Research And Design Of Fuzzing Vulnerability Detection System Based On Symbolic Execution

With the continuous development of the Internet industry,software has been integrated into all aspects of people's daily lives.The diversity of life needs leads to the diversity of software functions,and the complexity of related services and the number of source codes are gradually increasing.The security issues behind diversity have aroused widespread concern among researchers.The security of software directly affects the security of users'information and property.Once an attacker controls the user's information property through software vulnerabilities,it will have very serious consequences.Therefore,it is especially important to enhance software security.Vulnerability detection is the first step to enhance software security.Fast and accurate detection of vulnerabilities can reduce risks in time.Therefore,research vulnerability detection technology has strong use value.This paper mainly studies the fuzzing test technology based on symbolic execution and explores an effective method to improve the efficiency of fuzzing test.By reading a large amount of papers,summarizing mainstream software testing techniques,studying the basic principles of different software testing techniques,comparing the research results of symbolic execution and fuzzing testing at home and abroad,exploring its advantages and disadvantages,summarizing the testing process of fuzzing testing and symbolic execution,A step-by-step study lays the foundation.The main work done in this paper is as follows:Firstly,a new fuzzing test method based on symbolic execution has been proposed.Through the in-depth study of fuzzing test technology and symbolic execution principle,this paper explores how to combine fuzzing test with symbolic execution and propose a new fusion method.The method filters out the code blocks that may be vulnerable by preprocessing,and then uses the fuzzing test to detect the vulnerabilities of the code block.Finally,the symbol execution technique is used to explore the trigger path and generate specific test cases.In the fuzzing test process,symbol execution also guides the generation of test cases,reduces the invalidity of generating test cases based on random mutations,reduces the probability of triggering repeated vulnerabilities,and improves the efficiency of overall testing.Secondly,this paper studies the operation of the optimization test aid test system.1)Introduce the risk coefficient formula in static analysis,and reduce the difficulty of code block screening by judging multiple risk factors.2)Emphasizing the optimization of the mutation test's mutation strategy,and using the random mutation strategy to generate a large number of repeated test cases in the fuzzing test execution process,and combining the random variation method with the grammar-based mutation strategy to improve the test.The quality of the use case generation.3)Optimize the single solution problem of the solver module in the symbol execution flow,and study the parallel solver method to enable it to implement multiple constraint solving functions in parallel.Finally,based on the research content of this paper,the prototype tool LambFuzz is implemented,and the program in the real environment is tested.The vulnerability of CVE is found,which proves the validity of the research content.At the same time,KleeFL,Honggfuzz and KLEE were used to detect the dataset LAVA-M.The experimental results show that the system improves the detection rate to a certain extent in a unit time,thus verifying the efficiency of the research method.