Research And Implementation Of Hierarchical Multi-granularity Fuzzing Test Vulnerability Mining System Based On Dynamic Optimization

With the development of the Internet,the increasingly serious information security incidents significance of social security and stability.As one of the fundamental causes of hacker attacks,software vulnerabilities pose a huge threat to information security.Because of its strong harmfulness,wide coverage and category diversity,it has been paid close attention to as a resource in the current global information security game.Based on the in-depth analysis of existing vulnerability mining methods,this dissertation proposes a dynamic optimization on hierarchical multi-granularity fuzzing based vulnerability test mining method,which solving the problem of insufficient efficiency and accuracy for vulnerability mining caused by excessive consumption of test case coverage tracing,lacking discriminate test of target program blocks and inadequate optimization of genetic algorithm.This method constructs two-level test case suite satisfying different granularity requirements by dynamic degressive instrumentation strategy: dynamically selects test case to inject into the target program on the first level,and optimizes test case by exploiting a dynamic test execution feedback information based fitness function of genetic algorithm on the second level.On this basis,a prototype system of Fuzzing test is designed and implemented.The main work of this thesis is as follows:(1)Analyse the typical vulnerability mining methods,and deeply analyze the method of mining vulnerabilities in Fuzzing test based on binary program.(2)First,a dynamic degressive instrumentation strategy based on binary instrumentation technology is proposed to reduce the consumption of coverage tracing.Then,a two-level test case set is established to meet different test granularity requirements,and a granularity and collaborative degressive instrumentation strategy is used for dynamically selecting test to meet test phases and security requirements.The hierarchical multi-granularity Fuzzing test vulnerability mining method is formed.In addition,the method analysis on full coverage tracking to obtain the execution path information of the test case which exposing on various factors,including coverage,newness degree of test cases,execution time and size of test cases and so on.Different dynamic weight is introduced to guide the iterative evolution of the genetic algorithm for specific test cases.Combining with hierarchical multi-granularity Fuzzing test method,a dynamic optimization hierarchical multi-granularity Fuzzing test vulnerability mining method is finally formed.(3)Using Python,C++ and other tools to design and implement this dynamic optimized hierarchical multi-granularity Fuzzing test vulnerability mining prototype system under Windows platform.The system is compared and analyzed from two aspects of function and performance.The experimental results show that the Fuzzing test system excels in the efficiency and accuracy of vulnerability mining,and verifies the feasibility and effectiveness of the proposed method.