摘要
模糊测试是一种有效的自动化漏洞挖掘技术,主流模糊测试技术采用遗传算法生成测试用例,存在早熟现象,导致路径覆盖率不足。针对该问题,提出一种基于动态适应度函数的模糊测试方法。综合考虑了种子新度和路径深度因素,设计了根据测试阶段不同而动态变化的适应度函数,实现了基于动态适应度函数的模糊测试工具DynFuzzer。在BegBunch和CGC提供的测试集上进行实验,结果表明,与现有模糊测试工具相比,DynFuzzer路径覆盖率提高了40%,多发现了10%的bug。基于动态适应度函数的模糊测试方法能有效克服早熟问题,提高路径覆盖率,发现更多的bug。
Fuzzing is an effective technique for automatically mining vulnerabilities. The mainstream fuzzing technique uses genetic algorithm to generate cases for testing, but almost there exists a premature phenomenon, which leads to lower ratio of path coverage. Given this problem, this paper proposed a fuzzing test method based on dynamic fitness function. Considering the newness of seed and the depth of the path, it designed an improved fitness function of dynamic change with different test phases, by which, implemented the fuzzing testing tool--DynFuzzer. On the test set provided by BegBunch and CGC, it devised a experiment. The results show that compared with the existing fuzzing test tools, the DynFuzzer path coverage is 40% higher and 10% more bugs are found. The fuzzing test method based on dynamic fitness function can overcome the problem of prematurity, improve path coverage and find more bugs.
作者
邓一杰
刘克胜
朱凯龙
常超
Deng Yijie;Liu Kesheng;Zhu Kailong;Chang Chao(National University of Defense Technology, Electronic Engineering Institute, Hefei 230031, China)
出处
《计算机应用研究》
CSCD
北大核心
2019年第5期1415-1418,1427,共5页
Application Research of Computers
基金
国家重点研发计划重点专项资助项目(2017YFB0802905)