| Due to the rapid development of software technology,the number of vulnerabilities in software is also rapidly increasing.In the past,the manual method of vulnerability discovery has the disadvantages of high requirements for security researchers' experience and slow discovery of vulnerabilities,which makes it difficult to meet the current rapidly increasing demand for vulnerabilities in software.Fuzzing,as a commonly used automated vulnerability discovery tool,can help security researchers automatically discover the vulnerabilities in the target program,and at the same time quickly pinpoint the cause of the vulnerabilities.It greatly reduces the requirement for security researchers' experience in vulnerability discovery,and improves the speed of security researchers discovering vulnerabilities.However,due to the relatively strong randomness of fuzzing,there may be a large number of invalid tests during the fuzzing process.In the real world,the scale and complexity of application programs are relatively high,and a large number of invalid tests in fuzzing make the code covered by the fuzzing account for a low proportion of all codes.In response to the above problems,this article proposes the following two optimization methods.First,this thesis disassembles the binary program into source code,and improves the vulnerability detection mechanism.Since the source code of the program cannot be obtained for fuzzing during most of the vulnerability discovery process,only gray-box fuzzing tools or black-box fuzzing tools can be used for vulnerability discovery.The efficiency of gray-box fuzzing tools or black-box fuzzing tools is much lower than that of white-box fuzzing tools,so this article first disassembles the binary code into executable source code,and then uses the white-box fuzzing tool for fuzzing.Aiming at the problem that the stack cannot be monitored due to the stack transfer location during the disassembly process,this paper uses stack pollution technology to achieve stack detection.Secondly,this thesis proposes a new seed selection algorithm.In order to allow the fuzzing to cover the complex structure of the target program,while ensuring that the algorithm complexity is not very high.This paper collects some information related to the complex structure of the target program from both static and dynamic aspects,converts it into seed scores,and applies it to seed selection,so that fuzzing can use more interesting inputs to cover the complex structure of the program more comprehensively.On the one hand,this paper uses Markov process to evaluate the complex situation of the basic blocks in the program control flow graph.For the Markov process cannot handle the loop in the control flow graph,this article improves the model to deal with the loop in the control flow graph.On the one hand,this article uses statistical methods to obtain target program information to assist fuzzing.Finally,this paper will uniformly transform the evaluation results into seed scores to assist the fuzzing process.In the final experiment,more than 30 vulnerabilities were found in different target programs using the improved fuzzing tool.At the same time,the coverage of the fuzzing tool in this article is also 5% higher than that of honggfuzz and other tools.. |
PDF Full Text Request