A Study of fuzzing techniques and their development

㾲

㾲⁒

䗒

䗒㰫

₆

₆⻫✺ὒ

⹲

⹲㩚㠦

㠦

ὖ

ὖ䞲

㡆

㡆ῂ

*㍲㤎╖䞯ᾦ 㩚₆ബ㩫⽊Ὃ䞯⿖, ⹮☚㼊Ὃ☯㡆ῂ㏢

[email protected], [email protected], [email protected], [email protected]

G

A Study of fuzzing techniques and their development

*Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center (ISRC),

Seoul National University 殚 殚 檃檃 㾲⁒ 䅊䜾䎆 䝚⪲⁎⧾㦮 䋂₆Ṗ 㯳Ṗ䞮ἶ ⳿㩗㧊 ┺㟧䟊㰖Ⳋ㍲ 䝚⪲⁎⧾㦮 䀾㟓㩦㠦 ╖䞲 㥚䠮 㧊 㯳Ṗ䞮ἶ 㧞┺. Ὃỿ㧦 ⽊┺ Ⲓ㩖 䝚⪲⁎⧾ 䀾㟓㩦㦚 㺔㞚⌊₆ 㥚䞲 㡂⩂ ₆⻫✺㧊 㧞┺. ⁎ 㭧 䝚⪲⁎⧾㦮 䀾㟓㩦㦚 ⽊┺ 䣾㥾㩗㦒⪲ 㺔㞚⌊₆ 㥚䞲 ₆⻫ 㭧 䞮⋮㧎 䗒㰫 (Fuzzing) 㦖 䝚⪲⁎⧾㠦 ⶊ㧧㥚⪲ 㧛⩻ ◆㧊䎆⯒ 㧛⩻䞮㡂 䝚⪲⁎⧾㦮 㩫㦮♮㰖 㞠㦖 㡗㡃㦚 Ỗ㯳䞮⓪ ₆⻫㧊┺. 㧊⩂䞲 㧛 ⩻ ◆㧊䎆⯒ 㾲╖䞲 㩗㦖 㔲Ṛὒ 㧦㤦㦚 ㏢⳾䞮㡂 ㌳㎇䞮₆ 㥚䟊 㧎Ὃ㰖⓻ὒ 䗒㰫㦚 ἆ䞿䞮⓪ 㡆ῂ Ṗ 䢲⹲䧞 㰚䟟 㭧㧊┺. ⽎ ⏒ⶎ㠦㍲⓪ 䗒㰫㦮 Ṳ⎦ ⹥ 㫛⮮㠦 ╖䟊 ㍺ⳛ䞮ἶ 䗒㰫ὒ 㧎Ὃ㰖⓻㧊 ἆ䞿♲ 㾲㔶 㡆ῂ㠦 ╖䟊 ㍲㑶䞲┺. 1. 昢昢嵦 㾲⁒ ┺㟧䞲 ⳿㩗㦚 Ṗ㰚 㡂⩂ 㫛⮮㦮 䝚⪲⁎⧾✺ 㧊 㣪ῂ♮ἶ Ṳ⹲♮Ⳋ㍲, 䝚⪲⁎⧾㦮 䋂₆ ⹥ ⽋㧷☚ Ṗ ⰺ㤆 㯳Ṗ䞮ἶ 㧞┺. ⁎㠦 ➆⧒, 䝚⪲⁎⧾㦮 䀾㟓 㩦 ⡦䞲 㯳Ṗ䞮Ợ ♮Ⳇ 㧊⩆ 䝚⪲⁎⧾㦮 䀾㟓㩦㦖 Ὃ ỿ㧦㠦Ợ Ὃỿ ╖㌗㧊 ♶ 㑮 㧞₆ ➢ⶎ㠦 ⹮✲㔲 Ὃ ỿ㧦⽊┺ Ⲓ㩖 㞢㞚⌊㠊 ⽊㢚♮㠊㟒 䞲┺. Ⱎ㧊䋂⪲ ㏢䝚䔎, 䗮㧊㓺⿗ ❇ὒ ṯ㦖 IT ╖₆㠛 䣢㌂㠦㍲⓪ 㧦㌂ 䝚⪲⁎⧾㦮 䀾㟓㩦㦚 㺔㞚⌎ ㌂⧢㠦Ợ 䙂㌗⁞㦚 㰖 䞮⓪ ⻚⁎⹪㤊䕆 (Bug bounty) 㩲☚Ṗ 㧞㦚 㩫☚ ⪲ 䝚⪲⁎⧾㦮 䀾㟓㩦㦚 㺔⓪ ộ㦖 㭧㣪䞲 㧧㠛㧊┺. 