摘要
AFL作为模糊测试领域最具有代表性的工具,使用至今已发现大量软件的内存漏洞。实验表明,AFL超过60%的变异操作不会产生任何新路径,这些变异都是无效的变异。文章对AFL种子变异策略进行分析,研究并提出了一种变异策略的优化算法。该算法通过在确定性变异阶段记录种子文件的有效字节数组,在随机性变异阶段判断要变异的字节是否为有效字节来进行选择性的变异。根据所提出的算法对AFL进行了优化,实验验证了该种子变异优化算法的有效性。
As the most representative tool in the field of Fuzzing,AFL has found a large number of software memory vulnerabilities so far.Experiment results show that more than 60%of AFL’s mutations will not find any new paths,and these mutations are invalid.The paper analyzes the AFL seed mutation strategy,studies and proposes an optimization algorithm for the mutation strategy.The algorithm performs selective mutation by recording the effective byte array of the seed file in the deterministic mutation stage,and judging whether the bytes to be mutated are valid bytes in the random mutation stage.According to the proposed algorithm,AFL is optimized,and the experiment verifies the effectiveness of the seed mutation optimization algorithm.
作者
张琦
马莺姿
ZHANG Qi;MA Yingzi(College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 210007,China;State Key Laboratory for Novel Software Technology at Nanjing University,Nanjing 210023,China)
出处
《现代信息科技》
2021年第24期142-145,共4页
Modern Information Technology
基金
国家自然科学基金(62172217)。
