Coverage-guided Efficient Fuzzing Technology Based On Deep Learning

Fuzzing is one of the most commonly used methods in vulnerability mining,which has the advantages of good usability,low false alarm rate and no source code dependence.However,as the scale of software systems continues to grow,and the complexity continues to increase daily,traditional fuzzing methods have emerged insufficiency,having the problems such as weak legality of generated samples,blind sample variation,and relying on manual participation.In recent years,deep learning technology that has been widely used in natural language processing and computer vision has also been gradually explored and applied in the field of network security due to its feature of automatically learning data characteristics and laws,providing new ideas for solving the bottleneck problem of traditional methods.Based on the above background,a coverage-guided efficient fuzzing technology based on deep learning is proposed in this paper,which consists of three sub technologies.Firstly,it uses deep learning-based sample effective mutation location learning technology to evaluate the mutation effectiveness of sample bytes,and preferentially selects the location that can trigger the new basic block to perform mutation,this process can reduce the number of invalid mutations.Then,through the sample generation technology based on deep learning,combined with the improved sampling algorithm,a complete test sample is generated,which can not only meet a certain grammar format,but also have the diversity that can achieve a large code coverage and the variability that can be executed to the error handling code.At last,the basic block coverage information of the test sample will be obtained through the coverage feedback information acquisition technology based on source code instrumentation,and the sample that triggers the new basic block will be selected as the high-quality seed for subsequent testing,so that the fuzzing will be underway in the direction of coverage increasing.This fuzzing technology can effectively solve the problem of blind selection of mutation locations and redundancy of generated samples in traditional fuzzing methods based on random mutations,and can automate the entire sample generation process.In order to verify the effectiveness and superiority of the technology in this article,this paper implements the entire fuzzing system according to the technical scheme,and conducts sufficient test experiments on it.The results prove that compared to the traditional fuzzing method and the Learn&Fuzz method which uses deep leanring to generate fuzzing samples,this fuzzing system is more efficient and intelligent,can achieve higher code coverage,and dig potential vulnerabilities in the target program.