| For static detection of C/C++ source code programs,due to the lack of a simple and easy-to-use threat detection model,there are a large number of false positive vulnerabilities in the vulnerability detection results of static analysis tools.At present,determining whether these vulnerabilities are false positives mainly relies on manual analysis and judgment.But it is laborious and error-prone to manually judge whether these vulnerabilities really exist.An effective solution is to use directed greybox fuzzing(DGF)to find the input that triggers the vulnerability,thereby verifying whether the vulnerability exists.The current DGF is inefficient,and it is necessary to optimize the DGF to realize the function of vulnerability verification.In the task of vulnerability verification based on DGF,generating some crashes at a given target location is a key process.In the improvement of DGF,the following optimization schemes are proposed.Firstly,a more accurate method for calculating the distance from the seed to the target location is adopted.This method can coordinate multiple target positions to avoid missing seeds that have reached the target location.Secondly,coordinate the time of the exploration and exploitation phases of the DGF,and propose an adaptive scheduling scheme.Thirdly,in order to avoid falling into a local optimal,not only the distance factor is considered in seed selection,but the number of seed executions and the ability to explore seed paths are incorporated into the seed selection factors.Fourthly,introduce a distance-guided seed mutation strategy,which can make the seed mutate toward the target location.at the same time,divide the mutation strategies into different granularities,depending on the distance between the seed and the target location the seed adopts different granularity mutations.Finally,to generate inputs that meet branch conditions which guarded by complex or tight constraints(very few range of satisfying value space)and find crashes hidden behind them,symbolic execution is introduced to help DGF to explore the path.The prototype system of vulnerability verification was implemented based on the improved directed graybox fuzzing.The test results of vulnerability verification on four open source software show that the proposed method can find the input that triggers the suspected vulnerability,and the proposed strategy can guide the program path to the target location,so that the crash can be found at the given target location.Compared with other vulnerability verification tools,it is shown that the method can verify vulnerabilities more quickly and shorten the verification time by 30%-40%. |
PDF Full Text Request