䞮㰖Ⱒ Ṳ⹲㧦Ṗ 䝚⪲⁎⧾㦚 Ṳ⹲䞮Ⳋ㍲ 㰗㩧 䀾㟓㩦 㦚 㺔㞚⌊⓪ ộ㦖 ㌂㔺㌗ ⿞Ṗ⓻㠦 Ṗ₢㤆Ⳇ, 㩚ⶎṖ ⯒ 䐋䞲 㡃Ὃ䞯 (Reverse engineering) ₆⻫, ☯㩗 䎢㓺 䕛ὒ ṯ㦖 ₆⻫✺㧊 ㌂㣿♮ἶ 㧞㰖Ⱒ Ⱔ㦖 㧎⩻, 㔲 Ṛὒ 㧦㤦㧊 ㏢⳾♲┺. 㧊⯒ ⽊㢚䞮₆ 㥚䟊 䀾㟓㩦 㧦☯䢪 䎢㓺䔎 ₆⻫✺㧊 䢲⹲䧞 㡆ῂ♮ἶ 㧞㦒Ⳇ ╖ 䚲㩗㦒⪲ 䗒㰫 (Fuzzing)₆⻫㧊 㧞┺. ⽎ ⏒ⶎ㦖 㧊⩂ 䞲 䗒㰫 ₆⻫㠦 ╖䟊 㞢㞚⽊Ⳇ 㾲⁒ ₆㫊 䗒㰫 ₆⻫ 㦮 ┾㩦㦚 ⽊㢚䞮₆㥚䟊 䗒㰫ὒ 㧎Ὃ㰖⓻㦚 ἆ䞿䞮⓪ 㡆ῂ㠦 ╖䟊 ㍲㑶䞲┺. 2. 碂滛決岆? 䗒㰫 (Fuzzing)㧊⧖, ㏢䝚䔎㤾㠊 䎢㓺䔎 ₆⻫㦒⪲ 䝚 ⪲⁎⧾㠦 ╖䟊 ⶊ㑮䞲 㡂⩂ ◆㧊䎆⯒ 㧛⩻䞮㡂 䝚⪲ ⁎⧾㦮 㿿☢㧊 ⹲㌳䞮⓪ 䝚⪲⁎⧾ 䀾㟓㩦㦮 㥚䂮⯒ 㺔㞚⌊⓪ ₆⻫㧊Ⳇ 㭒⪲ ㏢䝚䔎㤾㠊⋮ 䅊䜾䎆 㔲㓺䎲 ✺㦮 ⽊㞞 䀾㟓㩦㦚 䕢㞛䞮ἶ 㩫㦮♮㰖 㞠㦖 㡗㡃㦚 Ỗ㯳䞮₆ 㥚䟊 ㌂㣿♲┺. 㧊⩂䞲 䗒㰫 ₆⻫㦮 ₆㤦㦖 ⰺ㤆 㤆㡆㩗㧊┺. 㧻Ⱎ㻶 㩚㧦₆ Ṛ㎃㦒⪲ 㧎䟊 䝚⪲ ⁎⧾㠦 㧚㦮㦮 Ṩ✺㧊 ⶊ㧧㥚⪲ 㧛⩻♮㠊 䝚⪲⁎⧾㦮 㿿☢㧊 ⹲㌳䞮㡖ἶ 㧊⯒ 䐋䟊 ⶊ㧧㥚⪲ ㌳㎇♲ 㧛⩻ 㧊 䝚⪲⁎⧾㦮 䀾㟓㩦㦚 ⹲䡚 㔲䌂 㑮 㧞┺⓪ ộ㧊 ⹲ἂ♮㠞┺ [1]. 䗒㰫㦖 㭒㠊㔶 㔲Ṛ ☯㞞 㾲╖䞲 Ⱔ 㦖 䝚⪲⁎⧾㦮 䀾㟓㩦㦚 㺔㞚⌊⓪ 㧛⩻ ◆㧊䎆⯒ 㺔 㞚⌊⓪ 㾲㩗䢪 ⶎ㩲㧊㰖Ⱒ 䀾㟓㩦㧊 䝚⪲⁎⧾ ⌊㠦 ✲ⶎ✲ⶎ䞮Ợ 㥚䂮䞮₆ ➢ⶎ㠦 䗒㰫㦮 ㎇⓻㦖 㭒⪲ 䝚⪲⁎⧾㦮 䆪✲⯒ 䄺⻚䞲 㩫☚⪲ 䘟Ṗ♲┺. 2.1 䗒㰫 ₆⻫㦮 ⿚⮮ 䗒㰫 ₆⻫㦖 䝚⪲⁎⧾㦮 㩫⽊⯒ 䢲㣿䞮⓪ 㩫☚㠦 ➆⧒ な⧯⹫㓺 (black-box) 䗒㰫, 䢪㧊䔎⹫㓺 (white-box) 䗒㰫, ⁎⩞㧊⹫㓺 (gray-(white-box) 䗒㰫㦒⪲ ⿚⮮䞶 㑮 㧞┺. な⧯⹫㓺 䗒㰫㦖 ╖㌗ 䝚⪲⁎⧾㦮 ⌊⿖ 㩫⽊⯒ ㌂㣿䞮㰖 㞠ἶ ╖㌗ 䝚⪲⁎⧾㦮 㧛⩻ὒ 㿲⩻ ◆㧊䎆

