Fuzzing Test Seed Generation And Optimization Based On Probability Models

The continuous development of open source software has led to an upward trend in the number of software vulnerabilities,so the field of software vulnerabilities mining also needs more and more research.Fuzzing testing technology is an automated software testing technology,which is widely used in the field of vulnerability mining due to its high degree of automation.As the amount of program code continues to grow,the problems of traditional fuzzing methods have gradually emerged.For example,the random variation of the generated test case seeds makes the effectiveness of the seeds not high and it is difficult to cover all paths.As well as the inability to complete the feedback information of the use program,the generated use cases are not representative enough.If you enter smart methods in the fuzzing test and generate effective test cases,you can increase the coverage of the code and improve the performance of the fuzzing test.In this paper,we propose a new seed generation method for fuzzing testing,using the code language probability model and fuzzing testing to combine,using the probability model and coverage feedback to guide the generation of test cases.Specifically,a code language probability model is constructed from a large amount of code data,and the probability model is used to guide the generation of test cases.Using the feedback information of the path coverage,the purpose is to make the fuzzing test develop in the direction of improving the path coverage.Through the combined guidance of these two methods,a reasonable seed mutation elimination strategy is designed,and this method is used to construct seeds with effective syntax and semantic diversity,thereby optimizing the performance of fuzzing test.In this paper,a fuzz test system LMFuzzer is designed based on the method of fuzzing test seed generation based on the probability model.A comparison experiment is designed to test the software Closure and Rhino.It compares with the Zest and Rlcheck methods in seed effectiveness,total path coverage,and abnormal items per unit time.Contrast on several indicators.Experimental results show that LMFuzzer can improve the effectiveness of seeds,the total number of path coverage has increased by an average of 19%,and the exceptions generated per unit time have also increased significantly.