Research And Implementation Of Improved Fuzzing Method Based On Symbolic Execution

With the continuous development of Internet technology,program software has become an important part of people's daily life.People's requirements for the diversity of software functions make the amount of code and logic complexity of a single software continue to rise,and the security problems that it brings are also constantly increasing.Security issues have attracted the attention of a large number of researchers worldwide.Vulnerability mining,as one of the methods to discover security issues,has also become a research hotspot in the field of network security.At present,many automated vulnerability mining methods have emerged.Among them,fuzzing is very popular due to its simple principle,simple deployment,and high degree of automation.This article focuses on how to combine fuzzing and dynamic symbolic execution more effectively,so that they can exert their respective advantages to a greater extent.By reading a lot of literature,studying the characteristics of symbolic execution and fuzzing testing,and summarizing the method of combining symbolic execution and fuzzing testing,to find and explore a more effective way to combine symbolic execution and fuzzing testing.The main work and results of this paper are as follows:1.Propose and implement an improved algorithm for verification and detection based on coverage.Based on the in-depth research on the principle of symbolic execution technology,this paper analyzes the reasons behind the problem of missing solutions that are difficult to pass in the detection program,and proposes an improved algorithm for verification and detection based on coverage.This method can cover the path missed by the existing jump detection algorithm and increase the probability of vulnerability triggering.2.Proposed and implemented a basic block-based path simplification and de-duplication method.In the lazy constraint solving strategy,symbolic execution will have the problem of repeated path solving when it solves the constraint for potential wrong paths.This paper studies and proposes a path simplification method based on basic blocks to reduce the number of repeated paths and speed up the efficiency of constraint solving.3.Finally,based on the research content of this article,a symbolic execution-based fuzzing tool LazyFuzz is implemented.The tool can automatically complete fuzz testing,verification detection,path reachability verification and other tasks in parallel and automatically.This paper conducts a comparative experiment on the artificially constructed program and the data set LAVA-M.LazyFuzz can cover more branches and has a faster vulnerability verification speed,which proves the effectiveness of the method proposed in this paper.