一种高效的软件模糊测试种子生成方法

Efficient seed generation method for software fuzzing

模糊测试技术作为当前软件工程领域用于挖掘漏洞的有效方式之一,其在发现软件潜在漏洞方面有着非常显著的效果。针对传统模糊测试技术中种子选择策略无法快速有效地生成高质量的种子集,导致变异生成的测试用例无法到达更深路径、触发更多安全漏洞的问题,基于改进生成对抗网络(GAN)提出了一个种子生成方法以实现高效模糊测试。通过优化LeakGAN网络结构提高生成种子的质量和多样性,引入编解码技术实现灵活扩展生成种子的类型,并显著提高了在不同输入格式下目标程序的模糊测试性能。实验结果表明,采取的种子生成策略在覆盖率、触发唯一崩溃等指标上有明显提升,并有效地提高了种子生成速度。文中选择了6个具有不同高度结构化输入的开源程序和不同的模糊测试工具来验证策略的有效性,相较原策略分支覆盖率平均增长约2.79%,并且多发现了约10.35%的唯一路径以及约86.92%的唯一崩溃。

As one of the effective ways to exploit software vulnerabilities in the current software engineering field,fuzzing plays a significant role in discovering potential software vulnerabilities.The traditional seed selection strategy in fuzzing cannot effectively generate high-quality seeds,which results in the testcases generated by mutation being unable to reach deeper paths and trigger more security vulnerabilities.To address these challenges,a seed generation method for efficient fuzzing based on the improved generative adversarial network(GAN)is proposed which can flexibly expand the type of seed generation through encoding and decoding technology and significantly improve the fuzzing performance of most applications with different input types.In experiments,the seed generation strategy adopted in this paper significantly improved the coverage and unique crashes,and effectively increased the seed generation speed.Six open-sourced programs with different highly-structured inputs were selected to demonstrate the effectiveness of our strategy.As a result,the average branch coverage increased by 2.79%,the number of paths increased by 10.35%and additional 86.92%of unique crashes were found compared to the original strategy.