Search Results (95)

Modern web services widely provide RESTful APIs for clients to access their functionality programmatically. Fuzzing is an emerging technique for ensuring the reliability of RESTful APIs. However, the existing RESTful API fuzzers repeatedly generate invalid requests due to unawareness of errors in the invalid tested requests and lack of effective strategy to generate legal value for the incorrect parameters. Such limitations severely hinder the fuzzing performance. In this paper, we propose DynER, a new test case generation method guided by dynamic error responses during fuzzing. DynER designs two strategies of parameter value generation for purposefully revising the incorrect parameters of invalid tested requests to generate new test requests. The strategies are, respectively, based on prompting Large Language Model (LLM) to understand the semantics information in error responses and actively accessing API-related resources. We apply DynER to the state-of-the-art fuzzer RESTler and implement DynER-RESTler. DynER-RESTler outperforms foREST on two real-world RESTful services, WordPress and GitLab with a 41.21% and 26.33% higher average pass rate for test requests and a 12.50% and 22.80% higher average number of unique request types successfully tested, respectively. The experimental results demonstrate that DynER significantly improves the effectiveness of test cases and fuzzing performance. Additionally, DynER-RESTler finds three new bugs. Full article

Fuzz testing technology is an important approach to detecting SQL injection vulnerabilities. Among them, coverage-guided gray-box fuzz testing technology is the current research focus, and has been proved to be an effective method. However, for SQL injection vulnerability, coverage-guided gray-box fuzz testing as a detection method has the problems of low efficiency and high false positives. In order to solve the above problems, we propose a potentially vulnerable code-guided gray-box fuzz testing technology. Firstly, taint analysis technology is used to locate all the taint propagation paths containing potential vulnerabilities as potentially vulnerable codes. Then, the source code of the application program is instrumented according to the location of the potentially vulnerable code. Finally, the feedback of seeds during the run is used to guide seed selection and seed mutation, and a large number of test cases are generated. Based on the above techniques, we implement the sqlFuzz prototype system, and use this system to analyze eight modern PHP applications. The experimental results show that sqlFuzz can not only detect more SQL injection vulnerabilities than the existing coverage-guided gray box fuzz testing technology, but also significantly improve the efficiency, in terms of time efficiency increased by 80 percent. Full article

Coverage feedback is one of the key mechanisms for improving the effectiveness of fuzzers by measuring and comparing the executed code regions while processing input data. In general, such guidance should always improve the performance of fuzzers to better find unexplored code regions. However, proprietary systems with uncommon I/O interfaces (e.g., UAV system, IoT devices, satellite firmware) require extensive engineering/porting efforts to apply coverage feedback support in developing their fuzzing platform. In this paper, we evaluate the detailed efficacy of coverage feedback in fuzzing based on 44 real-world bugs we found using OSS-Fuzz. Our analysis uncovered when and how code coverage information can be helpful, and our experiment demonstrates that although coverage guidance is always helpful to some extent, its effectiveness depends on various external factors. Therefore, such factors should be carefully considered for optimizing the cost and efficiency in designing the fuzzing architecture of proprietary systems. Full article

Network protocol implementations, as integral components of information communication, are critically important for security. Due to its efficiency and automation, fuzzing has become a popular method for protocol security detection. However, the existing protocol-fuzzing techniques face the critical problem of generating high-quality inputs. To address the problem, in this paper, we propose MSFuzz, which is a protocol-fuzzing method with message syntax comprehension. The core observation of MSFuzz is that the source code of protocol implementations contains detailed and comprehensive knowledge of the message syntax. Specifically, we leveraged the code-understanding capabilities of large language models to extract the message syntax from the source code and construct message syntax trees. Then, using these syntax trees, we expanded the initial seed corpus and designed a novel syntax-aware mutation strategy to guide the fuzzing. To evaluate the performance of MSFuzz, we compared it with the state-of-the-art (SOTA) protocol fuzzers, namely, AFLNET and CHATAFL. Experimental results showed that compared with AFLNET and CHATAFL, MSFuzz achieved average improvements of 22.53% and 10.04% in the number of states, 60.62% and 19.52% improvements in the number of state transitions, and 29.30% and 23.13% improvements in branch coverage. Additionally, MSFuzz discovered more vulnerabilities than the SOTA fuzzers. Full article

