检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:王乔[1] 宋礼鹏[1] WANG Qiao;SONG Li-peng(The North University of China,Data Science And Technology,Taiyuan 030051,China)
出 处:《科学技术与工程》2020年第9期3656-3661,共6页Science Technology and Engineering
基 金:国家自然科学基金(61772478)。
摘 要:针对覆盖率导向的模糊测试技术在种子筛选时无法体现种子变异价值的问题,提出基于种子变异潜力的适应度函数计算方法,对距离程序起始块近和后继块多的基本块赋予较高权值,追踪种子覆盖路径附近未被覆盖的基本块信息,结合未被覆盖基本块权值计算种子适应度,筛选适应度高且资源开销小的种子进行下一代变异。将提出的模糊测试技术与AFL(American fuzzy loop)在LAVA-M数据集和真实Linux程序上进行对比实验,结果表明:本文方法在减小资源开销的同时代码覆盖率、漏洞发现速度、漏洞发现数量有明显提高。证明了上述筛选策略的有效性。Aiming at the problem that the seed selection of coverage-guided fuzzing test cannot reflect the value of seed mutation, a fitness function calculation method based on the potential of seed mutation was proposed. By assigning higher weights to the basic blocks which is close to the starting block of the program or has more subsequent blocks and tracking basic block information that is not covered near the coverage path of the seed, the seed fitness was calculated according to the weight of uncovered basic blocks and the seeds with high fitness and low resource overhead were selected for the next generation of mutation. The proposed fuzzing technique was compared with American fuzzy loop(AFL) on LAVA-M dataset and real Linux program. The results show that the code coverage, speed of vulnerability discovery and vulnerability discovery of this method are significantly improved while reducing resource overhead. Thus proves the effectiveness of the above screening strategy.
关 键 词:模糊测试 覆盖率导向 基本块 种子筛选 变异潜力
分 类 号:TP311.5[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145
