The proliferation of Internet of Things (IoT) devices has made peoples lives more convenient, but it has also raised many security concerns. Due to the difficulty of obtaining and emulating IoT firmware, the black-box fuzzing of IoT devices has becom
e a viable option. However, existing black-box fuzzers cannot form effective mutation optimization mechanisms to guide their testing processes, mainly due to the lack of feedback. It is difficult or even impossible to apply existing grammar-based fuzzing strategies. Therefore, an efficient fuzzing approach with syntax inference is required in the IoT fuzzing domain. To address these critical problems, we propose a novel automatic black-box fuzzing for IoT firmware, termed Snipuzz. Snipuzz runs as a client communicating with the devices and infers message snippets for mutation based on the responses. Each snippet refers to a block of consecutive bytes that reflect the approximate code coverage in fuzzing. This mutation strategy based on message snippets considerably narrows down the search space to change the probing messages. We compared Snipuzz with four state-of-the-art IoT fuzzing approaches, i.e., IoTFuzzer, BooFuzz, Doona, and Nemesys. Snipuzz not only inherits the advantages of app-based fuzzing (e.g., IoTFuzzer, but also utilizes communication responses to perform efficient mutation. Furthermore, Snipuzz is lightweight as its execution does not rely on any prerequisite operations, such as reverse engineering of apps. We also evaluated Snipuzz on 20 popular real-world IoT devices. Our results show that Snipuzz could identify 5 zero-day vulnerabilities, and 3 of them could be exposed only by Snipuzz. All the newly discovered vulnerabilities have been confirmed by their vendors.
Fuzzing is one of the most effective technique to identify potential software vulnerabilities. Most of the fuzzers aim to improve the code coverage, and there is lack of directedness (e.g., fuzz the specified path in a software). In this paper, we pr
oposed a deep learning (DL) guided directed fuzzing for software vulnerability detection, named DeFuzz. DeFuzz includes two main schemes: (1) we employ a pre-trained DL prediction model to identify the potentially vulnerable functions and the locations (i.e., vulnerable addresses). Precisely, we employ Bidirectional-LSTM (BiLSTM) to identify attention words, and the vulnerabilities are associated with these attention words in functions. (2) then we employ directly fuzzing to fuzz the potential vulnerabilities by generating inputs that tend to arrive the predicted locations. To evaluate the effectiveness and practical of the proposed DeFuzz technique, we have conducted experiments on real-world data sets. Experimental results show that our DeFuzz can discover coverage more and faster than AFL. Moreover, DeFuzz exposes 43 more bugs than AFL on real-world applications.
In this article, an advanced differential quadrature (DQ) approach is proposed for the high-dimensional multi-term time-space-fractional partial differential equations (TSFPDEs) on convex domains. Firstly, a family of high-order difference schemes is
introduced to discretize the time-fractional derivative and a semi-discrete scheme for the considered problems is presented. We strictly prove its unconditional stability and error estimate. Further, we derive a class of DQ formulas to evaluate the fractional derivatives, which employs radial basis functions (RBFs) as test functions. Using these DQ formulas in spatial discretization, a fully discrete DQ scheme is then proposed. Our approach provides a flexible and high accurate alternative to solve the high-dimensional multi-term TSFPDEs on convex domains and its actual performance is illustrated by contrast to the other methods available in the open literature. The numerical results confirm the theoretical analysis and the capability of our proposed method finally.
Fuzzing is a promising technique for detecting security vulnerabilities. Newly developed fuzzers are typically evaluated in terms of the number of bugs found on vulnerable programs/binaries. However,existing corpora usually do not capture the feature
s that prevent fuzzers from finding bugs, leading to ambiguous conclusions on the pros and cons of the fuzzers evaluated. A typical example is that Driller detects more bugs than AFL, but its evaluation cannot establish if the advancement of Driller stems from the concolic execution or not, since, for example, its ability in resolving a dataset`s magic values is unclear. In this paper, we propose to address the above problem by generating corpora based on search-hampering features. As a proof-of-concept, we have designed FEData, a prototype corpus that currently focuses on four search-hampering features to generate vulnerable programs for fuzz testing. Unlike existing corpora that can only answer how, FEData can also further answer why by exposing (or understanding) the reasons for the identified weaknesses in a fuzzer. The why information serves as the key to the improvement of fuzzers.
The multidimensional ($n$-D) systems described by Roesser model are presented in this paper. These $n$-D systems consist of discrete systems and continuous fractional order systems with fractional order $ u$, $0< u<1$. The stability and Robust stability of such $n$-D systems are investigated.
The celebrated GKYP is widely used in integer-order control system. However, when it comes to the fractional order system, there exists no such tool to solve problems. This paper prove the FGKYP which can be used in the analysis of problems in fracti
onal order system. The $H_infty$ and $L_infty$ of fractional order system are analysed based on the FGKYP.
This paper focuses on some properties, which include regularity, impulse, stability, admissibility and robust admissibility, of singular fractional order system (SFOS) with fractional order $1<alpha<2$. The finitions of regularity, impulse-free, stab
ility and admissibility are given in the paper. Regularity is analysed in time domain and the analysis of impulse-free is based on state response. A sufficient and necessary condition of stability is established. Three different sufficient and necessary conditions of admissibility are proved. Then, this paper shows how to get the numerical solution of SFOS in time domain. Finally, a numerical example is provided to illustrate the proposed conditions.
