| In recent years,people's life is more convenient with the rapid development of the Internet.However,the security problem is increasingly serious.Among them,software vulnerability is one of the important reasons for information security.With the complexity and function diversification of software code,the fuzzing testing technology with automatic characteristics has become the main technology in the field of software vulnerability mining.With the development of vulnerability mining technology,a variety.of intelligent technologies have been introduced into the traditional fuzzy testing.However,they still have some shortcomings such as the mutation lacking pertinence and weak path coverage,which results in poor performance of vulnerability mining.Based on the above background,this thesis proposes a vulnerability mining method based on dynamic taint analysis and path feedback,which extracts the effective fragments of input use cases through dynamic taint analysis technology,and develops the vulnerability mining process to improve the path coverage by combining with path feedback mechanism,in order to improve the effectiveness of fuzzy testing and improve the performance and efficiency of vulnerability mining.On the basis of theoretical research,this thesis designs and implements a vulnerability mining prototype system called YFuzzer.Compared with the traditional fuzzing testing method,the method proposed in this thesis has a significant improvement in path coverage and testing efficiency. |
PDF Full Text Request