Landraces are an important reservoir of genetic variation that can expand the narrow genetic base of cultivated cotton. In this study, quantitative trait loci (QTL) analysis was conducted using an F₂ population developed from crosses between the landrace Hopi and inbred TM-1. A high-density genetic map spanning 2253.11 and 1932.21 cM for the A and D sub-genomes, respectively, with an average marker interval of 1.14 cM, was generated using the CottonSNP63K array. The linkage map showed a strong co-linearity with the physical map of cotton. A total of 21 QTLs were identified, controlling plant height (1), bract type (1), boll number (1), stem color (2), boll pitting (2), fuzz fiber development (2), boll shape (3), boll point (4), and boll glanding (5). In silico analysis of the novel QTLs for boll glanding identified a total of 13 candidate genes. Analysis of tissue-specific expression of the candidate genes suggests roles for the transcription factors bHLH1, MYB2, and ZF1 in gland formation. Comparative sequencing of open reading frames identified early stop codons in all three transcription factors in Hopi. Functional validation of these genes offers avenues to reduce glanding and, consequently, lower gossypol levels in cottonseeds without compromising the defense mechanisms of the plant against biotic stresses. Full article

Rigorous testing methods are essential for ensuring the security and reliability of industrial controller software. Fuzzing, a technique that automatically discovers software bugs, has also proven effective in finding software vulnerabilities. Unsurprisingly, fuzzing has been applied to a wide range of platforms, including programmable logic controllers (PLCs). However, current approaches, such as coverage-guided evolutionary fuzzing implemented in the popular fuzzer American Fuzzy Lop Plus Plus (AFL++), are often inadequate for finding logical errors and bugs in PLC control logic applications. They primarily target generic programming languages like C/C++, Java, and Python, and do not consider the unique characteristics and behaviors of PLCs, which are often programmed using specialized programming languages like Structured Text (ST). Furthermore, these fuzzers are ill suited to deal with complex input structures encapsulated in ST, as they are not specifically designed to generate appropriate input sequences. This renders the application of traditional fuzzing techniques less efficient on these platforms. To address this issue, this paper presents a fuzzing framework designed explicitly for PLC software to discover logic bugs in applications written in ST specified by the IEC 61131-3 standard. The proposed framework incorporates a custom-tailored PLC runtime and a fuzzer designed for the purpose. We demonstrate its effectiveness by fuzzing a collection of ST programs that were crafted for evaluation purposes. We compare the performance against a popular fuzzer, namely, AFL++. The proposed fuzzing framework demonstrated its capabilities in our experiments, successfully detecting logic bugs in the tested PLC control logic applications written in ST. On average, it was at least 83 times faster than AFL++, and in certain cases, for example, it was more than 23,000 times faster. Full article

As the directed greybox fuzzing (DGF) technique advances, it is being extensively utilized in various fields such as defect reproduction, patch testing, and vulnerability identification. Nevertheless, current DGFs waste a significant amount of resources due to their simplistic distance definitions and overly straightforward energy distribution for the seeds. To address these issues, a dynamic distance-weighting-based distance estimation strategy is proposed first, which facilitates strategies for seed distribution that take energy into consideration. Second, to overcome the limitations of current seed energy distribution strategies, the gray wolf optimizer (GWO) is improved by integrating four strategies, leading to the development of the improved gray wolf optimizer (IGWO). Lastly, an adaptive search algorithm is proposed, and the WolfFuzz prototype tool is implemented. In vulnerability recurrence scenarios, WolfFuzz is 3.2× faster on average compared with the baseline and reproduces 76.4% of existing bugs faster. WolfFuzz also discovers nine different types of bugs in seven real-world programs. Full article