272

Ⱒ ㌂㣿䞮⓪ 䗒㰫 ₆⻫㧊┺. ╖䚲㩗㦒⪲ SPIKE [2], BFF (Basic Fuzzing Framework) [3], FOE (Failure Observation Engine) [4] ❇㧊 㧞┺. 䢪㧊䔎⹫㓺 䗒㰫㦖 ╖㌗ 䝚⪲⁎⧾㦮 ⌊⿖ ῂ㫆㢖 㔺䟟 㭧 ⹲㌳䞮⓪ 㩫⽊ ✺㦚 ㌂㣿䞮⓪ 䗒㰫 ₆⻫㧊┺. ╖䚲㩗㦒⪲, ⁎⩞㧊⹫ 㓺 䗒㰫㦖 な⧯⹫㓺㢖 䢪㧊䔎⹫㓺㦮 㭧Ṛ㩗㧎 䔏㎇㦚 Ṗ㰖Ⳇ ╖㌗ 䝚⪲⁎⧾㦮 ⌊⿖ 㩫⽊㢖 㔺䟟 㭧 ⹲㌳䞮 ⓪ 㩫⽊ 㧒⿖⯒ ㌂㣿䞮⓪ 䗒㰫 ₆⻫㧊┺. ╖䚲㩗㦒⪲, AFL (America Fuzzy Loop) [5], VUzzer [6] ❇㧊 㧞┺.

