基于种子变异潜力的模糊测试方法

针对覆盖率导向的模糊测试技术在种子筛选时无法体现种子变异价值的问题,提出基于种子变异潜力的适应度函数计算方法,对距离程序起始块近和后继块多的基本块赋予较高权值,追踪种子覆盖路径附近未被覆盖的基本块信息,结合未被覆盖基本块权值计算种子适应度,筛选适应度高且资源开销小的种子进行下一代变异。将提出的模糊测试技术与AFL(American fuzzy loop)在LAVA-M数据集和真实Linux程序上进行对比实验,结果表明:本文方法在减小资源开销的同时代码覆盖率、漏洞发现速度、漏洞发现数量有明显提高。证明了上述筛选策略的有效性。

Fuzzing Test Based on Potential of Seed Mutation

Aiming at the problem that the seed selection of coverage-guided fuzzing test cannot reflect the value of seed mutation, a fitness function calculation method based on the potential of seed mutation was proposed. By assigning higher weights to the basic blocks which is close to the starting block of the program or has more subsequent blocks and tracking basic block information that is not covered near the coverage path of the seed,the seed fitness was calculated according to the weight of uncovered basic blocks and the seeds with high fitness and low resource overhead were selected for the next generation of mutation. The proposed fuzzing technique was compared with AFL on LAVA-M dataset and real Linux program. The results show that the code coverage, speed of vulnerability discovery and vulnerability discovery of this method are significantly improved while reducing resource overhead.Thus proves the effectiveness of the above screening strategy.