Deuxième Année    Informatique    Sécurité    4MMSR-mini research project 

Antivirus Fuzzer

This is a "mini" research project for the course 4MMSR-Network Security

Keywords

fuzzing,antivirus,file fuzzing, grammar based fuzzing

Description

{{{description}}}

Expected output

• choice of a given antivirus (see http://www.filehippo.com )
• analysis and documentation of the antivirus attack surface
• for the targeted inputs:
  • naive random based fuzzer
  • infer the grammar of a set of file, and generate mutations
  • compare those techniques (metrics to be defined)

if time permits:

• apply genetic programming grammar based fuzzing in a black-box fashion

Research Questions

{{{research_questions}}}

References

• Attacking AntiVirus, Fen Xue, 2008 (whitepaper) Attacking AntiVirus, Fen Xue, 2008 (slides)
• Vxfuzz, Tavis Ormandy, 2007
• pages 4-6 of Security Testing Of Web Browser and the associated tool OUSPG Radamsa
• A study of anti-virus’ response to unknown threats, Devine, C. and Richaud, N., EICAR 2009

Tools

{{{tools}}}

Results

{{{results}}}

Get Started!

• create an archive on the ensimag server, so that only your team members and I have access to it.
• Créer_une_archive_partagée_avec_Git
• obviously, do not forget to send me the path afterwards

Contacts

Fabien Duchene