面向软件漏洞检测的Fuzzing样本优化方法

Fuzzing sample optimization method for software vulnerability detection

软件漏洞检测在信息物理融合系统中通常使用模糊测试(Fuzzing)技术。针对Fuzzing技术中存在大量冗余的测试样本,且样本探测异常的有效性较低的情况,提出一种面向软件漏洞检测的Fuzzing样本优化的方法。首先筛除随机样本中软件不接受的样本,并通过改进的动态规划算法获得初始样本的精简集,以减小初始样本的数量;然后在测试过程中跟踪污点传播路径,利用Simhash和海明距离的改进算法求解样本传播路径相似度,通过删除相似度较高的样本进一步降低样本冗余;最后对触发异常的样本进行遗传变异构建新的测试样本,以增加样本的有效性。通过实验结果可以看出,相较于利用基于贪心算法和基于异常分布导向的方法,这里提出的方法有效减小了测试样本冗余,并且提升了测试样本的有效性。

Software vulnerability detection Fuzzy testing techniques are commonly used in information physical fusion systems.But there are a large number of redundant test samples in Fuzzing technology,and the sample detection anomaly is less effective.Therefore,this paper proposes a Fuzzing sample optimization method for software vulnerability detection.Firstly,the samples that are not accepted by the software in the random sample are filtered out,and the improved dynamic programming algorithm is used to calculate the sample reduced set,and the number of initial samples is reduced.Then track the stain propagation path during the test,use the improved algorithm of Simhash and Hamming distance to solve the similarity of the sample propagation path,and further reduce the sample redundancy by deleting the samples with higher similarity.Finally,the genetic variation of the sample that triggers the abnormality is constructed.New test samples will increase the validity of the sample.It can be seen from the experimental results that compared with the method based on greedy algorithm and based on abnormal distribution orientation,the proposed method effectively reduces the test sample redundancy and improves the validity of the test sample.