CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 13184 > Article
Paper
5 July 2024 A fuzz testing technique based on determining valid fields
Shichao Zhang, Minwei Peng, Yaobin Xie
Author Affiliations +
Proceedings Volume 13184, Third International Conference on Electronic Information Engineering and Data Processing (EIEDP 2024); 131844Z (2024) https://doi.org/10.1117/12.3032899
Event: 3rd International Conference on Electronic Information Engineering and Data Processing (EIEDP 2024), 2024, Kuala Lumpur, Malaysia
Abstract
In the context of vulnerability discovery in Internet of Things (IoT) devices, fuzzing technology has demonstrated better performance. However, under typical circumstances, fuzzing generates test cases by capturing traffic packets exchanged between the front-end and back-end of IoT devices, which tends to overlook the significance of the back-end component. Furthermore, it often engages in blind seed mutation among numerous keywords, thereby producing a large number of ineffective test cases that ultimately decrease the efficiency of fuzz testing. This paper introduces VKFuzz, a fuzz testing tool based on determining effective fields. VKFuzz utilizes reverse engineering techniques to identify these effective fields and, in a forward approach, gathers constraint information about the relationships between the identified key field and other fields. This process ensures the generation of high-quality test cases. To evaluate the efficiency of VKFuzz in detecting vulnerabilities, we tested the tool using firmware from two different manufacturers, consisting of four distinct firmware versions. In comparison to Boofuzz, VKFuzz detected 11 more genuine vulnerabilities, and compared to FirmHunter, it uncovered 2 additional real vulnerabilities. Moreover, under equivalent detection rates, VKFuzz reduced average time consumption by 30.60% as compared to FirmHunter.
(2024) Published by SPIE. Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Shichao Zhang, Minwei Peng, and Yaobin Xie "A fuzz testing technique based on determining valid fields", Proc. SPIE 13184, Third International Conference on Electronic Information Engineering and Data Processing (EIEDP 2024), 131844Z (5 July 2024); https://doi.org/10.1117/12.3032899
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 6 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Internet of things
Binary data
Analytical research
Hazard analysis
Information security
Manufacturing
Semantics
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top