By Topic

T3FAH: A TTCN-3 Based Fuzzer with Attack Heuristics

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Luo Xu ; Sch. of Comput. Sci. & Eng., Beihang Univ., Beijing, China ; Ji Wu ; Chao Liu

Fuzzing is an effective approach to detect vulnerabilities. Unfortunately, the existing fuzzing approach suffers from some limitations, especially lacking support for automation in extracting the SUT specific knowledge and generating test script. In this paper, by combining fuzzing with TTCN-3 technique, we present T3FAH: a TTCN-3 based Fuzzer with Attack Heuristics. The approach automatically extracts the input syntax of SUT from existing test data definitions in TTCN-3 conformance test suite, generates invalid inputs based on the attack heuristic generation algorithm, and automatically constructs fuzzing test script via reusing the conformance test case. We conducted a case study on three popular SIP terminals with different SIP protocol implementations. In the case study, our approach detected several different vulnerabilities in all three SIP terminals, which may damage user experience in the practical use. It proves that our approach can be effectively used for testing real world applications.

Published in:

Computer Science and Information Engineering, 2009 WRI World Congress on  (Volume:7 )

Date of Conference:

March 31 2009-April 2 2009