Research And Improvement Of Whitebox Fuzzing Test

The whitebox fuzzing test technology effectively solves the problems of blindness,randomness and inefficiency of traditional blackbox fuzzing test,but it still has certain limitations,such as: vulnerability triggering,environment interaction,complex constraint solving,path explosion,etc.These problems hinder the development of whitebox fuzzing test technology,making whitebox fuzzing test technology unable to achieve theoretical 100% path coverage,and have to face the challenge of detection efficiency and accuracy.Aiming at improving the detection efficiency and accuracy of whitebox fuzzing test technology,this paper deeply analyzes the whitebox fuzzing test technology,focuses on the three typical problems of weak vulnerability triggering,environment interaction and complex constraint solving in whitebox fuzzing test technology,and finally puts forward effective and effective solutions.The main contributions are as follows:Firstly,aiming at the weak triggering ability of whitebox fuzzing test vulnerability,a whitebox fuzzing test scheme based on taint analysis is proposed.According to different vulnerability characteristics,the scheme identifies dangerous operations,obtains constraints related to vulnerability characteristics,and combines with path constraint optimization to solve by constraint solver to guide whitebox fuzzing test to automatically generate high path coverage and test cases with good vulnerability triggering capabilities.The experimental results show that compared with the original whitebox fuzzing test,the scheme can effectively improve the vulnerability detection capability,reduce the false negative rate and false positive rate,and the time overhead is not significantly increased.Secondly,aiming at the environment interaction problem of whitebox fuzzing test,a hidden path search scheme based on external function detection and correction is proposed.The scheme uses the constraint solution to obtain the output value of the external function when executing the new path and records the result in the linked list.When the path is executed,the scheme detects the external function and dynamically corrects it according to the information in the linked list to drive the path,thereby improving the path coverage.The experimental results show that compared with the existing solutions,the path coverage and vulnerability detection capabilities are improved and the time overhead is reduced.Finally,an improved linear fitting function method is proposed for the existing path-orientedlinear fitting method to solve the problem of insufficient input of program input space and low efficiency of serial variable alternation in the process of solving constraints.The method adopts the multi-variable direction cross-choosing mechanism,makes full use of the potential parallel ability of the linear fitting method,explores more program input space in the same search time,and reduces the search space by using program dependency analysis technology to speed up the search process.The comparison experiments of several methods show that the proposed method has higher path coverage and lower time overhead.