Using Bayesian Classifiers to Detect Fuzzing
Fuzzing, from a security perspective, is when an automated program searches for IT vulnerabilities by sending random input to an application. Fuzzers are sometimes referred to as fault injectors and are used by hackers to find buffer overflows and other application flaws such as SQL injection, XSS, and format string vulnerabilities.
In the past few years fuzzing is being increasing used by criminals to search for on-line vulnerabilities that can be exploited; and for this reason, fuzzing is a serious threat to ecommerce and other online business applications.
How would an organization detect fuzzing?
Bayesian classifiers are used to detect spam, denial of service attacks, fraud, and other complex data sets; so it makes perfect sense to use Bayesian techniques to detect fuzzing. However, I have searched the network have not yet found an implementation of a Bayesian classifier specifically to detect fuzzing in real-time.
If anyone knows of a (Java-based) Bayesian classifer that would be a good starting point for the real-time detection of fuzzing, please let me know. Thanks!
Filed under: Complex Event Processing, Fraud Detection, Intrusion Detection, Security Event Management, Sensor Fusion, Use Cases
Although I haven’t heard of using CEP to detect fuzzing, I’ve heard of using conditional statements to check for common fuzz strings: i.e. If an input value begins with the substring “AAAAA” then mark it as invalid; an extremely long string composed of numerous A’s is typically used to check for buffer overflows. Of course the problem with this is that the fuzzer would change the string to “BBBBB” so I can see how Bayesian Classifiers could perhaps detect/prevent fuzz testers but the real underlying problem that needs to be fixed is that the software is insecure. If the software is resistant to attack it won’t matter that it’s being fuzzed.