| With the rapid development of the software industry,more and more software is used daily,but there are often various major security vulnerabilities in these rapidly developing software.In order to prevent these software vulnerabilities from being maliciously used by attackers.Security researchers will continually dig undiscovered vulnerabilities in the software and patch the vulnerabilities in time to improve the security of the software system.Among the many vulnerability mining methods,the most direct and effective effect is the fuzzing technology.At present,there are two main types of fuzzy testing technology used in industry:fuzzy testing technology based on template constraints and fuzzy testing technology based on feedback.The fuzzing technology based on template constraints can generate high-penetration sample files,but it lacks guidance during the mutation process,and the ambiguous target of the mutation makes its fuzzing efficiency inefficient;feedback-based fuzzing technology uses the feedback from the program during operation The information control sample mutates toward the direction of high coverage,but its penetration is not good for programs with complex formats.In addition,the feedback-based fuzzy test technology uses a single sample as the basic unit of evaluation when it guides sample variation,which is often not accurate enough,which will cause a lot of computing power to be wasted in the fuzzy test process.Based on the above background,this paper proposes a fuzzing technique,which extracts and combines the model constraint technique in the template-based constraint model paste testing technique and the path feedback technique in the feedback-based fuzzy testing technique.The template constraint technology can make the sample files have strong penetrability,thus bypassing many security tests and increasing the coverage of the program.The path feedback technology can obtain the path information of the program in the running state.By analyzing the execution path of each sample,you can clearly recognize the state of the sample,thereby controlling the development of the sample toward high coverage.This paper combines the above two technologies to improve the coverage during the fuzzing process.In addition,this paper also proposes a fuzzy test technology based on ant colony algorithm.The pheromone concentration of the ant colony algorithm can be used to record the characteristics of historical information.The fuzzy test process of the sample is converted into the process of ant colony search path,thereby driving the fuzzy test system Preferentially mutate samples with high probability to generate new paths to further improve the coverage of fuzzy tests.The whole set of fuzzing system researched,designed and implemented in this paper has the characteristics of high efficiency and accuracy,and has a significant improvement in the coverage of fuzzing,which can play a certain role in the field of vulnerability mining. |
PDF Full Text Request