摘要
模糊测试技术是一种使用不同变异算子生成测试用例对程序进行漏洞检测的技术.当前对模糊测试技术的研究集中在变异算子的设计与程序分析两个方面,对多种变异算子之间的协同调度还没有进行深入研究.文章首先对模糊测试中通用的15个变异算子进行研究,分析不同变异算子在不同类型程序上的变异效率.文章以探索与利用模型为基础,结合变异算子变异效率变化的规律,设计了变异算子调度优化模型EE-POS,以提高模糊测试技术的漏洞挖掘效率.文章在原型系统EE-POS-AFL上实现了EE-POS变异算子调度优化模型,通过与AFL的对比实验表明EE-POS-AFL路径探索效率提高63%,漏洞检测效率提高153%.
Fuzzing technology is a technology that uses different mutation operators to generate test cases to detect vulnerabilities in programs.The current research on fuzzing technology focuses on the design of mutation operators and program analysis,and the collaborative scheduling between mutation operators has not been studied in depth.The article first studies 15 mutation operators commonly used in fuzzy testing,and analyzes the mutation efficiency of different mutation operators in different types of programs.Based on the exploration and utilization model,the article designs the mutation operator scheduling optimization model EE-POS based on the lawof mutation operator mutation efficiency to improve the vulnerability mining efficiency of the fuzzing technology.The article implements the EE-POS scheduling model on the prototype system EE-POS-AFL.The comparison with AFL shows that the path exploration efficiency of EE-POS-AFL is increased by 63%,and the vulnerability detection efficiency is increased by 153%.
作者
李明磊
陆余良
黄晖
朱凯龙
LI Ming-lei;LU Yu-liang;HUANG Hui;ZHU Kai-long(School of Electronic Warfare,National University of Defense Technology,Hefei 230037,China;Anhui Province Key Laboratory of Cyberspace Security Situational Awareness and Evaluation,Hefei 230037,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2021年第10期2190-2195,共6页
Journal of Chinese Computer Systems
基金
国家重点研发计划重点专项项目(2017YFB0802900)资助。
关键词
模糊测试
变异调度
探索与利用模型
目标优化
漏洞检测
fuzzy testing
mutation scheduling
explore and use models
target optimization
vulnerability detection
