The Study And Realization Of Intelligent Fuzz Testing Technology For Activex

While providing convenience to people,the internet has gradually become the core battlefield in the field of attack and defense.The asymmetry of vulnerability information has caused more and more security incidents to have a large-scale impact.With the Oday vulnerability becoming an important weapon,vulnerability mining has gradually become a hot topic in the security field of universities and enterprises.Software vulnerability mining is an important part of network attack and defense,and fuzz testing technology is an effective way to mine software vulnerabilities.This article focuses on the intelligent fuzzing technology of the ActiveX control.The survey found that the current mainstream ActiveX control fuzzing tools have weak automation capabilities,blind mutation algorithms,and low efficiency.In order to solve the shortcomings of existing tools,this paper studies the intelligent fuzzing technology for ActiveX.In order to make the fuzz testing more automatic and cover more types of vulnerabilities,a fuzz testing model based on functional prediction is proposed.It can mark the insecure functions in the control and intelligently test the logical vulnerabilities in a control through the classification algorithm.In order to solve the problem of fuzzing inefficiency,this paper proposes a vulnerability-oriented fuzzing technology based on weight optimization.Through static control flow analysis and dynamic taint tracking technology,the methods and parameters in ActiveX control can be prioritized,guiding the fuzzing tool to find vulnerabilities in the control faster.Finally,a mutation rule generation and selection algorithm based on path constraints in complex scenarios is proposed.This algorithm can transform the path constraints information collected in the process of fuzzy testing into mutation rules,and filter mutation rules on vulnerability trigger paths,thus leading test cases to deeper code logic on the basis of vulnerability orientation.Based on the theoretical research,this paper designs and implements an intelligent fuzzing prototype framework named Sifter,which can be applied intelligently to the fuzzing of ActiveX controls.By comparing and analyzing with traditional tools,experiments show that the prototype framework Sifter is more efficient and intelligent in architecture design and mining effect.