A Fuzzing Method for Security Testing of Sensors

Xiaogang Zhu, Shigang Liu, Alireza Jolfaei

Research output: Contribution to journalArticlepeer-review

Abstract

The security issues in sensors impede the experience of using sensors to improve the quality of our life. By analyzing security issues in open-source programs for sensors, we can understand the security problems in sensors. Fuzzing is one of the most effective techniques to identify potential software vulnerabilities. Most fuzzers aim to improve code coverage. However, a tester may want to focus on examining some specific code regions. In this article, we proposed a deep learning (DL)-guided fuzzing for software vulnerability detection, named DeFuzz. DeFuzz includes two main schemes: 1) we employ a pretrained DL prediction model to identify the potentially vulnerable functions and the locations (i.e., vulnerable addresses). Precisely, we employ bidirectional-LSTM (BiLSTM) to identify attention words and the vulnerabilities associated with these attention words in functions; and 2) then, we employ directed fuzzing to examine the potential vulnerabilities by generating inputs that tend to arrive at the predicted locations. To evaluate the effectiveness of the proposed DeFuzz technique, we have conducted experiments on real-world data sets. Experimental results show that our DeFuzz can discover more coverage and run faster than AFL. Moreover, DeFuzz exposes 43 more bugs than AFL on real-world applications.

Original languageEnglish
Pages (from-to)5522-5529
Number of pages8
JournalIEEE Sensors Journal
Volume24
Issue number5
Early online date8 Aug 2023
DOIs
Publication statusPublished - 1 Mar 2024

Keywords

  • Computer bugs
  • Fuzzing
  • Microprogramming
  • Security
  • Sensors
  • Software
  • fuzz testing
  • Deep learning (DL)
  • sensor security

Fingerprint

Dive into the research topics of 'A Fuzzing Method for Security Testing of Sensors'. Together they form a unique fingerprint.

Cite this