提高fuzzing边覆盖率的改进方法

贾春福; 严盛博; 王志; 武辰璐; 黎航

doi:10.11959/j.issn.1000-436x.2019223

您当前的位置：

首页 >

文章列表页 >

提高fuzzing边覆盖率的改进方法

学术论文 | 更新时间：2024-06-05

- 提高fuzzing边覆盖率的改进方法
- Method to improve edge coverage in fuzzing
- 通信学报 2019年40卷第11期页码：76-85
- 作者机构：
  
  1. 南开大学网络空间安全学院，天津 300350
  2. 南开大学人工智能学院，天津 300350
- 作者简介：
  
  [ "贾春福（1967- ），男，河北文安人，博士，南开大学教授、博士生导师，主要研究方向为计算机网络与信息安全、可信计算、恶意代码分析。" ]
  [ "严盛博（1987- ），男，湖北荆州人，南开大学硕士生，主要研究方向为逆向工程与漏洞挖掘。" ]
  [ "王志（1981- ），男，山西长治人，博士，南开大学讲师，主要研究方向为计算机病毒的分析与防治。" ]
  [ "武辰璐（1997- ），女，河南焦作人，南开大学硕士生，主要研究方向为二进制漏洞挖掘。" ]
  [ "黎航（1995- ），男，湖北荆门人，南开大学硕士生，主要研究方向为自然语言处理。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61972215);国家自然科学基金资助项目(61702399);国家自然科学基金资助项目(61972073);国家自然科学基金资助项目(61872202);天津市自然科学基金资助项目(17JCZDJC30500);赛尔网络下一代互联网技术创新基金资助项目(NGII20180401)
- DOI：10.11959/j.issn.1000-436x.2019223
  中图分类号： TP311.1
- 网络出版日期：2019-11，
  
  纸质出版日期：2019-11-25
- 稿件说明：
移动端阅览
贾春福, 严盛博, 王志, 等. 提高fuzzing边覆盖率的改进方法[J]. 通信学报, 2019,40(11):76-85.

Chunfu JIA, Shengbo YAN, Zhi WANG, et al. Method to improve edge coverage in fuzzing[J]. Journal on communications, 2019, 40(11): 76-85.
贾春福, 严盛博, 王志, 等. 提高fuzzing边覆盖率的改进方法[J]. 通信学报, 2019,40(11):76-85. DOI： 10.11959/j.issn.1000-436x.2019223.

Chunfu JIA, Shengbo YAN, Zhi WANG, et al. Method to improve edge coverage in fuzzing[J]. Journal on communications, 2019, 40(11): 76-85. DOI： 10.11959/j.issn.1000-436x.2019223.

摘要

针对 AFL 边覆盖不全、未充分利用边覆盖信息和有效字节信息的问题，提出了改进方法。首先，设计了新的种子选择算法，在一轮循环中可完全覆盖所有已发现的边；其次，按边覆盖热度对路径评分，以此调整种子的测试次数；最后，对有效字节进行更多的变异。基于上述方法实现了新的 fuzzing 工具—efuzz。实验表明， efuzz的平均边覆盖数比AFL和AFLFast分别增加了5%和9%；在LAVA-M测试集中，efuzz发现的漏洞数超过了AFL；在常用软件中，efuzz发现了3个新的CVE漏洞。所提方法可以有效提高fuzzing的边覆盖率、提升漏洞发现能力，具有实用性。

Abstract

Aiming at the problems of incomplete edge coverage

insufficient uses of edge coverage information and valid bytes information in AFL (American fuzz lop)

a novel method was proposed.Firstly

a new seed selection algorithm was introduced

which could completely cover all edges discovered in one cycle.Secondly

the paths were scored according to the frequency of edges

to adjust the number of tests for each seed.Finally

more mutations were crafted on the valid bytes of AFL.Based on the method above

a new fuzzing tool named efuzz was implemented.Experiment results demonstrate that efuzz outperforms AFL and AFLFast in the edge coverage

with the increases of 5% and 9% respectively.In the LAVA-M dataset

efuzz found more vulnerabilities than AFL.Moreever

in real world applications efuzz has found three new security bugs with CVEs assigned.The method can effectively improve the edge coverage and vulnerability detection ability of fuzzer.

关键词

Keywords

references

SUTTON M , GREENE A , AMINI P . Fuzzing:brute force vulnerability discovery [M ] . NJ : Pearson EducationPress , 2007 .

