Computer Science ›› 2023, Vol. 50 ›› Issue (4): 343-350.doi: 10.11896/jsjkx.220100113
• Information Security • Previous Articles Next Articles
HE Jie, CAI Ruijie, YIN Xiaokang, LU Xuanting, LIU Shengli
CLC Number:
[1]Open Web Application Security Project Top Ten[EB/OL].(2013-10-30)[2021-10-01].https://owasp.org/www-project-top-ten. [2]STASINOPOULOS A,NTANTOGIAN C,XENAKIS C.Commix:automating evaluation and exploitation of command injection vulnerabilities in Web applications[J].International Journal of Information Security,2019,18(1):49-72. [3]YOGESH R,NAGENDRA K N.Containers in Cisco IOS-XE,IOS-XR,and NX-OS:Orchestration and Operation[M].Cisco Press,2021. [4]MUNIZ S,ORTEGA A.Fuzzing and debugging Cisco IOS[J/OL].BlackHat Europe,2011.https://infocon.org/cons/SyScan/SyScan 2011 Singapore/SyScan 2011 Singapore presentations/Syscan2011-CiscoIOS-Aortega-Smuniz.pdf. [5]LI F,ZHANG L,CHEN D.Vulnerability mining of Cisco routerbased on fuzzing[C]//The 2014 2nd International Conference on Systems and Informatics(ICSAI 2014).IEEE,2014:649-653. [6]ZHOU J X,FENG D,LI B.A fuzzing method based on dual variation strategy for Cisco IOS[C]//2017 3rd IEEE International Conference on Computer and Communications(ICCC).IEEE,2017:205-209. [7]ZHANG Y,HUO W,JIAN K,et al.SrFuzzer:An automaticfuzzing framework for physical soho router devices to discover multi-type vulnerabilities[C]//Proceedings of the 35th Annual Computer Security Applications Conference.2019:544-556. [8]CHEN J,DIAO W,ZHAO Q,et al.IoTFuzzer:DiscoveringMemory Corruptions in IoT Through App-based Fuzzing[C]//NDSS.2018. [9]FENG X,SUN R,ZHU X,et al.Snipuzz:Black-box fuzzing of iot firmware via message snippet inference[C]//Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security.2021:337-350. [10]ZHENG Y,DAVANIAN A,YIN H,et al.FIRM-AFL:high-throughput greybox fuzzing of iot firmware via augmented process emulation[C]//28th {USENIX} Security Symposium({USENIX} Security 19).2019:1099-1114. [11]SRIVASTAVA P,PENG H,LI J,et al.Firmfuzz:Automated iot firmware introspection and analysis[C]//Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things.2019:15-21. [12]CHEN D D,WOO M,BRUMLEY D,et al.Towards Automated Dynamic Analysis for Linux-based Embedded Firmware[C]//NDSS.2016,1:1.1-8.1. [13]OpenResty-a dynamic web platform based on NGINX and LuaJIT[EB/OL].(2013-08-26)[2021-12-16].http://openresty.org/. [14]BOLLAPRAGADA V,MURPHY C,WHITE R.Inside cisco ios software architecture[M].Cisco Press,2000. [15]WANG Z,ZHANG Y,LIU Q.Rpfuzzer:A framework for discovering router protocols vulnerabilities based on fuzzing[J].KSII Transactions on Internet and Information Systems(TIIS),2013,7(8):1989-2009. [16]ZHU L,FU X,YAO Y,et al.FIoT:detecting the memory cor-ruption in lightweight IoT device firmware[C]//2019 18th IEEE International Conference on Trust,Security And Privacy In Computing And Communications/13th IEEE International Conference on Big Data Science And Engineering(TrustCom/BigDataSE).IEEE,2019:248-255. [17]YU L,WANG H,LI L,et al.Towards Automated Detection of Higher-Order Command Injection Vulnerabilities in IoT Devices:Fuzzing With Dynamic Data Flow Analysis[J].International Journal of Digital Crime and Forensics(IJDCF),2021,13(6):1-14. [18]JIANG Y,XIE W,TANG Y.Detecting authentication-bypassflaws in a large scale of IoT embedded web