| Fuzzing has proved to be the most effective method of software vulnerability mining.AFL(American Fuzz Lop)is one of the most advanced fuzzing tools,and it is also a hot spot in fuzzingresearch field.AFL advantages are prominent but there are still some shortcomings,the first is the limitations of mutation strategy,that can not quickly cover the path containing constant comparison;the secondis the poor performance of parallel speed,that multi-process can not be timely interaction,and pass a large number ofredundanttestcases.Considering the defects of AFL,two optimization methods are proposed: one is to improve the mutation strategy and add the String Match mutation strategy.The idea of String Match mutation strategy is to traverse the tested program and extract all the string and numeric constants,and then send the constant to the AFL.String Match mutation strategy mainly includes the method of string and numeric constants extraction,as well as the execution timing of the String Match mutation strategy.Another is using concurrent lock-free technology to improve fuzzing parallel speed.Concurrent lock-free technology can reduce more overhead.Enhancing the AFL multi-process interaction will increase the speed of fuzz testing.AFL parallel systems includea lock-free data structure,a test case synchronization method,and so on.According to the proposed optimization methods,the original AFL is improved,and the String Match mutation strategy and AFL parallel system are designed and implemented.The experiment proves that the String Match mutation strategy has a significant effect on the command parsing program that contains the longer constants,the number of paths found increasing by 14%per unit time;In a multihost environment,the number of paths found of parallel optimization system increases by 9.42% perunit time,the two methods improve the coverage of fuzz testingin the same period of time. |
PDF Full Text Request