| Fuzz testing is an important method to detect and discover vulnerabilities,which triggers potential vulnerabilities in the target program by generating variable inputs.In recent years,some work has been carried out mainly around oriented fuzz testing,such as AFL,libfuzzer,AFL fast and other mature testing tools oriented to coverage have been proven effective in practice.The goal-oriented fuzz method is to test the key path under the condition of setting the target point in advance,so as to find the problem.In recent years,some works have introduced reinforcement learning into fuzzing,providing an intelligent scheme for mutation guidance.However,the traditional guided fuzzing model often cannot mutate samples towards effective regions,it cannot efficiently generate high-quality samples,and instead wastes computing resources in some invalid sample spaces.Based on the above background,this paper proposes an improved oriented fuzzing model,which optimizes the three aspects of sample evaluation,memory corruption perception,and mutation guidance by combining data such as coverage and target distance,and improves the vulnerability of oriented fuzzing.discoverability.Specifically,this paper proposes and implements a single-sample evaluation technology based on the vulnerability characteristics of the code execution path to solve the problem of inaccurate positioning of the sample in the test space due to the single index of the traditional test sample evaluation,and uses the vulnerability feature model to analyze the sample execution path.Multipoint marking is carried out in the test space,and the similarity between the sample execution path and the vulnerability feature model is calculated by comparing multiple conditions to evaluate the sample;the traditional fuzz test has insufficient destructive perception of the normal state of the program,which leads to computing resources.For the problem of massive consumption in invalid state space,a high-sensitivity awareness technology for overflow based on memory data boundary analysis is proposed and implemented.The code of memory boundary operation is extracted through slice analysis,and the real-time memory overflow of operation at memory boundary is obtained by using static instrumentation technology.state,and analyze the impact of external data changes on memory data boundary breakthroughs,enhance high sensitivity to program errors and exceptions,and increase the probability of vulnerability discovery;in the test process,the granularity of sample mutation actions is large and the guidance direction is not clear,which leads to control of the test process In order to solve the problem of poor accuracy,an intelligent testing technology based on multidimensional action output and multivariate state perception is proposed and implemented,and the action in the reinforcement learning model is multidimensional,and more control vectors are used to improve the accuracy and flexibility of sample variation.Multivariate state perception technology dynamically evaluates and iteratively learns mutation actions based on the current sample state,improves the ability to optimize multi-objective constraints,and enhances the efficiency of fuzz testing.In order to prove the effectiveness of the model,this paper designs experiments to test multiple programs,and compares the three indicators of coverage,target distance and number of trigger crashes between the existing guided fuzzing tool AFLGO and the fuzzing model described in this paper.Experimental results show that the fuzzing model described in this paper can effectively test the program’s target location and find program problems. |
PDF Full Text Request