Volume 14 Number 2 (Feb. 2019)
Home > Archive > 2019 > Volume 14 Number 2 (Feb. 2019) >
JCP 2019 Vol.14(2): 111-118 ISSN: 1796-203X
doi: 10.17706/jcp.14.2.111-118

Discovering Software Vulnerabilities Based on Fuzz Testing

Yu-Ming Chung, Chihli Hung
Chung Yuan Christian University, No. 200 Jongpei Rd., Jongli Dist., Taoyuan City, 32023, Taiwan.
Abstract—In the era of the Internet, information security issues are of paramount importance. Software packages invariably have security vulnerabilities. If exploited by malicious hackers, vulnerabilities can cause substantial losses to software corporations and end users. Due to the increase in Advanced Persistent Threat (APT) attacks, vulnerabilities have to be discovered as rapidly as possible. This research focuses on Microsoft Office Word software and proposes the fuzzing vulnerability digging model. In the field of fuzz testing, the traditional approaches consume considerable time and system resources without analyzing file formats. Therefore, the fuzzing vulnerability digging model proposed in this research examines the file format to identify any possible weaknesses. According to the experiments, our proposed model outperforms two benchmarking models, i.e. the FileFuzz tester and MiniFuzz tester, for a fixed period of time. Finally, we present an example which imitates a Shellcode attack carried out via the weaknesses discovered by the proposed model. According to the comparison results, the proposed model has the potential to identify weaknesses in MS Office Word software more effectively and efficiently.

Index Terms—Fuzz testing, software security, software testing, vulnerability exploiting.

[PDF]

Cite: Yu-Ming Chung, Chihli Hung, "Discovering Software Vulnerabilities Based on Fuzz Testing," Journal of Computers vol. 14, no. 2, pp. 111-118, 2019.

General Information

ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Monthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO,  ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, CNKI,etc
E-mail: jcp@iap.org
  • Aug 16, 2019 News!

    Vol 14, No 8 has been published with online version   [Click]

  • Jul 19, 2019 News!

    Vol 14, No 7 has been published with online version   [Click]

  • Jun 21, 2019 News!

    Vol 14, No 6 has been published with online version   [Click]

  • Apr 28, 2019 News!

    Vol 14, No 5 has been published with online version 7 papers are published in this issue after peer review   [Click]

  • Mar 20, 2019 News!

    Vol 14, No 3 has been published with online version   [Click]

  • Read more>>