Using Bayesian Classifiers to Detect Fuzzing

November 4, 2007

Fuzzing, from a security perspective, is when an automated program searches for IT vulnerabilities by sending random input to an application.   Fuzzers are sometimes referred to as fault injectors and are used by hackers to find buffer overflows and other application flaws such as SQL injection, XSS, and format string vulnerabilities.

In the past few years fuzzing is being increasing used by criminals to search for on-line vulnerabilities that can be exploited; and for this reason, fuzzing is a serious threat to ecommerce and other online business applications.

How would an organization detect fuzzing?

Bayesian classifiers are used to detect spam, denial of service attacks, fraud, and other complex data sets; so it makes perfect sense to use Bayesian techniques to detect fuzzing.  However, I have searched the network have not yet found an implementation of a Bayesian classifier specifically to detect fuzzing in real-time. 

If anyone knows of a (Java-based) Bayesian classifer that would be a good starting point for the real-time detection of fuzzing, please let me know.  Thanks!