摘要
模糊测试是漏洞分析技术中的一项代表性技术,其通过生成一组测试用例来测试程序,并在执行过程中观测异常,从而查找错误或识别安全漏洞.AFL是当前一款主流的开源模糊器,本文在分析AFL的基础上,针对测试用例变异环节的变异操作选择方法进行改进,提出了一种基于汤普森采样的模糊测试用例自动化变异方法,并实现了工具TPSFuzzer,支持对二进制程序进行模糊测试.其主要思想是通过将模糊测试中变异操作选择问题转化为多臂赌博机问题,结合汤普森采样优化算法,在特定程序上自适应地学习变异操作的概率分布;同时将硬件程序追踪机制与AFL相结合,以辅助进行路径信息获取和变异操作选择,从而提高AFL的测试效率和路径覆盖率.本文选取LAVA数据集和两个真实二进制程序作为测试集,通过与PTFuzzer的对比实验分析得出,TPSFuzzer可以产生更高的代码覆盖率和更好的测试效率.
Fuzzing is one of the representative vulnerability detection technologies,which generates a set of inputs to test program,so as to find errors and identify security vulnerabilities during execution.Analyzing AFL(American fuzzy lop),a mainstream open-source fuzzer,and improving the selection method of mutation operators in the process of input mutation,this paper proposed TPSFuzzer,an automatically mutation approach of fuzzing based on Thompson sampling to support the fuzzing for binary program.The approach was designed to transform the selection of mutation operators in fuzzing into the problem of multi-armed bandit,and employ Thompson sampling optimization method to adaptively learn the probability distribution of mutation operators.Meanwhile,the proposed approach was arranged to utilize Intel processor trace mechanism to accurately collect path information and assist the selection of mutation operation,so that AFL could effectively discover more hard-to-trigger vulnerabilities.Compared with PTFuzzer,the experimental results on the LAVA data set and two real-world binaries show that TPSFuzzer can produce higher code coverage and achieve better fuzzing efficiency.
作者
马锐
贺金媛
王雪霏
王夏菁
李斌斌
胡昌振
MA Rui;HE Jin-yuan;WANG Xue-fei;WANG Xia-jing;LI Bin-bin;HU Chang-zhen(Beijing Key Laboratory of Software Security Engineering Technology,School of Computer Science and Technology,Beijing Institute of Technology,Beijing 100081,China)
出处
《北京理工大学学报》
EI
CAS
CSCD
北大核心
2020年第12期1307-1313,共7页
Transactions of Beijing Institute of Technology
基金
国家重点研发计划资助项目(2016QY07X1404)。
关键词
模糊测试
AFL
变异操作
程序追踪
fuzzing
AFL(American fuzzy lop)
mutation operation
processor trace
