Research On Greybox Fuzzing Test Method Integrating Heat Among Seeds

Software vulnerabilities usually refer to program defects that can be maliciously exploited,and they are the main threat to the security of software system.Software vulnerability detection can effectively reduce security risks,and has become a research hotspot in the field of software security.As a dynamic vulnerability detection technology,coverage-guided greybox fuzzing(CGF)generates testcases through instrumentation combined with genetic algorithm,and uses testcases to trigger vulnerabilities in target software.When consider the frequency difference of program paths to be exercised,the existing CGF distinguishes rare paths from high frequency paths based on a given threshold,but ignores the relative rarity of paths,which leads to the problem of unbalanced path coverage,and finally restricts the code coverage and vulnerability detection efficiency.In order to solve the above problem,this thesis proposed a greybox fuzzing test method integrating heat among seeds,the main research work and innovation of this thesis are as follows:1)Aiming at the problem of unbalanced path coverage,heat among seeds indicator is proposed.First,using the heat of seed to record the number of testcases that exercise the same path as this seed,building heat priority sequence for all seeds according to the heat of seed,and this sequence was divided into multiple equal length sub-sequences.Next,heat among seeds was obtained through comparing each sub-sequence in the middle with the head sub-sequence and the tail sub-sequence.If this sub-sequence is closer to the tail sub-sequence,seeds of this sub-sequence execute a relatively rare path,otherwise they execute a relatively high frequency path.The advantage of this indicator is that it considers the relatively rarity of paths,and distinguishing rare paths from high-frequency paths effectively.2)The seed selection strategy based on heat of seed and the power schedule algorithm integrating heat among seeds are proposed.Inspired by the heat conduction method,seeds that exercised relatively rare paths tend to be selected with a higher probability in the seed selection strategy.In the power schedule algorithm,the mutation energy of seeds executed relatively rare paths is increased,and the mutation energy of seeds executed high frequency paths is reduced.Finally,more testcases execute relatively rare paths been generated,and the number of executions times of each program paths tends to be balanced.3)In order to verify the effectiveness of the method in this thesis,we used 9 real-world applications,LAVA-M datasets and Google fuzzer test suite datasets as test sets,and compared this method with existing coverage-guided greybox fuzzing methods in the same experimental environment.The results show that,compared with other methods,this method appears more balanced in covering program path in test sets,total number of paths found is increased by22.04% on average,and the total number of vulnerabilities found is increased by 60.12% on average.