| Summary: | 碩士 === 國立臺灣科技大學 === 資訊工程系 === 106 === Fuzz testing or fuzzing is steadily gaining popularity as an efficient and cost-effective way of testing software applications. According to different security frameworks and standards, popular software products still contain various undiscovered vulnerabilities, caused especially by improper input validation, data processing errors and buffer overflows. Furthermore, remote attacks through imperfect implementations of network protocols are especially popular and severe. Using different fuzz testing approaches as well as various fuzzing frameworks these vulnerabilities can be revealed and consequently fixed.
Due to limitations concerning access to the network or its bandwidth, the duration of the fuzz testing should be reduced to a minimum. After analyzing different algorithms for comparing test data strings, the Levenshtein distance provides an effective way to reduce redundant and similar test cases to achieve a more distinct subset.
Using the Levenshtein distance in different approaches and implementations with numerous diverse parameters led to the conclusion that using an individual Levenshtein distance approach (comparing each test case to all others) combined with a total Levenshtein distance approach (comparing each test case’s total distance to all others) is the most effective and most balanced method in respect to data diversity and execution time.
|
|---|
