检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Chunlai Du Tong Jin Yanhui Guo Binghao Jia Bin Li
机构地区:[1]School of Information Science and Technology,North China University of Technology,Beijing,100144,China [2]Department of Computer Science,University of Illinois Springfield,Springfield,62703,IL,USA [3]Civil Aviation Management Institute of China,Beijing,100102,China
出 处:《Computers, Materials & Continua》2021年第12期3845-3855,共11页计算机、材料和连续体(英文)
基 金:This work was supported by the Natural Science Foundation of China(Grant No.61702013);National Key Research and Development Plan(Grant Nos.2018YFB1800302 and 2019YFA0706404);Beijing Natural Science Foundation(Grant Nos.KZ201810009011,4202020,and 19L2021);Science and Technology Innovation Project of North China University of Technology(19XN108).
摘 要:While the size and complexity of software are rapidly increasing,not only is the number of vulnerabilities increasing,but their forms are diversifying.Vulnerability has become an important factor in network attack and defense.Therefore,automatic vulnerability discovery has become critical to ensure software security.Fuzzing is one of the most important methods of vulnerability discovery.It is based on the initial input,i.e.,a seed,to generate mutated test cases as new inputs of a tested program in the next execution loop.By monitoring the path coverage,fuzzing can choose high-value test cases for inclusion in the new seed set and capture crashes used for triggering vulnerabilities.Although there have been remarkable achievements in terms of the number of discovered vulnerabilities,the reduction of time cost is still inadequate.This paper proposes a fast directed greybox fuzzing model,FastAFLGo.A fast convergence formula of temperature is designed,and the energy scheduling scheme can quickly determine the best seed to make the program execute toward the target basic blocks.Experimental results show that FastAFLGo can discover more vulnerabilities than the traditional fuzzing method in the same execution time.
关 键 词:Directed greybox FUZZING power schedule
分 类 号:TP3[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.15.3.240