Research On Vulnerability Mining Technology Based On Dynamic Taint Analysis And Improved Genetic Algorithm

In recent years,with the rapid growth of software applications,the use of soft-ware defects for malicious attacks are also more and more frequent.These malicious events encroach on the privacy of users,destroy the important data of the system,bring huge economic losses,so the security of software applications becomes more and more serious.In order to increase the robustness of the program and reduce the possibility of the software being attacked,various vulnerabilities in the software must be fundamentally detected.There are many ways to detect software vulnerabil-ities,which are mainly divided into static analysis methods and dynamic analysis methods.Static analysis methods perform fast and efficiently,but rely on source code.Dynamic analysis method does not require source code,while the false posi-tive rate is lower than the static analysis.As a dynamic analysis method,the dynamic binary taint analysis method has been rapidly developed in recent years,however,the traditional dynamic binary taint analysis method defines the state of tainted status as "mark" and "unmarked",which cannot detect potential vulnerabilities in the pro-gram.In addition,when executing a target program under test,only one path of the target program can be detected,the detection path is single and coverage is low.In order to solve the above two problems and excavate more potential vulnerabilities in the program,this paper designs the PinTaint prototype system based on the dynamic binary instrumentation Pin framework,combined with multipath genetic algorithm.PinTaint prototype system includes dynamic binary taint analysis module and test case generation module.In dynamic binary taint analysis module,the status of tainted are expanded,the "controlled mark" status is added,and the rules of vulnera-bility detection are expanded according to the newly added taint status so as to ex-cavate more potential vulnerabilities in the program.The test case module mainly designs the fitness function on the path and branch coverage of the traditional genet-ic algorithm and improves the genetic operator.The multipath genetic algorithm is designed to guide the generation of the test case and run once genetic algorithms can generate test cases covering multiple paths,which greatly improves the efficiency of generating test cases.This paper focuses on how to find more potential vulnerabilities in the program,improve the efficiency of detecting software vulnerabilities,the main contributions are as follows:(1)Design and implement a dynamic binary taint analysis module.Firstly,This article introduces the research background and the main testing methods of vulnera-bility testing.After the related knowledge of vulnerabilities is described in detail,the program instrumentation and related dynamic binary instrumentation platform are introduced.Based on the traditional two status of taint,the third type of mark status of "controlled mark" is expanded,and the tainted data is marked with three kinds of taint mark status.After the taint data is initialized and specifying the taint spread rules of instructions and functions,the vulnerabilities detection rules combined with three kinds of taint status are to test the target program for vulnerability detection.(2)Design and implement a test case generation module.This paper first gives a brief overview of the concept and generation technology of test cases,and then introduces the development history of single-path genetic algorithm and multipath genetic algorithm in guiding the generation of test cases.Finally,based on the path and branch coverage,the fitness function of the algorithm is designed and the genet-ic operators are improved,a new multipath genetic algorithm is designed to guide the generation of test cases.(3)Combined with the dynamic binary taint analysis module and the test case generation module,the PinTaint prototype system was designed and realized.The experimental results show that compared to the traditional vulnerability detection system,PinTaint prototype system can detect more potential vulnerabilities in the program under test and perform well in terms of time performance.