CHEN C , CUI B , MA J , et al . A systematic review of fuzzing techniques [J ] . Computers ＆ Security , 2018 , 75 ( 1 ): 118 - 137 .

RAWAT S , JAIN V , KUMAR A , et al . VUzzer:application-aware evolutionary fuzzing [C ] // ISOC Network and Distributed System Security Symposium . ISOC , 2017 : 1 - 14 .

BÖHME M , PHAM V T , NGUYEN M D , et al . Directed greybox fuzzing [C ] // ACM Conference on Computer and Communications Security . ACM , 2017 : 2329 - 2344

CHEN H , XUE Y , LI Y , et al . Hawkeye:towards a desired directed grey-box fuzzer [C ] // ACM Conference on Computer and Communications Security . ACM , 2018 : 2095 - 2108 .

STEPHENS N , GROSEN J , SALLS C , et al . Driller:augmenting fuzzing through selective symbolic execution [C ] // ISOC Network and Distributed System Security Symposium . ISOC , 2016 : 1 - 16 .

SHOSHITAISHVILI Y , WANG R , SALLS C , et al . Sok:state of the art of war:offensive techniques in binary analysis [C ] // IEEE Symposium on Security and Privacy . IEEE , 2016 : 138 - 157 .

OGNAWALA S , KILGER F , PRETSCHNER A . Compositional fuzzing aided by targeted symbolic execution [J ] . arXiv Preprint,arXiv:1903.02981 , 2019 .

CADAR C , DUNBAR D , ENGLER D R . KLEE:unassisted and automatic generation of high-coverage tests for complex systems programs [C ] // USENIX Symposium on Operating Systems Design and Implementation . USENIX , 2008 : 209 - 224 .

孙鸿宇 , 何远 , 王基策 , 等 . 人工智能技术在安全漏洞领域的应用 [J ] . 通信学报 , 2018 , 39 ( 8 ): 1 - 17 .

SUN H Y , HE Y , WANG J C , et al . Application of artificial intelligence technology in the field of security vulnerability [J ] . Journal on Communications , 2018 , 39 ( 8 ): 1 - 17 .

GODEFROID P , PELEG H , SINGH R . Learn ＆ fuzz:machine learning for input fuzzing [C ] // IEEE/ACM International Conference on Automated Software Engineering . IEEE/ACM , 2017 : 50 - 59 .

WANG J , CHEN B , WEI L , et al . Skyfire:Data-driven seed generation for fuzzing [C ] // IEEE Symposium on Security and Privacy . IEEE , 2017 : 579 - 594 .

GAN S , ZHANG C , QIN X , et al . CollAFL:path sensitive fuzzing [C ] // IEEE Symposium on Security and Privacy . IEEE , 2018 : 679 - 696 .

KLEES G , RUEF A , COOPER B , et al . Evaluating fuzz testing [C ] // ACM Conference on Computer and Communications Security . ACM , 2018 : 2123 - 2138 .

DOLAN-GAVITT B , HULIN P , KIRDA E , et al . Lava:large-scale automated vulnerability addition [C ] // IEEE Symposium on Security and Privacy . IEEE , 2016 : 110 - 121 .

LI J , ZHAO B , ZHANG C . Fuzzing:a survey [J ] . Cybersecurity , 2018 , 1 ( 1 ):6.

>BÖHME M , PHAM V T , Roychoudhury A . Coverage-based greybox fuzzing as Markov chain [C ] // ACM Conference on Computer and Communications Security . ACM , 2016 : 1032 - 1043 .

WANG M , LIANG J , CHEN Y , et al . SAFL:increasing and accelerating testing coverage with symbolic execution and guided fuzzing [C ] // International Conference on Software Engineering . 2018 : 61 - 64 .

王志 , 蔡亚运 , 刘露 , 等 . 基于覆盖率分析的僵尸网络控制命令发掘方法 [J ] . 通信学报 , 2014 , 35 ( 1 ): 156 - 166 .

WANG Z , CAI Y Y , LIU L , et al . Using coverage analysis to extract Botnet command-and-control protocol [J ] . Journal on Communications , 2014 , 35 ( 1 ): 156 - 166 .

浏览量

2303

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

Android平台NFC应用漏洞挖掘技术研究

基于控制流序位比对的智能Fuzzing测试方法