With the rapid development of information technology,software is widely used in production and life.Therefore,software security becomes more and more important.In the field of software security,fuzzing,an efficient automated vulnerability mining technology,has attracted the attentions of researchers.However,as the scale and complexity of software program increase,fuzzing faces new challenges,in both test efficiency and accuracy.The challenges mainly come from two aspects:the blindness of mutation,and the difficulty in special field mutation.To solve the latter,the researchers have proposed methods based on dynamic symbol execution and dynamic stain analysis.To overcome the blindness problem in fuzzing,this paper proposes a coverage-based fuzzy test based on program control flow graph.The method combines the control flow graph analysis to guide fuzzing,which is an important technology in static analysis.For the blindness in seed selection,a candidate-node-based selection operator is used to improve the quality of selection seeds.In addition,fuzzing suffers low efficiency in deep branch path mutation.To attack this problem,this paper has proposed a mutation masking technique based on candidate nodes.It utilizes the effective information in the original seed and thus greatly improve the quality of the mutate result.Experimental results show that the coverage-based fuzzing based on the program control flow graph can effectively reduce the blindness in the mutation and improve the code coverage and vulnerability mining ability. |