Effective and optimal decision-making can enhance system performance, potentially leading to a positive reputation and financial gains. Multi-criteria decision-making (MCDM) is an important research topic widely applied to practical decision-making problems. Using the basic idea of symmetry to balance the arrangement where elements or features have an equality or similarity in distribution, MCDM provides robust decisions in such multi-dimensional complex issues. This study proposes MultiFuzzTOPS, a decision-making model to deal with complexity of multi-criteria decision-making. The proposed MultiFuzzTOPS leverages the fuzzy logic and soft sets such as type-2 soft sets (T2SS) and technique for order preference by similarity to ideal solution (TOPSIS) for decision-making. We validate the proposed model by implementing it to solve the pesticide selection problem in food science by considering various criteria for the selection of pesticides. Our proposed MultiFuzzTOPS recommends the best pesticide compared with its counterparts because it covers the maximum information for the selection of the best alternative. Results are ranked on the basis of the Hamming distance and similarity coefficient. We also validate the effectiveness by performing the sensitivity analysis, and the validation shows the reliability and effectiveness of our proposed model. Full article

Software vulnerabilities present a significant cybersecurity threat, particularly as software code grows in size and complexity. Traditional vulnerability-mining techniques face challenges in keeping pace with this complexity. Fuzzing, a key automated vulnerability-mining approach, typically focuses on code branch coverage, overlooking syntactic and semantic elements of the code. In this paper, we introduce HotCFuzz, a novel vulnerability-mining model centered on the coverage of hot code blocks. Leveraging vulnerability syntactic features to identify these hot code blocks, we devise a seed selection algorithm based on their coverage and integrate it into the established fuzzing test framework AFL. Experimental results demonstrate that HotCFuzz surpasses AFL, AFLGo, Beacon, and FairFuzz in terms of efficiency and time savings. Full article

WebAssembly code is designed to run in a sandboxed environment, such as a web browser, providing a high level of security and isolation from the underlying operating system and hardware. This enables the execution of untrusted code in a web browser without compromising the security and integrity of the user’s system. This paper discusses the challenges associated with using fuzzing tools to identify vulnerabilities or bugs in WebAssembly interpreters. Our approach, known as ESFuzzer, introduces an efficient method for fuzzing WebAssembly interpreters using an Equivalent-Statement concept and the Stack Repair Algorithm. The samples generated by our approach successfully passed code validation. In addition, we developed effective mutation strategies to enhance the efficacy of our approach. ESFuzzer has demonstrated its ability to generate code that achieves 100% WebAssembly validation testing and achieves code coverage that is more than twice that of libFuzzer. Furthermore, the 24-h experiment results show that ESFuzzer performs ten times more efficiently than libFuzzer. Full article

Microcontroller Units (MCUs) play a vital role in embedded devices due to their energy efficiency and scalability. The firmware in MCUs contains vulnerabilities that can lead to digital and physical harm. However, testing MCU firmware faces challenges due to various tool limitations and unavailable firmware details. To address this problem, research is turning to fuzzing and rehosting. Due to the inherent imbalance in computational resources of the fuzzing algorithm and the lack of consideration for the computational resource requirements of rehosting methods, some hardware behavior-related paths are difficult to discover. In this work, we propose a novel Dynamically Co-directional Guidance Fuzzing (DCGFuzz) method to improve security analysis efficiency. Our method dynamically correlates computational resource allocation in both fuzzing and rehosting, computing a unified power schedule score. Using the power schedule score, we adjust test frequencies for various paths, boosting testing efficiency and aiding in the detection of hardware-related paths. We evaluated our approach on nine real-world pieces of firmware. Compared to the previous approach, we achieved a maximum increase of 47.9% in path coverage and an enhancement of 27.6% in effective model coverage during the fuzzing process within 24 h. Full article

