Using Bayesian Classifiers to Detect Fuzzing

Fuzzing, from a security perspective, is when an automated program searches for IT vulnerabilities by sending random input to an application.   Fuzzers are sometimes referred to as fault injectors and are used by hackers to find buffer overflows and other application flaws such as SQL injection, XSS, and format string vulnerabilities.

In the past few years fuzzing is being increasing used by criminals to search for on-line vulnerabilities that can be exploited; and for this reason, fuzzing is a serious threat to ecommerce and other online business applications.

How would an organization detect fuzzing?

Bayesian classifiers are used to detect spam, denial of service attacks, fraud, and other complex data sets; so it makes perfect sense to use Bayesian techniques to detect fuzzing.  However, I have searched the network have not yet found an implementation of a Bayesian classifier specifically to detect fuzzing in real-time. 

If anyone knows of a (Java-based) Bayesian classifer that would be a good starting point for the real-time detection of fuzzing, please let me know.  Thanks!

Advertisements

One Response to Using Bayesian Classifiers to Detect Fuzzing

  1. Although I haven’t heard of using CEP to detect fuzzing, I’ve heard of using conditional statements to check for common fuzz strings: i.e. If an input value begins with the substring “AAAAA” then mark it as invalid; an extremely long string composed of numerous A’s is typically used to check for buffer overflows. Of course the problem with this is that the fuzzer would change the string to “BBBBB” so I can see how Bayesian Classifiers could perhaps detect/prevent fuzz testers but the real underlying problem that needs to be fixed is that the software is insecure. If the software is resistant to attack it won’t matter that it’s being fuzzed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: