Volltext-Downloads (blau) und Frontdoor-Views (grau)

Finding States in Black Box Fuzzing

  • Securing software is one of the most important parts in modern software development. Fuzzing has become one of the most popular methods to automatically test software. Most fuzzing approaches need the target software to be recompiled which presupposes source code to be available. When no source code is available, black box fuzzers are used. In modern software, states play a big role in its functioning. A black box fuzzer can come to its limits quick when operating on a stateful target with no knowledge. The use of a state machine in a fuzzer can make the fuzzer more effective. This thesis introduces a state machine estimation tool for black box systems. An approach to estimate the state machine with state-of-the-art algorithms over a defined interface is proposed. Fuzzing will be used to find more inputs and states of the target to make a more complete state machine. The implemented approach is evaluated on two stateful targets LightFTP and BFTPD. With a set of pre-known inputs, the tool was able to correctly estimate the state machines of the targets and the fuzzing method proved to be successful in finding more states and inputs. Multiple fuzzing techniques and automata learning algorithms were benchmarked to find the most successful combination.

Download full text files

  • Finding-States-in-Black-Box-Fuzzing.pdf

    nur im Hochschulnetz abrufbar

Export metadata

Additional Services

Search Google Scholar


Author:Andreas Lautner
Referee:Dominik Schoop, Steffen Schober
Advisor:Christopher Huth, Mark Leon Giraud, Anne Borcherding
Document Type:Master's Thesis
Year of Completion:2023
Publishing Institution:Hochschule Esslingen
Granting Institution:Hochschule Esslingen
Date of final exam:2023/08/14
Release Date:2024/03/04
Open Access?:frei verf├╝gbar
Faculty:Informatik und Informationstechnik