🤖 AI Summary
Existing methods for generating ReDoS attack strings often fail to effectively trigger vulnerabilities in real-world systems due to their reliance on excessively long inputs or the absence of program-level validation. This work proposes an efficient and practical approach that first formally identifies three classes of verifiable vulnerable regex patterns and then combines pattern-guided string synthesis with a ReDoS-specific compositional concolic execution technique. This strategy generates attack payloads that adhere to realistic length constraints while ensuring they induce resource exhaustion within actual program contexts. Experimental evaluation demonstrates that the proposed method substantially improves the success rate of triggering ReDoS vulnerabilities in real programs, thereby enhancing the practicality of both vulnerability detection and mitigation.
📝 Abstract
ReDoS attacks constitute a critical class of resource-exhaustion vulnerabilities. In such attacks, adversaries exploit the pathological worst-case execution behavior of regular expression (regex) engines to induce highly asymmetric computational workloads, ultimately exhausting system resources and degrading service availability. To protect systems against ReDoS attacks, numerous detection techniques have been proposed that simulate the attack process by generating attack strings to proactively exploit ReDoS vulnerabilities at the early development stage and facilitate remediation. Existing techniques broadly fall into two classes: static analyses that search for pathological regex structures, and dynamic exploration methods that synthesize candidate attack strings. However, the generated attack strings are often impractical for real-world exploitation because they usually assume unrealistic input-length budgets and do not validate the effectiveness and efficiency of the attack at the program level. Therefore, many generated strings fail to trigger vulnerable regexes when applied to real-world programs, further limiting the practical utility. To address these shortcomings, we introduce an effective and efficient attack string generator, PUFFERDOS, designed to synthesize attack inputs that are both feasible within realistic length budgets and validated at the program level, enabling effective exploitation of ReDoS vulnerabilities in real-world programs. Specifically, we first define three vulnerable patterns based on our observation and formal verification. According to the patterns, PUFFERDOS conducts a synthesis technique to generate attack strings, and then refines and validates the strings with ReDoS-specific compositional concolic execution to guarantee real-world exploitability.