⡦䞲, 䗒㰫 ₆⻫㦖 㧛⩻ ◆㧊䎆⯒ ㌳㎇䞮⓪ ⻫㠦 ➆⧒ ⚦Ṗ㰖⪲ ῂ⿚䞶 㑮 㧞┺. ㌳㎇ ₆⹮ (Generation-based) 䗒㰫㦖 ◆㧊䎆㦮 ῂ㫆 ⹥ 䝚⪲䏶䆲 㦚 㧊䟊䞮㡂 䝚⪲⁎⧾㠦 㩗䞿䞲 㧛⩻ ◆㧊䎆⯒ ㌳㎇ 䞮⓪ ₆⻫㧊┺. ㌳㎇♶ 㧛⩻ ◆㧊䎆㦮 ῂ㫆 ⹥ 䝚⪲ 䏶䆲㦚 㧊䟊䞮₆ ➢ⶎ㠦 㥶䣾䞲 㧛⩻ ◆㧊䎆⯒ 㧮 ῂ ㎇䞶 㑮 㧞㰖Ⱒ Ⱔ㦖 㔲Ṛ㧊 ㏢㣪 ♶ 㑮 㧞┺. ⼖㧊 ₆⹮ (Mutation-based) 䗒㰫㦖 㧛⩻ ◆㧊䎆⯒ 䔏㩫䞮㡂 ⁎ 㧛⩻ ◆㧊䎆㠦 ╖䟊 㫆⁞㝿 ⼖㧊⯒ 㭒㠊 ㌞⪲㤊 㧛⩻ ◆㧊䎆⯒ ㌳㎇䞮⓪ ₆⻫㦒⪲ 㡂₆㍲ 䔏㩫♲ 㧛 ⩻ ◆㧊䎆⓪ 㭒⪲ 㝾✲ (seed) ◆㧊䎆⧒ 䐋䃃♲┺. ⼖ 㧊 ₆⹮ ₆⻫㦖 㝾✲ ◆㧊䎆㠦 ⶊ㧧㥚㩗㦒⪲ ⼖䡫㦚 㭒⓪ ₆⻫㧊₆ ➢ⶎ㠦 Ⱔ㦖 㔲Ṛ㧊 ㏢㣪♮㰖 㞠㰖Ⱒ 㥶䣾䞮㰖 㞠㦖 㧛⩻ ◆㧊䎆Ṗ ㌳㎇♮⓪ ἓ㤆Ṗ Ⱔ㞚 ⲣ㼃䞲 (dumb) 䗒㰫㧊⧒ ⿞Ⰲ₆☚ 䞲┺. 3. 汾汾击滆垫汊 筢殯穢 碂滛 䗒㰫 ₆⻫㦮 㔲㽞⓪ ◆㧊䎆⯒ ⶊ㧧㥚⪲ ㌳㎇䞮⓪ ộ㧊㠞㰖Ⱒ, 㧚㦮㦮 Ṩ㦚 ⶊ㧧㥚⪲ ㌳㎇䞮⓪ ộ㦖 Ⱔ 㦖 㔲Ṛὒ ゚㣿㦚 ㏢⳾䞮Ⳇ 㥶䣾䞮㰖 㞠㦖 㧛⩻ ◆㧊 䎆⯒ Ⱒ✺ Ṗ⓻㎇㧊 ⰺ㤆 ⏨㞚 ゚䣾㥾㩗㧊┺. ⁎⩝₆ 㠦 ┺㑮㦮 䗒㰫 ₆⻫㦖 㰚䢪 㞢ἶⰂ㯮 (Evolutionary algorithm)㦚 ㌂㣿䞲┺. 㰚䢪 㞢ἶⰂ㯮㦖 ㎎╖㠦 Ỏ㼦 㧛⩻ ◆㧊䎆⯒ ㌳㎇䞮⓪ ⹿⻫㦒⪲ 㧊㩚 ㎎╖㠦㍲ 㥶 㣿䞮Ợ ㌂㣿♮㠞▮ 㧛⩻㦚 Ἶ⧒ ┺㦢 ㎎╖㠦㍲ 㨂㌂ 㣿䞮㡂 ⶊ㧧㥚 ㌳㎇ ⹿⻫⽊┺ 䣾㥾㎇㦚 ⏨㧒 㑮 㧞ἶ 㔲Ṛ☚ 㩞㟓䞶 㑮 㧞┺. 㾲⁒㠦⓪ 䗒㰫 ₆⻫㠦 㧎Ὃ㰖⓻㦚 ἆ䞿䞮㡂 ⽊┺ 䣾㥾㩗㦒⪲ 䝚⪲⁎⧾ 䀾㟓㩦㦚 Ỗ㯳䞮⓪ 㡆ῂṖ 䢲⹲ 䧞 㰚䟟♮ἶ 㧞┺. ₆㫊 㰚䢪 㞢ἶⰂ㯮 (Evolutionary Algorithm)㦚 ㌂㣿䞮⓪ ⹿⻫㦖 㔲Ṛ㩗 㧊㩦㦚 Ṗ㰖㰖 Ⱒ ⶊ㧧㥚㩗㦒⪲ ⼖䡫㦚 㰚䟟䞮Ⳋ㍲ 㥶䣾䞮㰖 㞠㦖 㧛⩻ ◆㧊䎆⯒ ┺㑮 ㌳㎇䞶 Ṗ⓻㎇㧊 ⏨┺⓪ ┾㩦㦚 Ṗ㰚┺. 㧊⩂䞲 ┾㩦㦚 ⽊㢚䞮₆㥚䟊, ◆㧊䎆㦮 䕾䎊 㦚 䞯㔋䞶 㑮 㧞⓪ 㧎Ὃ㰖⓻ ₆㑶ὒ 䗒㰫㦚 ἆ䞿䞮⓪ 㡆ῂṖ Ⱔ㧊 㰚䟟♮ἶ 㧞┺. ⁎ 㭧 㧎Ὃ 㔶ἓⰳ㦚 䐋 䟊 㧛⩻ ◆㧊䎆㢖 㿲⩻ ◆㧊䎆 Ṛ㦮 ὖἚ⯒ 䕢㞛䞮⓪ Neuzz [7]㢖 䗒㰫㠦 䣾ὒ㩗㧎 㧛⩻ ◆㧊䎆⯒ ㌳㎇䞮₆

