Vulnerable software represents a tremendous threat to modern information systems. Vulnerabilities in widespread applications may be used to spread malware, steal money and conduct target attacks. To address this problem, developers and researchers use different approaches of dynamic and static software analysis; one of these approaches is called fuzzing. Fuzzing is performed by generating and sending potentially malformed data to an application under test. Since first appearance in 1988, fuzzing has evolved a lot, but issues which addressed to effectiveness evaluation have not fully investigated until now. In our research, we propose a novel approach of fuzzing effectiveness evaluation and improving, taking into account semantics of executed code along with a quantitative assessment. For this purpose, we use specific metrics of source code complexity assessment specially adapted to perform analysis of machine code. We conducted effectiveness evaluation of these metrics on 104 wide-spread applications with known vulnerabilities. As a result of these experiments, we were able to identify the best metrics that is more suitable to find bugs. In addition we proposed a set of open-source tools for improving fuzzing effectiveness. The experimental results of effectiveness assessment have shown viability of our approach and allowed to reduce time costs for fuzzing campaign by an average of 26-28% for 5 well-known fuzzing systems.
Currently, the training of students-future specialists in information security is significantly modified. The necessary skills of such a specialist now include "soft skills", super-professional skills that are responsible for the effectiveness of participation in the work process. Information security itself is becoming an integral part of business modeling. This raises the question of choosing the most effective technologies for developing such skills, expressed in the relevant competencies of an information security specialist. The purpose of the study is to evaluate the use of gamification elements in the process of training students-future information security specialists. The research was conducted at the Siberian State University of Science and Technology, at the Department of Information technology security, as well as in the framework of the project «Development of a package of game cases for the discipline «Information security management»». In total, 182 students of the 3rd-5th year of specialty, 1-2 year of master's degree, as well as students of the 4th year of bachelor's degree in Information security took part in pedagogical and experimental work. The study shows that the time required to complete tasks to master the competence decreases (the time is reduced by up to 30% during the semester), and it is also noted that students who are able to master the competence received results at the beginning of the course. At the same time, the share of passively participating in the course elements in small groups is reduced to no more than 10%, and the number of non-participants in the development is practically reduced to zero. The results of the study selective response of participants in networked collaboration showed that the involvement and study of the material remains at a consistently high level as in previous years, and the time slice at the end of the experiment. For example, the assessment of the project organizers ' communication in the social network Vkontakte for 4 years of the project: 100% of participants are connected directly through at least one project participant; 93.75% are listed as friends of at least one project participant, the share of high-intensity information connections was 21.87%.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.