Research Of Vulnerability Discovery Based On Fuzzing

The number and speed of vulnerability discovery in recent years are far greater than in previous years.The explosive growth in the number of global disclosure vulnerabilities is partly due to the application of automated vulnerability discovery,which has become a powerful complement to manual vulnerability discovery.As a typical representative of automated vulnerability discovery technology,fuzzing has made great contributions to the automatic vulnerability discovery.However,many existing vulnerability discovery solutions are aimed at the white-box mode,and these solutions cannot achieve the intended purpose in the absence of program source code.Although the black-box mode vulnerability discovery can be done without relying on the source code,the effect of its vulnerability discovery is not satisfactory.To solve the problem of automatic vulnerability discovery without source code and taking into account the efficiency of vulnerability discovery,this paper proposed a gray-box vulnerability discovery model GVDM for binary program.The model assists in extrapolating the internal structure of the application by tracking path coverage and applying dynamic binary instrumentation techniques while program runtime.Besides,simulated annealing and genetic algorithms are used to prioritize samples that can perform more low-frequency paths during the sample selection phase in the model.These selected samples can perform better in vulnerabilities discovery than the samples generated by traditional schemes,which can improve the efficiency of vulnerability discovery.Based on the proposed gray-box vulnerability discovery model for binary program,this paper implements a gray-box vulnerability discovery prototype system Owl.The final experimental results of the Owl on LAVA-M dataset,which is a baseline dataset for comparing vulnerability discovery effects,show that Owl found 100 preset injection vulnerabilities.Owl has a better vulnerability discovery effect than other vulnerability discovery solutions.Compared with other vulnerability discovery solutions,Owl not only has a higher rate of preset vulnerability discovery,but also finds a non-prefixed vulnerabilities in the LAVA-M dataset,which also proves the effectiveness of the proposed gray-box vulnerability discovery model for binary program.