A Design of Smart Fuzzing System Based on Hybrid Analysis

하이브리드 분석 기반의 스마트 퍼징 시스템 설계

  • Kim, Mansik (Dept. of Computer Science & Engineering, Soongsil University) ;
  • Kang, Jungho (Dept. of Computer Science & Engineering, Soongsil University) ;
  • Jun, Moon-seog (Dept. of Computer Science & Engineering, Soongsil University)
  • Received : 2016.12.29
  • Accepted : 2017.03.20
  • Published : 2017.03.28


In accordance with the development of IT industry worldwide, software industry has also grown tremendously, and it is exerting influence on the general society starting from daily life to financial organizations and public institutions. However, various security threats that can inflict serious threat to provided services in proportion to the growing software industry, have also greatly increased. In this thesis, we suggest a smart fuzzing system combined with black box and white box testing that can effectively detectxdistinguish software vulnerability which take up a large portion of the security incidents in application programs.


Smart Fuzzing;Black box test;White box test;Hybrid analysis;Software Vulnerability


Supported by : 중소기업청


  1. SH Lee, DW LEE,"A Study on u-Health Fusion Field based on Internet of Thing", Korea Convergence Society, Vol 7, No. 4, pp. 19-24, 2016
  2. LS Kim, "Convergence of Information Technology and Corporate Strategy", Korea Convergence Society, Vol. 6, No. 6, pp. 17-26, 2015
  3. SS Shin, GS Chae, TH Lee, "An Investigation Study to Reduce Security Threat in the Internet of Things Environment", Convergence Society for SMB, Vol. 5, No. 4, pp. 31-16, 2015
  4. Software security weaknesses diagnostic guide, KISA, 2012.
  5. MS Gu, YZ Li, "A Study of Countermeasures for Advanced Persistent Threats attacks by malicious code", Convergence Society for SMB, Vol. 5, No. 4, pp. 37-42, 2015
  6. Symantec, "2013 Internet Security Threat Report, Volume 18," 2013.
  7. Christey, S. M., and R. P. Glenn. Common weakness enumeration. 2013.
  8. Robert C. Seacord, The CERT C Secure Coding Standard, Addison-Wesley, October 2008.
  9. Robert C. Seacord, Secure Coding in C and C++, Addison-Wesley, May 2010.
  10. Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda The CERT Java Secure Coding Standard, Addison-Wesley, September 2011.
  11. Sutton, Michael, Adam Greene, and Pedram Amini. Fuzzing: brute force vulnerability discovery. Pearson Education, 2007.
  12. Patton, Ron. Software testing. Sams Pub., 2006.
  13. KHAN, Mohd Ehmer; KHAN, Farmeena. A Comparative Study of White Box, Black Box and Grey Box Testing Techniques. Editorial Preface, 2012.
  14. Bekrar, S., Bekrar, C., Groz, R., & Mounier, L. Finding software vulnerabilities by smart fuzzing. In Software Testing, Verification and Validation (ICST), IEEE Fourth International Conference, pp. 427-430. 2011.
  15. BALL, Thomas; RAJAMANI, Sriram K. The S LAM project: debugging system software via static analysis. In: ACM SIGPLAN Notices. ACM, pp. 1-3, 2002.
  16. OWASP, Top. Top 10-2013. The Ten Most Critical Web Application Security Risks, 2013.
  17. Ministry of Government Administration and Home Affairs, Software development security guide for developer and operator in E-government SW, 2012
  18. NEWSOME, James; SONG, Dawn. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. 2005.