servers[C]//Proceedings of the 8th International Conference on Communication and Network Security.2018:56-63. [19]CHEN L,WANG Y,CAI Q,et al.Sharing More and Checking Less:Leveraging Common Input Keywords to Detect Bugs in Embedded Systems[C]//30th {USENIX} Security Symposium({USENIX} Security 21).2021. [20]HALLER I,SLOWINSKA A,NEUGSCHWANDTNER M,et al.Dowsing for Overfiows:A Guided Fuzzer to Find Buffer Boundary Violations[C]//22nd {USENIX} Security Sympo-sium({USENIX} Security 13).2013:49-64. [21]COSTIN A.Lua code:security overview and practical approaches to static analysis[C]//2017 IEEE Security and Privacy Workshops(SPW).IEEE,2017:132-142. |
[1] | YANG Pengfei, CAI Ruijie, GUO Shichen, LIU Shengli. Container-based Intrusion Detection Method for Cisco IOS-XE [J]. Computer Science, 2023, 50(4): 298-307. |
[2] | LIU Zerun, ZHENG Hong, QIU Junjie. Smart Contract Vulnerability Detection Based on Abstract Syntax Tree Pruning [J]. Computer Science, 2023, 50(4): 317-322. |
[3] | YANG Yahui, MA Rongkuan, GENG Yangyang, WEI Qiang, JIA Yan. Black-box Fuzzing Method Based on Reverse-engineering for Proprietary Industrial Control Protocol [J]. Computer Science, 2023, 50(4): 323-332. |
[4] | HUANG Song, DU Jin-hu, WANG Xing-ya, SUN Jin-lei. Survey of Ethereum Smart Contract Fuzzing Technology Research [J]. Computer Science, 2022, 49(8): 294-305. |
[5] | HU Zhi-hao, PAN Zu-lie. Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing [J]. Computer Science, 2022, 49(5): 318-324. |
[6] | ZHANG Ying-li, MA Jia-li, LIU Zi-ang, LIU Xin, ZHOU Rui. Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts [J]. Computer Science, 2022, 49(3): 52-61. |
[7] | CHEN Qiao-song, HE Xiao-yang, XU Wen-jie, DENG Xin, WANG Jin, PIAO Chang-hao. Reentrancy Vulnerability Detection Based on Pre-training Technology and Expert Knowledge [J]. Computer Science, 2022, 49(11A): 211200182-8. |
[8] | WANG Chang-jing, DING Xi-long, CHEN Xi, LUO Hai-mei, ZUO Zheng-kang. Web Service Modeling Based on Model-driven and Three-stage Model Transformation Method [J]. Computer Science, 2022, 49(11A): 211100055-14. |
[9] | ZHANG Bing-qing, FEI Qi, WANG Yi-chen, Yang Zhao. Study on Integration Test Order Generation Algorithm for SOA [J]. Computer Science, 2022, 49(11): 24-29. |
[10] | WANG Tian-yuan, WU Shu-hong, LI Zhao-ji, XIN Hao-guang, LI Xuan, CHEN Yong-le. PGNFuzz:Pointer Generation Network Based Fuzzing Framework for Industry Control Protocols [J]. Computer Science, 2022, 49(10): 310-318. |
[11] | LI Ming-lei, HUANG Hui, LU Yu-liang, ZHU Kai-long. SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions [J]. Computer Science, 2021, 48(5): 25-31. |
[12] | LI Yi-hao, HONG Zheng, LIN Pei-hong. Fuzzing Test Case Generation Method Based on Depth-first Search [J]. Computer Science, 2021, 48(12): 85-93. |
[13] | TU Liang-qiong, SUN Xiao-bing, ZHANG Jia-le, CAI Jie, LI Bin, BO Li-li. Survey of Vulnerability Detection Tools for Smart Contracts [J]. Computer Science, 2021, 48(11): 79-88. |
[14] | YU Yang, XING Bin, ZENG Jun, WEN Jun-hao. KSN:A Web Service Discovery Method Based on Knowledge Graph and Similarity Network [J]. Computer Science, 2021, 48(10): 160-166. |
[15] | GONG Kou-lin, ZHOU Yu, DING Li, WANG Yong-chao. Vulnerability Detection Using Bidirectional Long Short-term Memory Networks [J]. Computer Science, 2020, 47(5): 295-300. |
|