• Dec 26, 2017 News!Vol. 4, No. 1-No.3 has been indexed by EI (Inspec).   [Click]
  • Dec 26, 2017 News!Vol. 3, No. 4 has been indexed by EI (Inspec).   [Click]
  • Dec 25, 2017 News!Welcome to 2018 7th International Conference on Software and Computing Technologies (ICSCT 2018), which will be held in Kuala Lumpur during April 7-9, 2018.   [Click]
General Information
    • ISSN: 2301-3559
    • Frequency: Quarterly
    • DOI: 10.18178/LNSE
    • Editor-in-Chief: Prof. Jemal Antidze
    • Executive Editor: Ms. Nina Lee
    • Abstracting/ Indexing: EI (INSPEC, IET), Electronic Journals Library,  Ulrich's Periodicals Directory, International Computer Science Digital Library (ICSDL), ProQuest and Google Scholar.
    • E-mail: lnse@ejournal.net
Prof. Jemal Antidze
I. Vekua Scientific Institute of Applied Mathematics
Tbilisi State University, Georgia
I'm happy to take on the position of editor in chief of LNSE. We encourage authors to submit papers concerning any branch of Software Engineering.

LNSE 2016 Vol.4(2): 116-122 ISSN: 2301-3559
DOI: 10.7763/LNSE.2016.V4.235

A Region-Sensitive Fuzzing Test Based on Multi-Objective Programming

Yongji Ouyang, Shuai Zeng, Yan Cao, and Qingxian Wang
Abstract—Fuzzing is an important technique for discovering vulnerabilities, unfortunately, it also offers fairly shallow coverage. To address these problems, this paper presents a region-sensitive fuzzing test based on multi-objective programming. Firstly, we perform region division on the test inputs through fine-grained taint analysis and offering mutated objects. Secondly, by combining the features of vulnerabilities, the attributes of functions and instructions were depicted for computing values of input regions’ attributes. Finally, this paper uses a multi-objective programming model to compute and rank the risk levels of these attributes, and the optimal one will be chosen to perform mutation. Experimental results show that the proposed approach can assist fuzzing test in choosing a more effective input region to perform mutation, the average priority-ranking ratio of input regions that trigger vulnerabilities is up to 8.82%. In addition, invalid inputs are controlled within 12% and, and 74 vulnerabilities are found in real software.

Index Terms—Software vulnerability, fuzzing, multi-objective programming, region-sensitive.

Yongji Ouyang, Yan Cao, and Qingxian Wang are with the State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, China (e-mail: oyyj07@gmail.com, caoyang_2@163.com, wqx2008@vip.sina.com).
Shuai Zeng is with the State Key Laboratory of Management and Control for Complex System, Institute of Automation, Chinese Academy of Sciences, China (e-mail: shuai.zeng@ia.ac.cn).


Cite: Yongji Ouyang, Shuai Zeng, Yan Cao, and Qingxian Wang, "A Region-Sensitive Fuzzing Test Based on Multi-Objective Programming," Lecture Notes on Software Engineering vol. 4, no. 2, pp. 116-122, 2016.

Copyright © 2008-2015. Lecture Notes on Software Engineering. All rights reserved.
E-mail: lnse@ejournal.net