㥚䟊 㧎Ὃ 㔶ἓⰳ㦚 ㌂㣿䞮⓪ Learn & Fuzz [8]ὒ ṫ䢪 䞯㔋 (Reinforcement learning)㦚 䗒㰫㠦 䢲㣿䞮⓪ Deep Reinforcement Fuzzing [9]㠦 ╖䟊 ㍲㑶䞲┺.

3.1 Neuzz

Neuuz ⓪ 䝚⪲⁎⧾㦮 㠹㰖 䄺⻚Ⰲ㰖 (Edge coverage) ◆㧊䎆⯒ ㌂㣿䞮⓪ ⁎⩞㧊⹫㓺 䗒㰫 ₆⻫㦒⪲ 㔶ἓⰳ (Neural Network)㦚 䐋䟊 㿲⩻ ◆㧊䎆 Ṛ㦮 ὖἚ⯒ 㧊 䟊䞮㡂 㧛⩻ ◆㧊䎆Ṗ 㿲⩻ ◆㧊䎆㠦 ⋒䂮⓪ 㡗䟻⩻ 㦚 ⿚㍳䞮㡂 㧛⩻ ◆㧊䎆㠦㍲ 㿲⩻ ◆㧊䎆㠦 ⏨㦖 㡗 䟻⩻㦚 ⋒䂮⓪ ⿖⿚㦚 ⼖㧊䞮㡂 ⽊┺ 䣾ὒ㩗㦒⪲ 䝚 ⪲⁎⧾㦮 䀾㟓㩦㦚 㺔⓪┺. 㔶ἓⰳ㦖 ╖㌗ 䝚⪲⁎⧾ 㦮 ぢ⧲䂮 䟟☯ (Branch behavior)ὒ ὖ⩾♲ 㧛⩻ ◆㧊 䎆Ṛ㦮 ὖἚ⯒ ゚㍶䡫 䞾㑮⪲ ⁒㌂䢪䞮㡂 㧛⩻ ◆㧊 䎆㠦 ➆⯎ ╖㌗ 䝚⪲⁎⧾㦮 䄾䔎⪺ 䝢⪲㤆 㠹㰖 (Control flow edge)⯒ 㡞䁷䞲┺. 䞯㔋♲ 㔶ἓⰳ㦚 䢲㣿 䞮㡂 㧛⩻ ◆㧊䎆㠦㍲ ♮Ⳋ 㿲⩻ ◆㧊䎆㠦 䋆 ⼖䢪⯒ 㭚 㑮 㧞⓪ ⿖⿚㦚 ⼖㧊䞮㡂 䀾㟓㩦 䌦㰖⯒ 㥚䞲 㧛 ⩻ ◆㧊䎆⯒ ㌳㎇䞲┺. ⡦䞲 ㌳㎇♲ ㌞⪲㤊 㧛⩻ ◆ 㧊䎆⪲ ┺㔲 㔶ἓⰳ㦚 䞯㔋㔲䅲 㔶ἓⰳ㧊 ₆㫊 㧛⩻ ◆㧊䎆㢖 ㌳㎇♲ 㧛⩻ ◆㧊䎆㠦 ╖䞲 䞯㔋㦚 㯳㰚㔲 䅲 ⏨㦖 ㎇⓻㦚 ⽊㡖┺.

