Automatic Defense Through Fault Localization and Dynamic Patch Creation

Abstract

The US Department of Defense has called for contest on automatic attack and defense. The contest is a competition, called Cyber Grand Challenge (CGC), aimed at developing cyber security systems. In accordance with the competition rules, we developed an automatic cyber reasoning system (CRS) that meets the objectives specified in the CGC. Our CRS combines the techniques of fuzz testing, fault localization, and binary patch creation to construct an automatic defense system. From the sample problems in the CGC, we evaluate our system and the binary patch capability by applying them to real programs. We explore two patching methods in five challenges in CGC with partial successes in availability and security.