• Aug 25, 2016 News!Vol.4, No.3 has been published with online version. 15 peer reviewed articles from 3 specific areas are published in this issue.   [Click]
  • May 03, 2016 News!Vol. 3, No. 3 has been indexed by EI (Inspec).   [Click]
  • May 03, 2016 News!Vol. 3, No. 2 has been indexed by EI (Inspec).   [Click]
General Information
    • ISSN: 2301-3559
    • Frequency: Quarterly
    • DOI: 10.18178/LNSE
    • Editor-in-Chief: Prof. Jemal Antidze
    • Executive Editor: Ms. Nina Lee
    • Abstracting/ Indexing: EI (INSPEC, IET), DOAJ, Electronic Journals Library, Engineering & Technology Digital Library, Ulrich's Periodicals Directory, International Computer Science Digital Library (ICSDL), ProQuest and Google Scholar.
    • E-mail: lnse@ejournal.net
Editor-in-chief
Prof. Jemal Antidze
I. Vekua Scientific Institute of Applied Mathematics
Tbilisi State University, Georgia
I'm happy to take on the position of editor in chief of LNSE. We encourage authors to submit papers concerning any branch of Software Engineering.

LNSE 2016 Vol.4(2): 116-122 ISSN: 2301-3559
DOI: 10.7763/LNSE.2016.V4.235

A Region-Sensitive Fuzzing Test Based on Multi-Objective Programming

Yongji Ouyang, Shuai Zeng, Yan Cao, and Qingxian Wang
Abstract—Fuzzing is an important technique for discovering vulnerabilities, unfortunately, it also offers fairly shallow coverage. To address these problems, this paper presents a region-sensitive fuzzing test based on multi-objective programming. Firstly, we perform region division on the test inputs through fine-grained taint analysis and offering mutated objects. Secondly, by combining the features of vulnerabilities, the attributes of functions and instructions were depicted for computing values of input regions’ attributes. Finally, this paper uses a multi-objective programming model to compute and rank the risk levels of these attributes, and the optimal one will be chosen to perform mutation. Experimental results show that the proposed approach can assist fuzzing test in choosing a more effective input region to perform mutation, the average priority-ranking ratio of input regions that trigger vulnerabilities is up to 8.82%. In addition, invalid inputs are controlled within 12% and, and 74 vulnerabilities are found in real software.

Index Terms—Software vulnerability, fuzzing, multi-objective programming, region-sensitive.

Yongji Ouyang, Yan Cao, and Qingxian Wang are with the State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, China (e-mail: oyyj07@gmail.com, caoyang_2@163.com, wqx2008@vip.sina.com).
Shuai Zeng is with the State Key Laboratory of Management and Control for Complex System, Institute of Automation, Chinese Academy of Sciences, China (e-mail: shuai.zeng@ia.ac.cn).

[PDF]

Cite: Yongji Ouyang, Shuai Zeng, Yan Cao, and Qingxian Wang, "A Region-Sensitive Fuzzing Test Based on Multi-Objective Programming," Lecture Notes on Software Engineering vol. 4, no. 2, pp. 116-122, 2016.

Copyright © 2008-2015. Lecture Notes on Software Engineering. All rights reserved.
E-mail: lnse@ejournal.net