A Survey of Fuzzing Open-Source Operating Systems

• URL: http://arxiv.org/abs/2502.13163v2
• Date: Thu, 20 Feb 2025 09:52:47 GMT
• Title: A Survey of Fuzzing Open-Source Operating Systems
• Authors: Kun Hu, Qicai Chen, Zilong Lu, Wenzhuo Zhang, Bihuan Chen, You Lu, Haowen Jiang, Bingkun Sun, Xin Peng, Wenyun Zhao,
• Abstract summary: Vulnerabilities in open-source operating systems pose substantial security risks. fuzzing (OSF) faces unique challenges due to OS complexity and multi-layered interaction. This work systematically surveys the state-of-the-art OSF techniques.
• Score: 11.770015366564774
• License:
• Abstract: Vulnerabilities in open-source operating systems (OSs) pose substantial security risks to software systems, making their detection crucial. While fuzzing has been an effective vulnerability detection technique in various domains, OS fuzzing (OSF) faces unique challenges due to OS complexity and multi-layered interaction, and has not been comprehensively reviewed. Therefore, this work systematically surveys the state-of-the-art OSF techniques, categorizes them based on the general fuzzing process, and investigates challenges specific to kernel, file system, driver, and hypervisor fuzzing. Finally, future research directions for OSF are discussed. GitHub: https://github.com/pghk13/Survey-OSF.

Related papers

• Demystifying OS Kernel Fuzzing with a Novel Taxonomy [42.56259589772939]
  We present the first systematic study dedicated to OS kernel fuzzing. It begins by summarizing the progress of 99 academic studies from top-tier venues between 2017 and 2024. We introduce a stage-based fuzzing model and a novel fuzzing taxonomy that highlights nine core functionalities unique to kernel fuzzing.
  arXiv  Detail & Related papers  (2025-01-27T16:03:14Z)
• Joint Attention-Guided Feature Fusion Network for Saliency Detection of Surface Defects [69.39099029406248]
  We propose a joint attention-guided feature fusion network (JAFFNet) for saliency detection of surface defects based on the encoder-decoder network. JAFFNet mainly incorporates a joint attention-guided feature fusion (JAFF) module into decoding stages to adaptively fuse low-level and high-level features. Experiments conducted on SD-saliency-900, Magnetic tile, and DAGM 2007 indicate that our method achieves promising performance in comparison with other state-of-the-art methods.
  arXiv  Detail & Related papers  (2024-02-05T08:10:16Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Radio Frequency Fingerprinting via Deep Learning: Challenges and Opportunities [4.800138615859937]
  Radio Frequency Fingerprinting (RFF) techniques promise to authenticate wireless devices at the physical layer based on inherent hardware imperfections introduced during manufacturing. Recent advances in Machine Learning, particularly in Deep Learning (DL), have improved the ability of RFF systems to extract and learn complex features that make up the device-specific fingerprint. This paper systematically identifies and analyzes the essential considerations and challenges encountered in the creation of DL-based RFF systems.
  arXiv  Detail & Related papers  (2023-10-25T06:45:49Z)
• RLTrace: Synthesizing High-Quality System Call Traces for OS Fuzz Testing [10.644829779197341]
  We propose a deep reinforcement learning-based solution, called RLTrace, to synthesize diverse and comprehensive system call traces as the seed to fuzz OS kernels. During model training, the deep learning model interacts with OS kernels and infers optimal system call traces. Our evaluation shows that RLTrace outperforms other seed generators by producing more comprehensive system call traces.
  arXiv  Detail & Related papers  (2023-10-04T06:46:00Z)
• Development of a Multi-purpose Fuzzer to Perform Assessment as Input to a Cybersecurity Risk Assessment and Analysis System [0.0]
  This paper describes and assesses the performance of the proposed fuzzer technology. It also details how the fuzzer operates as part of the broader cybersecurity risk assessment and analysis system.
  arXiv  Detail & Related papers  (2023-06-07T09:38:31Z)
• Interactive System-wise Anomaly Detection [66.3766756452743]
  Anomaly detection plays a fundamental role in various applications. It is challenging for existing methods to handle the scenarios where the instances are systems whose characteristics are not readily observed as data. We develop an end-to-end approach which includes an encoder-decoder module that learns system embeddings.
  arXiv  Detail & Related papers  (2023-04-21T02:20:24Z)
• Fingerprint recognition with embedded presentation attacks detection: are we ready? [6.0168714922994075]
  The diffusion of fingerprint verification systems for security applications makes it urgent to investigate the embedding of software-based presentation attack algorithms (PAD) into such systems. Current research did not state much about their effectiveness when embedded in fingerprint verification systems. This paper proposes a performance simulator based on the probabilistic modeling of the relationships among the Receiver Operating Characteristics (ROC) of the two individual systems when PAD and verification stages are implemented sequentially.
  arXiv  Detail & Related papers  (2021-10-20T13:53:16Z)
• NAS-FAS: Static-Dynamic Central Difference Network Search for Face Anti-Spoofing [94.89405915373857]
  Face anti-spoofing (FAS) plays a vital role in securing face recognition systems. Existing methods rely on expert-designed networks, which may lead to a sub-optimal solution for task FAS. Here we propose the first FAS method based on neural search (NAS), called FAS-FAS, to discover the well-suited task-aware networks.
  arXiv  Detail & Related papers  (2020-11-03T23:34:40Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.