电子科技 ›› 2024, Vol. 37 ›› Issue (11): 13-21.doi: 10.16180/j.cnki.issn1007-7820.2024.11.003

• • 上一篇    下一篇

基于多元种子选择的混合模糊测试方法

陶泓宇, 徐向华   

  1. 杭州电子科技大学 计算机学院,浙江 杭州 310018
  • 收稿日期:2022-04-06 出版日期:2024-11-15 发布日期:2024-11-21
  • 作者简介:陶泓宇(1998-),男,硕士研究生。研究方向:网络安全、模糊测试。
    徐向华(1965-),男,博士,教授。研究方向:大数据处理、数据挖掘、无线传感网络、工业网络安全等。
  • 基金资助:
    浙江省重点研发计划(2017C01065)

Pluralistic Seed Selection-Based Hybrid Fuzzing

TAO Hongyu, XU Xianghua   

  1. School of Computer Science,Hangzhou Dianzi University,Hangzhou 310018,China
  • Received:2022-04-06 Online:2024-11-15 Published:2024-11-21
  • Supported by:
    Key R&D Program of Zhejiang(2017C01065)

摘要:

混合模糊测试结合了模糊测试与符号执行,使用模糊测试探索程序中的路径,并利用符号执行求解模糊测试难以突破的复杂约束,但现有混合模糊测试工作在选择符号执行的求解目标时未考虑两种技术之间的任务协作和符号执行的求解收益。针对上述问题,文中提出基于多元种子选择的混合模糊测试方法。利用程序控制流图对程序状态进行分析,对种子发现路径的能力进行量化,由符号执行来求解模糊测试难以探索到新路径的种子,从而形成两者之间的任务协作。利用目标点导向的思想量化种子挖掘漏洞的能力,使符号执行求解更有可能发现漏洞的种子。实验结果表明,相较于现有混合模糊测试工作,所提方法的整体路径发现数量提升了8.35%,整体漏洞发现数量提升了28.69%。

关键词: 模糊测试, 符号执行, 混合测试, 调度算法, 漏洞挖掘, 约束求解, 静态分析, 距离计算

Abstract:

Hybrid fuzzy testing combines fuzzy testing and symbolic execution, uses fuzzy testing to explore the path in the program, and uses symbolic execution to solve complex constraints that are difficult to break through fuzzy testing. However, the existing hybrid fuzzy testing has not considered the task cooperation between the two technologies and the solution benefits of symbolic execution when selecting the solution target of symbolic execution. To solve these problems, a hybrid fuzzy testing method based on multivariate seed selection is proposed.The program control flow diagram is used to analyze the program state and quantify the ability of seeds to discover the path. The seeds thatare difficult to explore the new path in fuzzy testingare solved by symbolic execution, so as to form task cooperation between them. The ability to use target-point oriented ideas to quantify seed mining vulnerabilities makes symbolic execution solutions more likely to find the seeds of vulnerabilities.The experimental results show that compared with the existing hybrid fuzzy testing work, the overall path discovery number of the proposed method increases by 8.35% and the overall vulnerability discovery number increases by 28.69%.

Key words: fuzz testing, symbolic execution, hybrid testing, schedule algorithm, vulnerability mining, constraint solving, static analysis, distance calculation

中图分类号: 

  • TP393