Research On Fuzzing Algorithm Based On Dynamic Symbol Execution And Static Analysis

Software security vulnerability is one of the important research directions of Cyberspace Security.Once software security vulnerability is maliciously attacked,it will lead to the loss of users' property and information disclosure.As an automatic software vulnerability dynamic detection technology,fuzzing test technology has gained great attention in recent years due to its high efficiency and ease of use in vulnerability detection.It has become a research hotspot to combine the fuzzing test technology with other program analysis technologies such as symbol execution and static analysis to improve the efficiency of fuzzing test.This paper mainly studies a more effective and efficient way to combine fuzzing test,static analysis and dynamic symbol execution technology to improve the efficiency of software security vulnerability detection.The main work of this paper is as follows:Firstly,this paper proposes and implements a global fuzzing algorithm.The algorithm is guided by the distance and accessibility of the dangerous code blocks which are relatively easy to trigger vulnerabilities in the control flow analysis of each branch code blocks in the program,combined with the genetic algorithm and the directional search strategy,to realize the high-efficiency oriented test of the dangerous path in the program,and reduce the blindness of the fuzzing test to the exploration of the program code space;at the same time,combined with the ability of dynamic symbol execution to solve the branch code blocks constraints in the program,the directional solution to the dangerous path is realized,and the efficiency of generating effective test data by fuzzing test is improved.Secondly,based on the proposed algorithm,the paper designs the overall process framework of fuzzing test,and optimizes the static analysis,oriented fuzzing test and dynamic symbol execution in the framework:1)In the aspect of static analysis of program source code,the paper combines the distance calculation and accessibility analysis of branch code blocks and dangerous code blocks,and designs the risk score evaluation standard of branch code blocks.2)The algorithm of seed energy scheduling and queue selection for fuzzing test is optimized,and the risk score is added as the incentive to overcome the blindness of fuzzing test guided by coverage.3)The path search algorithm in dynamic symbol execution is optimized,and the branch node priority search strategy in dangerous path is added.By executing the "failure" test samples in the fuzzing test,and using the optimized path search algorithm to accurately locate the key constraint nodes in the path constraint and solve them,an effective test case is provided for the high efficiency of the fuzzing test.Finally,based on the fuzzing test algorithm and process framework and the optimization algorithm of each part proposed in this paper,a fuzzing test tool SpeedyFuzz is designed and implemented.In the experiment,we test the real softwares and find the security vulnerabilities effectively,which verifies the feasibility and correctness of the algorithm.By comparing with the same type of tools which are not optimized,it is verified that the fuzzing test tool designed in this paper is faster and more efficient in vulnerability detection than them.