距离与权重相结合的导向式灰盒模糊测试方法  被引量:1

Guided Grey-Box Fuzzing Test Method Combining Distance and Weight

在线阅读下载全文

作  者:李明磊 陆余良 黄晖 朱凯龙 LI Minglei;LU Yuliang;HUANG Hui;ZHU Kailong(College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China)

机构地区:[1]国防科技大学电子对抗学院,合肥230037

出  处:《计算机工程》2021年第3期147-154,共8页Computer Engineering

基  金:国家重点研发计划“网络空间安全”重点专项(2017YFB0802900)。

摘  要:导向式灰盒模糊测试是一种能够快速对程序指定位置进行测试的技术。通过对当前导向式灰盒模糊测试技术导向不够精确的问题进行分析,提出一种新的导向式灰盒模糊测试方法,并引入基本块权重与函数路径长度的概念。通过对被测程序的静态分析,构建被测程序的函数调用图和控制流程图,计算更准确的基本块距离并插桩到被测程序中。在模糊测试时通过插桩追踪并计算每个测试用例到指定目标的距离,模糊测试器依据该距离计算种子能量以实现对目标区域的导向,并基于该方法实现原型系统Afl-guide。实验结果表明,与现有的导向式模糊测试方法相比,该方法对目标区域导向更精确、路径覆盖更广,能够更快地生成覆盖程序指定位置的测试用例。Guided grey-box fuzzing test is a technique that can quickly test a specified location of a program.By analyzing the problem that the existing guided grey-box fuzzing test techniques are not accurate enough in guidance,this paper proposes a guided grey-box fuzzing test method.The method introduces the concepts of basic block weight and function path length.Through the static analysis of the program under test,the function call graph and control flow chart of the program under test are constructed,and the more accurate basic block distance is calculated and inserted into the program.By instrumentation,the distance from each test case to the specified target is tracked and calculated in the fuzzing test.The fuzzing tester calculates the seed energy based on this distance to achieve the guidance of the target area.Based on this method,the prototype system Afl-guide is implemented.The experimental results show that compared with the existing guided fuzzing test methods,the proposed method is more accurate in the guidance of the target area,provides wider path coverage,and can generate test cases covering the specified position of the program faster.

关 键 词:灰盒模糊测试 距离向量 基本块 种子能量分配 漏洞检测 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象