3.2 Learn & Fuzz

Learn & Fuzz ⓪ 㔶ἓⰳὒ ㌮䝢 㧛⩻ ◆㧊䎆⯒ ㌂㣿 䟊 ⶎ⻫ ₆⹮ (Grammar-based) 䗒㰫㦚 㥚䞲 㧛⩻ ◆㧊 䎆⯒ ㌳㎇䞮⓪ ₆⻫㧊┺. Learn & Fuzz 㦮 ⳿䚲⓪ ╖㌗ 䝚⪲⁎⧾㦮 䆪✲ 䄺⻚Ⰲ㰖⯒ 㾲╖䢪䞮₆ 㥚䞲 㧛⩻ ◆㧊䎆⯒ ㌳㎇䞮⓪ ộὒ ╖㌗ 䝚⪲⁎⧾㦮 㩫㦮♮㰖 㞠㦖 㡗㡃㦚 Ỗ㯳䞮₆ 㥚䞲 㧛⩻ ◆㧊䎆⯒ ㌳㎇䞮⓪ ộ㧊┺. 㧊⯒ 㥚䟊 Learn & Fuzz ⓪ ㌞⪲㤊 㧛⩻ ◆㧊 䎆⯒ ㌳㎇䞮₆ 㥚䟊 ┺㦢㠦 㢂 Ṩ㦚 㡞䁷䞶 㑮 㧞⓪ 㔶ἓⰳ㦮 䞲 㫛⮮㧎 RNN (Recurrent Neural Network)㦚 ㌂㣿䞮Ⳇ ╖㌗ 䝚⪲⁎⧾ὒ 㧛⩻ ◆㧊䎆⓪ PDF (Portable Documents Format)Ṗ ╖㌗㧊┺. Learn & Fuzz ⓪ ㎎Ṗ㰖 ⹿⻫㦚 䐋䟊 ㌞⪲㤊 PDF ◆㧊䎆⯒ ㌳㎇䞲 ┺. 㼁⻞㱎 ⹿⻫㦖 ⛺㠦 㧊㠊㰞 Ṗ㧻 ⏨㦖 䢫⮶㦮 ⶎ 㧦⯒ ㍶䌳䞮⓪ ộ㧊ἶ, ⚦⻞㱎 ⹿⻫㦖 ⛺㠦 㧊㠊㰞 ⶎ㧦⯒ 䢫⮶㩗㦒⪲ ㍶䌳䞮⓪ ộ㧊ἶ, ㎎⻞㱎 ⹿⻫㦖 㥚㦮 ⚦ ⹿⻫㦚 䞿䂲 ộ㦒⪲ 㞴㦮 ⶎ㧦Ṗ Ὃ⺇㦒⪲ ⊳⋶ ➢⓪ ⚦⻞㱎 ⹿⻫㦚 ㌂㣿䞮ἶ 㞚┦ ἓ㤆㠦⓪ 㼁 ⻞㱎 ⹿⻫㦚 ㌂㣿䞮⓪ ộ㧊┺. 㧊⩂䞲 Learn & Fuzz ⓪ 㻮㦢㦒⪲ 㔶ἓⰳ ₆⹮ 䢫⮶㩗 䞯㔋 ₆⻫㦚 ㌂㣿䞮㡂 ⶎ⻫ ₆⹮㦮 䗒㰫㦚 㥚䞲 䝚⪲⁎⧾ 㧛⩻ ◆㧊䎆⯒ ㌳ ㎇䞮㡖㦒Ⳇ 䞯㔋♲ 㔶ἓⰳ ⳾◎㦚 䐋䟊 㥶䣾䞮Ⳇ 䝚 ⪲⁎⧾㦮 䄺⻚Ⰲ㰖⯒ ⏨㧒 㑮 㧞⓪ 㧛⩻ ◆㧊䎆⯒ ㌳ ㎇䞮㡖┺.

