Research On Fuzzy Technology Based On Co-evolution Genetic Algorithm

In 21st century, with the growing numbers of software vulnerability and its increasing of destructive, Researchers are increasingly concerned about the technology of software security vulnerabilities discovering.And fuzzy test is a widely used automatic vulnerability discovery technique. However, the low code coverage and inefficient automatically parse are the disadvantages of the existing fuzzy techniques.In order to improve the efficiency of protocol fuzzing, this paper does a further research about the fuzzing based on Genetic Algorithm.In the fuzzy test, if we use code coverage to evaluate the fitness value, the test data will evolve into a higher code coverage data. Then the efficiency of the test will increase. Additional, if a test sample covers the new basic block in the actual testing process, a new test sample generated from the sample as a seed can have a higher probability of covering other undiscovered basic block; That means in order to expand the test searching space, we evaluate the fitness value of the individual by adding the coverage of basic block. Similarly, doing further tests about this path will gain a higher chance of to trigger exceptions and vulnerabilities. Therefore, in order to improve the effect of vulnerabilities discovered, we propose the fitness evaluation of genetic algorithm should base on the code coverage information and unsafe functions covered information.In terms of traditional genetic algorithm,its’ purpose is searching the optimal value in the space, and its’ defect is easily fall into local optimum and so on, which converge to an optimal path and result in the low code coverage problems. We propose the use of a variety of species cooperative evolutionary genetic algorithm to guide the evolution of the test sample for this problem, in which different sub-populations are divided into different searching spaces and simultaneously changes the scale of sub-populations to optimize the evolutionary efficiency of entire population, thus we are able to maintain the diversity of the population and broaden the search range to cover more codes of under test systems to improve the coverage rate of test codes.Finally, In order to design and implement a prototype testing tool based on our method, we use IDA pro tools as a preliminary static analysis tool. And we using this prototype tools to do a set of experiments, the results show that the test tool can effectively find software security vulnerabilities and improve the coverage of the code.