The use of a Controller Area Network (CAN) bus in the automotive industry for connecting electronic control units (ECUs) poses security vulnerabilities due to the lack of built-in security features. Intrusion Detection Systems (IDSs) have emerged as a practical solution for safeguarding the CAN bus. However, developing an effective IDS for in-vehicle CAN buses encounters challenges in achieving high precision for detecting attacks and meeting real-time requirements with limited computational resources. To address these challenges, we propose a novel method for anomaly detection on CAN data using windowed Hamming distance. Our approach utilizes sliding windows and Hamming distance to extract features from time series data. By creating benchmark windows that span at least one cycle of data, we compare newly generated windows with recorded benchmarks using the Hamming distance to identify abnormal CAN messages. During the experimental phase, we conduct extensive testing on both the public car-hack dataset and a proprietary dataset. The experimental results indicate that our method achieves an impressive accuracy of up to 99.67% in detecting Denial of Service (DoS) attacks and an accuracy of 98.66% for fuzzing attacks. In terms of two types of spoofing attacks, our method achieves detection accuracies of 99.48% and 99.61%, respectively, significantly outperforming the methods relying solely on the Hamming distance. Furthermore, in terms of detection time, our method significantly reduces the time consumption by nearly 20-fold compared to the approach using deep convolutional neural networks (DCNN), decreasing it from 6.7 ms to 0.37 ms. Full article

Network protocol syntax information plays a crucial role in grammar-based fuzzing. Current network protocol syntax extraction methods are less versatile, inefficient, and the extracted information is not comprehensive. This paper proposes a novel method for extracting syntax information, which innovatively extracts network protocol syntax from Wireshark protocol dissector files. The extracted syntax information includes packet types of the protocol, the constituent fields of each packet type, and detailed attributes of each field. Based on this method, an automated system for network protocol syntax information extraction was developed. The experiment was conducted with this system on a variety of protocols including DCCP, DNP3.0, Modbus TCP, and S7COMM. The experimental results show that compared with the current methods, our method has a better performance in terms of efficiency and versatility and at the same time ensures the comprehensiveness and accuracy of the extracted syntax information. Full article

Fruit pubescence (trichome) is an important characteristic and is controlled by a single dominant gene (G/g), resulting in peaches and nectarines. The length and/or density of fruit fuzz varies greatly among different peach cultivars. However, little is known about fruit trichome development in peaches. In this study, significant differences in fruit trichome length and density were identified between ‘XT1’ and its bud mutation ‘BM’, showing much higher values for ‘BM’. Comparative transcriptome analysis was performed, and 987 differentially expressed genes (DEGs) were identified, which were confirmed by qRT-PCR. GO (Gene Ontology) and KEGG (Kyoto Encyclopedia of Genes and Genomes) analyses showed that genes involved in defense response, secondary metabolites and plant hormone signal transduction may also be related to the development of peach fruit trichomes. By integrating other transcriptome data, we finally determined 47 DEGs that might participate in peach trichome development, including five plant-hormone-related genes. The promoter analysis showed that one abscisic-acid-related gene, Prupe.6G072400 (abscisic acid 8′-hydroxylase 2), and one auxin-related gene, Prupe.3G074900 (auxin-responsive protein IAA1), have obvious differences in the cis-acting elements of the promoters between ‘XT1’ and ‘BM’. The results of this study will provide a valuable resource illustrating the mechanism of fruit trichome development in peaches and benefit future genomic research. Full article

Coverage-guided fuzzing has been widely applied in software error and security vulnerability detection. The fuzzing technique based on AFL (American Fuzzy Loop) is a common coverage-guided fuzzing method. The code coverage during AFL fuzzing is highly dependent on the quality of the initial seeds. If the selected seeds’ quality is poor, the AFL may not be able to detect program paths in a targeted manner, resulting in wasted time and computational resources. To solve the problems that the seed selection strategy in traditional AFL fuzzing cannot quickly and effectively generate high-quality seed sets and the mutated test cases cannot reach deeper paths and trigger security vulnerabilities, this paper proposes an attention mechanism-based generative adversarial network (GAN) seed generation approach for vulnerability mining, which can learn the characteristics and distribution of high-quality test samples during the testing process and generate high-quality seeds for fuzzing. The proposed method improves the GAN by introducing fully connected neural networks to balance the competitive adversarial process between discriminators and generators and incorporating attention mechanisms, greatly improving the quality of generated seeds. Our experimental results show that the seeds generated by the proposed method have significant improvements in coverage, triggering unique crashes and other indicators and improving the efficiency of AFL fuzzing. Full article