Sea, Fuzz, and Sun: Artificial Intelligence for Black-Box Interpreter Fuzzing presented at Shakacon 2014

by Fabien Duchene,

Summary : Fuzzing is the automatic creation and evaluation of inputs for discovering vulnerabilities. Traditional undirected black-box fuzzing relies on predefined strategies for producing inputs and thus may not be efficient to find a broad range of local optima. In this work, we address the problem of black-box fuzzing of interpreters by adapting Artificial Intelligence (AI) techniques: inference, evolutionary algorithm and anti-random testing. Our work is an application of a genetic algorithm for black-box fuzzing when searching for vulnerabilities. Such algorithms are generally used in academia for search problems, often related to biology. We here apply them for vulnerability search, in black-box. We designed heuristics for fuzzing PDF interpreters searching for memory corruption vulnerabilities and for fuzzing websites for cross site scripting. Our evolutionary fuzzers ShiftMonkey and KameleonFuzz outperform traditional black-box fuzzers both in vulnerability detection capabilities and efficiency. We report on new results with those fuzzers, including new vulnerabilities that affect millions of users worldwide.