摘要
针对AFL边覆盖不全、未充分利用边覆盖信息和有效字节信息的问题,提出了改进方法。首先,设计了新的种子选择算法,在一轮循环中可完全覆盖所有已发现的边;其次,按边覆盖热度对路径评分,以此调整种子的测试次数;最后,对有效字节进行更多的变异。基于上述方法实现了新的fuzzing工具-efuzz。实验表明,efuzz的平均边覆盖数比AFL和AFLFast分别增加了5%和9%;在LAVA-M测试集中,efuzz发现的漏洞数超过了AFL;在常用软件中,efuzz发现了3个新的CVE漏洞。所提方法可以有效提高fuzzing的边覆盖率、提升漏洞发现能力,具有实用性。
Aiming at the problems of incomplete edge coverage, insufficient uses of edge coverage information and valid bytes information in AFL(American fuzz lop), a novel method was proposed. Firstly, a new seed selection algorithm was introduced, which could completely cover all edges discovered in one cycle. Secondly, the paths were scored according to the frequency of edges, to adjust the number of tests for each seed. Finally, more mutations were crafted on the valid bytes of AFL. Based on the method above, a new fuzzing tool named efuzz was implemented. Experiment results demonstrate that efuzz outperforms AFL and AFLFast in the edge coverage, with the increases of 5% and 9% respectively. In the LAVA-M dataset, efuzz found more vulnerabilities than AFL. Moreever, in real world applications efuzz has found three new security bugs with CVEs assigned. The method can effectively improve the edge coverage and vulnerability detection ability of fuzzer.
作者
贾春福
严盛博
王志
武辰璐
黎航
JIA Chunfu;YAN Shengbo;WANG Zhi;WU Chenlu;LI Hang(College of Cyber Science,Nankai University,Tianjin 300350,China;College of Artificial Intelligence,Nankai University,Tianjin 300350,China)
出处
《通信学报》
EI
CSCD
北大核心
2019年第11期76-85,共10页
Journal on Communications
基金
国家自然科学基金资助项目(No.61972215,No.61702399,No.61972073,No.61872202)
天津市自然科学基金资助项目(No.17JCZDJC30500)
赛尔网络下一代互联网技术创新基金资助项目(No.NGII20180401)
