename=1e4bcbbd1b2d3bd2399aa403bd3852e89f4fa4c6:pdf",
keywords = "Software bug,Vulnerability,Fuzzing,Dynamic symbolic execution,Coverage guide,Grammar representation,Scheduling algorithms,Taint analysis,Static analysis"
}
@inproceedings{Liu2008,
title = "Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing",
DOI = "10.1109/ICCIT.2008.9",
volume = "2",
year = "2008",
booktitle = "2008 Third International Conference on Convergence and Hybrid Information Technology",
pages = "491--497",
author = "Liu, Guang-Hong and Wu, Gang and Tao, Zheng and Shuai, Jian-Mei and Tang, Zhuo-Chun",
abstract = "Fuzzing was successfully used to discover security bugs in popular programs, though released without source code. It becomes a major tool in security analysis, but needs large input space, ineffective. This paper presents a new method for the identification of vulnerabilities in executable program called GAFuzzing (genetic algorithm fuzzing), which combines static and dynamic analysis to extend random fuzzing. First, it uses static analysis to obtain the structural behavior, interface and interest region of code, then formally describes test requirement. Second, it uses genetic algorithm to intelligently direct test data generation and improve the testing objective. Unlike many software testing tools, our implementation analyzes the executables without source code directly. Our evaluation shows that GAFuzzing is superior to random fuzzing for vulnerability analysis.",
file = "Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing-Paper:http://blackhole.federationhq.de/wikindxindex.php?action=attachments{\_}ATTACHMENTS{\_}CORE{\&}method=downloadAttachment{\&}id=22{\&}resourceId=52{\&}filename=829890f42cec5f99ac65a9634a1924f7aade9e74:pdf"
}