“Sidewinder”: An Evolutionary Guidance System For Malicious Input Crafting presented at Blackhat USA 2005

by Shawn Embleton, Ryan Cunningham,

Tags: Security Fuzzing Monitoring Testing Automation

Summary : Black box testing techniques like
fuzzing and fault injection are responsible for discovering a large
percentage of reported software vulnerabilities. These techniques
typically operate by injecting random or semi random input into a
program and then monitoring its output for unexpected behavior. While
their high potential for automation makes them desirable, they
frequently suffer from a lack of “intelligence”. That is, the
random nature of input space exploration makes the probability of
discovering vulnerabilities highly non-deterministic. Black box inputs
are similar to unguided missiles. In this talk, we will discuss how
we might turn these inputs into guided missiles by intelligently
driving their selection using ideas borrowed from probability theory and
evolutionary biology.