Sidewinder: An Evolutionary Guidance System for Malicious Input Crafting presented at BlackhatUSA 2006

by Sherri Sparks, Shawn Embleton, Ryan Cunningham,

Summary : Black box testing techniques like fuzzing and fault injection are responsible for discovering a large percentage of reported software vulnerabilities. These techniques typically operate by injecting random or semi random input into a program and then monitoring its output for unexpected behavior. While their high potential for automation makes them desirable, they frequently suffer from a lack of intelligence. That is, the random nature of input space exploration makes the probability of discovering vulnerabilities highly non-deterministic. Black box inputs are similar to unguided missiles. In this talk, we will discuss how we might turn these inputs into guided missiles by intelligently driving their selection using ideas borrowed from probability theory and evolutionary biology.