273

3.2 Deep Reinforcement Fuzzing

Deep Reinforcement Fuzzing 㦖 ṫ䢪 䞯㔋㦚 䗒㰫㠦 ㌂㣿䞲 ⹿⻫㦒⪲ ṫ䢪 䞯㔋㦖 䢮ἓ (Environment), 䟟 㥚 (Actions), ⽊㌗ (Reward)⯒ ₆⽎ 㣪㏢⪲ Ṗ㰖Ⳇ, 䢮 ἓὒ ㏢䐋䞮Ⳇ 䟟㥚⯒ 䞮㡂 ⽊㌗㦚 㠑⓪ 㠦㧊㩚䔎 (Agent)Ṗ 㫊㨂䞲┺. 㠦㧊㩚䔎㦮 ⳿㩗㦖 㾲╖䞲 Ⱔ㦖 ⽊㌗㦚 㠑⓪ ộ㧊┺. 㧊⩂䞲 㠦㧊㩚䔎Ṗ 㧛⩻ ◆㧊䎆 㠦 ╖䟊 䟟㥚⯒ 㑮䟟䞮㡂 ㌞⪲㤊 㧛⩻ ◆㧊䎆⯒ ㌳㎇ 䞮ἶ ㌳㎇♲ ◆㧊䎆Ṗ 䝚⪲⁎⧾㦮 䀾㟓㩦㦚 Ⱔ㧊 㺔 㞚⌊Ệ⋮ 䝚⪲⁎⧾㦮 䆪✲ 䄺⻚Ⰲ㰖⯒ 㯳Ṗ㔲䌂㑮⪳ ⏨㦖 ⽊㌗㦚 ⹱⓪ ὒ㩫㦚 ➆⯎┺. 㧊 ὒ㩫㦚 䐋䟊 㠦 㧊㩚䔎⓪ 㾲╖䞲 Ⱔ㦖 ⽊㌗㦚 㠑₆ 㥚䟊 㥶䣾䞮ἶ 䗒 㰫 ㎇⓻㧊 㫡㦖 㧛⩻ ◆㧊䎆⯒ ㌳㎇䞮Ợ ♲┺. ṫ䢪 䞯㔋㦖 㧎Ὃ㰖⓻ ⿚㟒 㭧㠦㍲☚ 㾲⁒ 䢲⹲䞮Ợ 㡆ῂ ♮ἶ 㧞⓪ ⿚㟒⪲ 㞴㦒⪲ ▪㤇 ⹲㩚䞮㡂 䗒㰫ὒ ἆ䞿 ♲┺Ⳋ ⏨㦖 ㎇⓻㦚 ⽊㧒 㑮 㧞㦚 ộ㦒⪲ ₆╖♲┺. 4. 冶冶嵦 㤆Ⰲ㦮 ㌌ Ṗ₢㤊 Ὁ㠦㍲ 䞾℮䞮ἶ 㧞⓪ 䅊䜾䎆 䝚 ⪲⁎⧾㦮 ⳿㩗ὒ ₆⓻㧊 ┺㟧䟊㰖Ⳋ㍲ ⁎㠦 ➆⯎ ⽊ 㞞㦮 䞚㣪㎇ ⡦䞲 䋂Ợ 㯳Ṗ䞮ἶ 㧞┺. 㧊⪲ 㧎䟊, 䝚 ⪲⁎⧾㦮 䀾㟓㩦㦚 Ỗ㯳䞮₆ 㥚䞲 ₆⻫✺㠦 ╖䞲 㡆 ῂṖ 㰚䟟 㭧㧊Ⳇ 䔏䧞 㧦☯䢪 ㏢䝚䔎㤾㠊 䎢㓺䕛 ₆ ⻫㧎 䗒㰫㠦 ╖䞲 㡆ῂṖ 䢲⹲䧞 㰚䟟♮ἶ 㧞┺. 㾲 ⁒㠦⓪ 㩚䐋㩗㧎 䗒㰫 ₆⻫㦮 䞲Ἒ㩦㦚 㧎Ὃ㰖⓻ ₆ 㑶㦚 䐋䟊 ⽊㢚䞮⓪ ₆⻫㧊 㡆ῂ♮ἶ 㧞㦒Ⳇ ⏨㦖 䣾 㥾㎇ὒ 㫡㦖 ㎇⓻㦚 ⽊㧊ἶ 㧞㠊 䋆 ⹲㩚㧊 ₆╖♮ἶ 㧞┺.  5. ACKNOWLEDGEMENT 㧊 ⏒ⶎ㦖 2020 ⎚☚ 㩫⿖(ὒ䞯₆㑶㩫⽊䐋㔶⿖)㦮 㨂㤦㦒⪲ 䞲ῃ㡆ῂ㨂┾㦮 㰖㤦 (NRF-2017R1A2A1A17069478), 2020 ⎚☚ ⚦␢䞲ῃ 21 䝢⩂㓺 ㌂㠛㠦 㦮䞮㡂 㰖㤦♮㠞ἶ 2020 ⎚☚ 㩫⿖(ὒ䞯₆㑶㩫 ⽊䐋㔶⿖)㦮 㨂㤦㦒⪲ 㩫⽊䐋㔶₆䣣䘟Ṗ㤦㦮 㰖㤦㦚 ⹱㞚 㑮䟟♲ 㡆ῂ㧚 (No.2018-0-00230, (IoT 㽳὚/1 ㎎ ⿖) IoT ❪⹪㧊㓺 㧦㥾 㔶⬆⽊㧻 ₆㑶 ⹥ ⁖⪲⻢ 䚲㭖 ₆⹮ IoT 䐋䞿⽊㞞 㡺䝞 䝢⨁䙒 ₆㑶Ṳ⹲ [TrusThingz 䝚⪲㩳䔎]) 焾処怾竒

