Home / Advanced Search

  • Title/Keywords

  • Author/Affliations

  • Journal

  • Article Type

  • Start Year

  • End Year

Update SearchingClear
  • Articles
  • Online
Search Results (10)
  • Open Access

    ARTICLE

    KubeFuzzer: Automating RESTful API Vulnerability Detection in Kubernetes

    Tao Zheng1, Rui Tang1,2,3, Xingshu Chen1,2,3,*, Changxiang Shen1

    CMC-Computers, Materials & Continua, Vol.81, No.1, pp. 1595-1612, 2024, DOI:10.32604/cmc.2024.055180 - 15 October 2024

    Abstract RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes platforms. Existing tools struggle with generating lengthy, high-semantic request sequences that can pass Kubernetes API gateway checks. To address this, we propose KubeFuzzer, a black-box fuzzing tool designed for Kubernetes RESTful APIs. KubeFuzzer utilizes Natural Language Processing (NLP) to extract and integrate semantic information from API specifications and response messages, guiding the generation of more effective request sequences. Our evaluation of KubeFuzzer on various Kubernetes clusters shows that it improves code coverage by 7.86% to 36.34%, increases the successful response rate by More >

  • Open Access

    REVIEW

    Fuzzing: Progress, Challenges, and Perspectives

    Zhenhua Yu1, Zhengqi Liu1, Xuya Cong1,*, Xiaobo Li2, Li Yin3

    CMC-Computers, Materials & Continua, Vol.78, No.1, pp. 1-29, 2024, DOI:10.32604/cmc.2023.042361 - 30 January 2024

    Abstract As one of the most effective techniques for finding software vulnerabilities, fuzzing has become a hot topic in software security. It feeds potentially syntactically or semantically malformed test data to a target program to mine vulnerabilities and crash the system. In recent years, considerable efforts have been dedicated by researchers and practitioners towards improving fuzzing, so there are more and more methods and forms, which make it difficult to have a comprehensive understanding of the technique. This paper conducts a thorough survey of fuzzing, focusing on its general process, classification, common application scenarios, and some More >

  • Open Access

    ARTICLE

    Adaptive Emulation Framework for Multi-Architecture IoT Firmware Testing

    Jihyeon Yu1, Juhwan Kim1, Youngwoo Lee1, Fayozbek Rustamov2, Joobeom Yun1,*

    CMC-Computers, Materials & Continua, Vol.75, No.2, pp. 3291-3315, 2023, DOI:10.32604/cmc.2023.035835 - 31 March 2023

    Abstract Internet of things (IoT) devices are being increasingly used in numerous areas. However, the low priority on security and various IoT types have made these devices vulnerable to attacks. To prevent this, recent studies have analyzed firmware in an emulation environment that does not require actual devices and is efficient for repeated experiments. However, these studies focused only on major firmware architectures and rarely considered exotic firmware. In addition, because of the diversity of firmware, the emulation success rate is not high in terms of large-scale analyses. In this study, we propose the adaptive emulation… More >

  • Open Access

    ARTICLE

    Machine Learning Approach for Improvement in Kitsune NID

    Abdullah Alabdulatif1, Syed Sajjad Hussain Rizvi2,*

    Intelligent Automation & Soft Computing, Vol.32, No.2, pp. 827-840, 2022, DOI:10.32604/iasc.2022.021879 - 17 November 2021

    Abstract Network intrusion detection is the pressing need of every communication network. Many network intrusion detection systems (NIDS) have been proposed in the literature to cater to this need. In recent literature, plug-and-play NIDS, Kitsune, was proposed in 2018 and greatly appreciated in the literature. The Kitsune datasets were divided into 70% training set and 30% testing set for machine learning algorithms. Our previous study referred that the variants of the Tree algorithms such as Simple Tree, Medium Tree, Coarse Tree, RUS Boosted, and Bagged Tree have reported similar effectiveness but with slight variation inefficiency. To More >

  • Open Access

    ARTICLE

    A Survey on Binary Code Vulnerability Mining Technology

    Pengzhi Xu1,2, Zetian Mai1,2, Yuhao Lin1, Zhen Guo1,2,*, Victor S. Sheng3

    Journal of Information Hiding and Privacy Protection, Vol.3, No.4, pp. 165-179, 2021, DOI:10.32604/jihpp.2021.027280 - 22 March 2022

    Abstract With the increase of software complexity, the security threats faced by the software are also increasing day by day. So people pay more and more attention to the mining of software vulnerabilities. Although source code has rich semantics and strong comprehensibility, source code vulnerability mining has been widely used and has achieved significant development. However, due to the protection of commercial interests and intellectual property rights, it is difficult to obtain source code. Therefore, the research on the vulnerability mining technology of binary code has strong practical value. Based on the investigation of related technologies,… More >

