Tim Bass
Sun, 04 Nov 2007 10:34:48 +0000
Fuzzing, from a security*perspective, is when an automated*program searches*for IT*vulnerabilities by sending random input to an application.** Fuzzers are*sometimes referred to as fault injector and*are used by hackers to*find buffer overflows and other*application flaws*such as SQL injection, XSS, and format string vulnerabilities.
In the past few years fuzzing is being increasing used by criminals to search for on-line vulnerabilities that can be exploited; and for this reason, fuzzing is a serious threat to ecommerce and other online business applications.
How would an organization detect fuzzing?
Bayesian classifiers are used to detect spam, denial of service attacks, fraud, and other complex data sets; so it makes perfect sense to use Bayesian techniques to detect fuzzing.* However, I have searched the network have not yet found an implementation of a Bayesian classifier specifically*to detect fuzzing in*real-time.*
If anyone knows of a (Java-based) Bayesian classifer that would be a good starting point for the real-time detection of fuzzing, please let me know.* Thanks!
Source...