Research On Intelligent Fuzzing Technology Based On Multi-dimensional Control Of Mutation Strategy

In recent years,with the rapid development of computer and information communication,various cyberspace security events emerge one after another all over the world.The impact and loss caused by security problems are also increasing year by year.Vulnerability is one of the most important reasons for many security incidents.Fuzzing is an effective vulnerability detection method,which has achieved good results in the practice of vulnerability detection.However,traditional fuzzing methods have problems such as blind sample mutation strategy,low code coverage,and lack of ability to guide the fuzzing process to cover the vulnerable points.This paper proposes an intelligent fuzzing technology based on multidimensional control of mutation strategy to make up for the defects of traditional fuzzing.The graybox fuzzing is modeled as a Markov decision process,and the deep reinforcement learning algorithm is used to perform multi-dimensional perception and intelligent intervention on the key mutation position of the sample,the mutation strength of different mutation positions,and the selection of various mutation algorithms.The DDPG algorithm is used to guide the direction of each step in the mutation process,reduce the number of invalid mutations,and improve the sample quality and code coverage of fuzzing.At the same time,using static analysis and instrumentation technology,based on the fuzzing model of multidimensional control of mutation strategy,the vulnerability-oriented fuzzing is realized.Use the model to guide the fuzzing process to cover the vulnerable points.Through high-intensity testing of the vulnerable points,high-quality samples that can detect the vulnerable points are generated,and the accuracy and efficiency of the fuzzing are improved.This paper designs and implements a fuzzing system based on multidimensional of mutation strategy control.The system can realize two modes of coverage-oriented and vulnerability-oriented,which correspond to the two goals of the fuzzing process:increase the coverage or quickly cover the vulnerability.Using the LAVA-M test set and real applications,the system in this paper and the traditional fuzzing tool are tested in two modes respectively.The experimental results show that the intelligent fuzzing technology based on multi-dimensional control of mutation strategy can effectively improve the quality of samples in the fuzzing process.Fuzzing technology has been optimized and improved in three aspects:increasing coverage,detecting more vulnerabilities,and quickly covering vulnerable points.