Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

DeepFuzz: Triggering vulnerabilities deeply hidden in binaries

: Böttinger, K.; Eckert, C.


Caballero, J.:
Detection of intrusions and malware, and vulnerability assessment. 13th International Conference, DIMVA 2016 : San Sebastián, Spain, July 7-8, 2016; Proceedings
Cham: Springer International Publishing, 2016 (Lecture Notes in Computer Science 9721)
ISBN: 978-3-319-40666-4 (Print)
ISBN: 978-3-319-40667-1 (Online)
Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) <13, 2016, San Sebastián>
Fraunhofer AISEC ()

We introduce a new method for triggering vulnerabilities in deep layers of binary executables and facilitate their exploitation. In our approach we combine dynamic symbolic execution with fuzzing techniques. To maximize both the execution path depth and the degree of freedom in input parameters for exploitation, we define a novel method to assign probabilities to program paths. Based on this probability distribution we apply new path exploration strategies. This facilitates payload generation and therefore vulnerability exploitation.