[1] Barton P. Miller, Louis Fredriksen, Bryan So, “An Empirical Study of the Reliability of UNIX Utilities.” Communications of the ACM, 33(12):33–44, December 1990.

[2] D. Aitel, “An introduction to SPIKE, the fuzzer creation kit,” in Proceedings of the Black Hat USA, 2001.

[3] CERT, “Basic Fuzzing Framework,” https://www.cert.org/vulnerability-analysis/tools/bff.cfm. [4] “Failure Observation Engine,”

https://www.cert.org/vulnerability-analysis/tools/foe.cfm [5] M. Zalewski, “American Fuzzy Lop,”

http://lcamtuf.coredump.cx/afl/.

[6] S. Rawat, V. Jain, A. Kumar, L. Cojocar, C. Giuffrida, and H. Bos, “VUzzer: Application-aware evolutionary fuzzing,” in Proceedings of the Network and Distributed System Security Symposium, 2017.

[7] Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, Suman Jana. “Neuzz: Efficient fuzzing with neural program learning.” In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 2019.

[8] P. Godefroid, H. Peleg, and R. Singh, “Learn&fuzz: Machine learning for input fuzzing,” CoRR, vol. abs/1701.07232, 2017.

[9] Konstantin Bottinger, Patrice Godefroid, Rishabh Singh. “Deep reinforcement fuzzing.” 2018 IEEE Security and Privacy Workshops, SP Workshops 2018, San Francisco, CA, USA, May 24, 2018, pages 116–122, 2018.

274