检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:丁森阳 徐向华[1,2] DING Senyang;XU Xianghua(Department of Computer Science and Technology,Hangzhou Dianzi University,Hangzhou 310018,China;School of Computing,Hangzhou Dianzi University,Hangzhou 310018,China)
机构地区:[1]杭州电子科技大学计算机科学与技术系,浙江杭州310018 [2]杭州电子科技大学计算机学院,浙江杭州310018
出 处:《软件工程》2025年第2期56-60,66,共6页Software Engineering
摘 要:模糊测试是目前比较流行的网络协议漏洞挖掘技术之一,但是存在现有网络协议模糊器对字段间的关联性探索不足的问题。为此,提出了一种基于字段信息和覆盖率反馈的模糊测试方法。该方法通过两个参数定量表示协议数据模型中不同字段的关系和每一个字段本身的影响力,并利用覆盖率信息持续学习更新,从而指导模糊测试向更高效的方向变异。基于该方法实现了基于字段信息和覆盖率反馈的模糊测试模糊器FMFuzzer(Field Message based Fuzzer),并与模糊器Boofuzz和PAVFuzz进行了对比实验。实验结果显示,在3种网络协议上,FMFuzzer的代码覆盖率模糊器Boofuzz和PAVFuzz分别平均提升了10.97%和6.63%,证明了本方法的有效性。Fuzzing is one of the most popular techniques for discovering vulnerabilities in network protocols,but there is a problem of inadequate exploration of interdependencies between fields in existing network protocol fuzzers.Therefore,a fuzzing method based on field information and coverage feedback is proposed.This method quantitatively represents the relationship between different fields in the protocol data model and the influence of each field itself through two parameters,and continuously learns and updates using coverage information to guide fuzzing to mutate in a more efficient direction.With this method,a fuzzer called FMFuzzer(Field Message-based Fuzzer)is developed that utilizes field information and coverage feedback.It is then compared with the other fuzzers Boofuzz and PAVFuzz through experiments.Experimental results demonstrate that,across three network protocols,FMFuzzer improves code coverage by an average of 10.97%over Boofuzz and 6.63%over PAVFuzz,proving the effectiveness of the proposed method.
关 键 词:网络协议漏洞挖掘 灰盒模糊测试 协议字段信息 代码覆盖率
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7