  • Open Access

    ARTICLE

    FastAFLGo: Toward a Directed Greybox Fuzzing

    Chunlai Du1, Tong Jin1, Yanhui Guo2,*, Binghao Jia1, Bin Li3

    CMC-Computers, Materials & Continua, Vol.69, No.3, pp. 3845-3855, 2021, DOI:10.32604/cmc.2021.017697 - 24 August 2021

    Abstract While the size and complexity of software are rapidly increasing, not only is the number of vulnerabilities increasing, but their forms are diversifying. Vulnerability has become an important factor in network attack and defense. Therefore, automatic vulnerability discovery has become critical to ensure software security. Fuzzing is one of the most important methods of vulnerability discovery. It is based on the initial input, i.e., a seed, to generate mutated test cases as new inputs of a tested program in the next execution loop. By monitoring the path coverage, fuzzing can choose high-value test cases for inclusion More >

  • Open Access

    ARTICLE

    Case Optimization Using Improved Genetic Algorithm for Industrial Fuzzing Test

    Ming Wan1, Shiyan Zhang1, Yan Song2, Jiangyuan Yao3,*, Hao Luo1, Xingcan Cao4

    Intelligent Automation & Soft Computing, Vol.28, No.3, pp. 857-871, 2021, DOI:10.32604/iasc.2021.017214 - 20 April 2021

    Abstract Due to the lack of security consideration in the original design of industrial communication protocols, industrial fuzzing test which can successfully exploit various potential security vulnerabilities has become one new research hotspot. However, one critical issue is how to improve its testing efficiency. From this point of view, this paper proposes a novel fuzzing test case optimization approach based on improved genetic algorithm for industrial communication protocols. Moreover, a new individual selection strategy is designed as the selection operator in this genetic algorithm, which can be actively engaged in the fuzzing test case optimization process.… More >

  • Open Access

    ARTICLE

    PS-Fuzz: Efficient Graybox Firmware Fuzzing Based on Protocol State

    Xiaoyi Li, Xiaojun Pan, Yanbin Sun*

    Journal on Artificial Intelligence, Vol.3, No.1, pp. 21-31, 2021, DOI:10.32604/jai.2021.017328 - 02 April 2021

    Abstract The rise of the Internet of Things (IoT) exposes more and more important embedded devices to the network, which poses a serious threat to people’s lives and property. Therefore, ensuring the safety of embedded devices is a very important task. Fuzzing is currently the most effective technique for discovering vulnerabilities. In this work, we proposed PS-Fuzz (Protocol State Fuzz), a gray-box fuzzing technique based on protocol state orientation. By instrumenting the program that handles protocol fields in the firmware, the problem of lack of guidance information in common protocol fuzzing is solved. By recording and… More >

  • Open Access

    ARTICLE

    Smart Contract Fuzzing Based on Taint Analysis and Genetic Algorithms

    Zaoyu Wei1,*, Jiaqi Wang2, Xueqi Shen1, Qun Luo1

    Journal of Information Hiding and Privacy Protection, Vol.2, No.1, pp. 35-45, 2020, DOI:10.32604/jihpp.2020.010331 - 15 October 2020

    Abstract Smart contract has greatly improved the services and capabilities of blockchain, but it has become the weakest link of blockchain security because of its code nature. Therefore, efficient vulnerability detection of smart contract is the key to ensure the security of blockchain system. Oriented to Ethereum smart contract, the study solves the problems of redundant input and low coverage in the smart contract fuzz. In this paper, a taint analysis method based on EVM is proposed to reduce the invalid input, a dangerous operation database is designed to identify the dangerous input, and genetic algorithm More >

  • Open Access

    ARTICLE

    Smart Contract Fuzzing Based on Taint Analysis and Genetic Algorithms

    Zaoyu Wei1, *, Jiaqi Wang2, Xueqi Shen1, Qun Luo1

    Journal of Quantum Computing, Vol.2, No.1, pp. 11-24, 2020, DOI:10.32604/jqc.2020.010815 - 28 May 2020

    Abstract Smart contract has greatly improved the services and capabilities of blockchain, but it has become the weakest link of blockchain security because of its code nature. Therefore, efficient vulnerability detection of smart contract is the key to ensure the security of blockchain system. Oriented to Ethereum smart contract, the study solves the problems of redundant input and low coverage in the smart contract fuzz. In this paper, a taint analysis method based on EVM is proposed to reduce the invalid input, a dangerous operation database is designed to identify the dangerous input, and genetic algorithm More >

Displaying 1-10 on page 1 of 10. Per Page