Research On Optimization Technology Of Guided Fuzzing

At present,IT technology is changing with each passing day,more and more Internet devices are being used,and network attacks of networked devices are increasing.The security analysis technology for detecting Internet devices is becoming more and more important.Among the software breakthrough discovery technologies available today,fuzzing has been very popular due to its simple concept,low deployment flaws,and extensive experience in software breakthroughs.Guided fuzzy testing technology,using static or dynamic program analysis technology to provide a certain direction for fuzzy testing,thereby increasing the effectiveness of fuzzy testing.Orientation technology usually involves two stages: one is to obtain useful information about the program under test,such as generating a control flow graph,collecting variable specific values,collecting coverage information,etc.;second,generating test cases under the guidance of previous analysis.For example,test cases with higher coverage are considered as feasible test cases.This paper focuses on the guiding optimization technology of fuzzy testing.The main work and contributions are as follows:1.A suspicious breakthrough code location optimization technique based on PSVSA(Power Set Value Set Analysis)is proposed and implemented.For the current fuzzy test,the pre-analysis of the detected program is not accurate enough.For example,the problem of insufficient accuracy of the target address is provided.Firstly,the implementation technology of the existing VSA is analyzed.Based on this,a new data is proposed.The model-power set spanning interval domain solves the problem of the existing VSA implementation technology,improves the accuracy of the value set analysis,reduces the error,and provides a higher accuracy guarantee for the Fuzz pre-analysis program information.2.The fuzzy test path-oriented optimization technology based on lightweight instrumentation is proposed and implemented.In view of the problem of insufficient coverage information and high analysis cost in current fuzzy test,CFG-based optimization of INSTRIM is carried out to improve the coverage rate.Based on the specific program structure,the frequency of the insertion point is dynamically monitored,and the insertion is performed in real time.Dynamic adjustment of points reduces the cost of instrumentation and provides more effective help for Fuzz to select alternative test cases to trigger breakthroughs.3.Based on PSVSA's suspicious breakthrough code positioning optimization technology and lightweight instrumentation path-oriented optimization technology design,realized GOFuzz(guided optimization Fuzz)prototype system,and carried out system function test,which verified that the technology is lightweight.High efficiency,can effectively reduce the false alarm rate of false test at the lowest cost,and improve the breakthrough efficiency of fuzzy test.