| With the development of the times and the advancement of science and technology,the Internet and computers have played an increasingly important role in human activities,and their security has also drawn increasing attention.Fuzzing is an efficient automatic vulnerability discovery technology.It has been widely concerned and applied in the field of software security.To cope with the security of increasingly complex software,fuzzing needs improvement in accuracy and efficiency.Lacking of effective seed selection strategy and blindness of mutation are two problems currently faced by fuzzing.In this paper,the work and innovations made on the above issues:1)In view of the lack of effective seed screening strategies,researchers have proposed from the perspective of coverage,and use coverage as a criterion for measuring the quality of seeds.This article starts with the basic elements and branches of coverage to affect the coverage of various factors.Situation analysis.Different types of basic blocks and branches are given different weights to effectively reflect the potential of the seed mutation.At the same time,the quality of seeds is judged based on the resource cost,and the seed screening effect is improved.2)Aiming at the problem of blindness of mutation,this paper proposes to analyze the assembly statements that affect branch judgment from the reverse perspective,and extract the comparison values.At the same time,it uses stain analysis to help locate the data positions that affect branch judgment.Large at the same time effectively improved the effect of mutation and improve testing efficiency.3)This paper designs and implements a fuzzing system based on the above strategy,and conducts a comparative experiment with AFL on LAVA-M and real Linux programs.A comparative analysis is carried out from the number of vulnerabilities,mining efficiency,system overhead and coverage,confirming the strategy of this article is more effective. |
PDF Full Text Request