基于代码注入的反模糊测试技术  

作　　者：黎振奎 韩禹洋 张健毅 LI Zhenkui;HAN Yuyang;ZHANG Jianyi(Beijing Electronic Science and Technology Institute,Beijing 100070,P.R.China)

机构地区：[1]北京电子科技学院,北京市100070

出　　处：《北京电子科技学院学报》2023年第2期82-97,共16页Journal of Beijing Electronic Science And Technology Institute

基　　金：中央高校基本科研业务费专项资金资助(项目编号:328202204)。

摘　　要：现代灰盒模糊测试器可以通过从程序内部获取信息反馈,可以在短时间内发现大量漏洞。但是如果这项技术被滥用,将对企业和用户造成极大的伤害。为了避免软件程序被随意分析,反模糊测试技术应运而生。然而,现有的反模糊测试技术存在效率低、开销大、效果不理想、使用困难等问题。为了解决此类问题,本文提出了一种基于代码注入的新型反模糊测试技术。本文方法主要针对现代模糊测试器常用的插桩技术,利用插桩技术的局限,使用代码注入的方式绕过模糊测试器的信息检测,从而干扰模糊测试器分析目标程序,最终达到阻止模糊测试器工作的目的。为验证这种新型反模糊测试技术的有效性与处理性能,本文将该方法与当前最先进的反模糊测试技术作用于同一程序并进行比较。结果表明,本方法可以以更小的程序体积和更低程序运行开销来阻止不同的模糊测试器对目标程序进行模糊测试。Modern gray-box fuzzing could find out lots of bugs within a short time by getting feedback from inside a program.Misusing this technology will seriously harm the enterprises and customers.To a-void a software program being analyzed arbitrarily,anti-fuzzing technique emerges.However,existing anti-fuzzing techniques suffer from the problems of low efficiency,high overhead,poor effectiveness,and difficult operability.To address the issues,a novel anti-fuzzing technique based on code injection is proposed in this paper.,which aims at the instrumentation technology widely used in modern fuzzing.U-tilizing the limitation of the instrumentation technology,code injection method is used to bypass the fuzzing,to disturb analyzing the target program and finally to prevent the implementation of the fuzzing.To validate the effectiveness and evaluate the processing performance,the proposed technique is com-pared with the most advanced anti-fuzzing technique for a same target program.Results show that the proposed technique successfully prevents the target program being analyzed by multiple fuzzing testers with smaller code size and lower program overhead.

关 键 词：反模糊测试技术 模糊测试技术 插桩分析 代码注入技术 恶意软件技术 覆盖率反馈 符号执行 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]