检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:陶泓宇 徐向华[1] TAO Hongyu;XU Xianghua(School of Computer Science,Hangzhou Dianzi University,Hangzhou 310018,China)
机构地区:[1]杭州电子科技大学计算机学院,浙江杭州310018
出 处:《电子科技》2024年第11期13-21,共9页Electronic Science and Technology
基 金:浙江省重点研发计划(2017C01065)。
摘 要:混合模糊测试结合了模糊测试与符号执行,使用模糊测试探索程序中的路径,并利用符号执行求解模糊测试难以突破的复杂约束,但现有混合模糊测试工作在选择符号执行的求解目标时未考虑两种技术之间的任务协作和符号执行的求解收益。针对上述问题,文中提出基于多元种子选择的混合模糊测试方法。利用程序控制流图对程序状态进行分析,对种子发现路径的能力进行量化,由符号执行来求解模糊测试难以探索到新路径的种子,从而形成两者之间的任务协作。利用目标点导向的思想量化种子挖掘漏洞的能力,使符号执行求解更有可能发现漏洞的种子。实验结果表明,相较于现有混合模糊测试工作,所提方法的整体路径发现数量提升了8.35%,整体漏洞发现数量提升了28.69%。Hybrid fuzzy testing combines fuzzy testing and symbolic execution,uses fuzzy testing to explore the path in the program,and uses symbolic execution to solve complex constraints that are difficult to break through fuzzy testing.However,the existing hybrid fuzzy testing has not considered the task cooperation between the two technologies and the solution benefits of symbolic execution when selecting the solution target of symbolic execution.To solve these problems,a hybrid fuzzy testing method based on multivariate seed selection is proposed.The program control flow diagram is used to analyze the program state and quantify the ability of seeds to discover the path.The seeds thatare difficult to explore the new path in fuzzy testingare solved by symbolic execution,so as to form task cooperation between them.The ability to use target-point oriented ideas to quantify seed mining vulnerabilities makes symbolic execution solutions more likely to find the seeds of vulnerabilities.The experimental results show that compared with the existing hybrid fuzzy testing work,the overall path discovery number of the proposed method increases by 8.35%and the overall vulnerability discovery number increases by 28.69%.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.70