Registered user since Thu 18 Mar 2021
Contributions
Research Papers
Wed 12 Oct 2022 14:30 - 14:50 at Ballroom C East - Technical Session 13 - Application Domains Chair(s): Andrea StoccoIoT devices have been under frequent attacks in recent years, causing severe impacts. Previous research has shown the evolution and features of some specific IoT malware families or stages of IoT attacks through offline sample analysis. However, we still lack a systematic observation of various system resources abused by active attackers and the malicious intentions behind these behaviors. This makes us difficult to design appropriate protection strategies to defend against existing attacks and possible future variants.
In this paper, we fill this gap by analyzing 117,862 valid attack sessions captured by our dedicated high-interaction IoT honeypot, HoneyAsclepius, and further discover the intentions in our designed workflow. HoneyAsclepius enables high capture capability as well as continuous behavior monitoring during active attack sessions in real-time. Through a large-scale deployment, we collected 11,301,239 malicious behaviors originating from 50,594 different attackers. Based on this information, we further separate the behaviors in different attack sessions targeting distinct categories of system resources, estimate the temporal relations and summarize their malicious intentions behind. Inspired by such investigations, we present several key insights about abusive behaviors of the file, network, process, and special capability resources, and further propose practical defense strategies to better protect IoT devices.
Research Papers
Tue 11 Oct 2022 12:00 - 12:20 at Banquet B - Technical Session 3 - Fuzzing I Chair(s): Aravind MachiryFuzzing is a promising approach to testing DBMS. One crucial component in DBMS fuzzing is grammar: since DBMSs enforce strict validation on inputs, a grammar improves fuzzing efficiency by generating syntactically- and semantically-correct SQL statements. However, due to the vast differences in the complex grammar of various DBMSs, it is painstaking to adapt these fuzzers to them. Considering that lots of DBMSs are not yet well tested, there is an urgent need for an effective DBMS fuzzing approach that is free from grammar dependencies. In this paper, we propose Griffin, a grammar-free DBMS fuzzer. Rather than relying on grammar, Griffin summarizes the DBMS’s state into metadata graph, a lightweight data structure which improves mutation correctness in fuzzing. Specifically, it first tracks the metadata of the statements in built-in SQL test cases as they are executed, and constructs the metadata graph to describe the dependencies between metadata and statements iteratively. Based on the graphs, it reshuffles statements and employs metadata-guided substitution to correct semantic errors. We evaluate Griffin on four popular DBMSs, namely MariaDB, SQLite, PostgreSQL, and DuckDB. Griffin covers 27.79%-155.71%, 96.75%-455.82%, 32.99%189.36% more branches, and finds 19, 19, and 15 more bugs in 12 hours than SQLancer, SQLsmith, and Squirrel, respectively. In total, Griffin finds 55 previously unknown bugs and 13 of them have been confirmed as CVEs in the National Vulnerability Database.
