期刊文献+

智能模糊测试综述:问题探索和方法分类

A Review of Smart Fuzzing:Problem Exploration and Method Classification
下载PDF
导出
摘要 随着近年来软件系统规模以及复杂性的增加,安全漏洞数量持续增长、影响面逐步扩大,全球安全形势依然严峻.针对该问题,学术界和工业界致力于研究高效的漏洞挖掘技术,提前发现和修复潜在的漏洞.其中模糊测试作为先进的漏洞挖掘技术之一,吸引了学术界和工业界的广泛关注.为了进一步提高漏洞挖掘的能力,研究人员提出了智能模糊测试,即利用人工智能和程序分析等技术作为辅助,从而实现对复杂软件系统更高效的测试和分析并智能引导漏洞挖掘方向.本文回顾了近八年来智能模糊测试研究进展,提出了一个通用模糊测试流程模型和问题导向的智能模糊技术分类方法,从优化测试输入生成、提高测试效率以及增强测试预言机三个方面总结了当前智能模糊测试的优势和不足之处,最后对智能模糊测试面临的挑战和未来研究方向进行展望和总结. With the increasing scale and complexity of software systems in recent years,along with the continuous growth in the number of security vulnerabilities and their expanding impact,the global security situation remains challenging.In response to this issue,academia and industry have been devoted to researching efficient vulnerability discovery techniques to identify and address potential vulnerabilities in advance.Among these techniques,fuzzing has garnered significant attention from academia and industry as an advanced vulnerability detection approach.To further enhance the capability of vulnerability discovery,researchers introduced smart fuzzing,which leverages artificial intelligence and program analysis techniques to assist in more efficiently testing and analyzing complex software systems,intelligently guiding the direction of vulnerability discovery.This paper reviews the progress of smart fuzzing over the past eight years,proposes a general fuzzing procedure model and a problem-oriented classification method for smart fuzzing techniques,and summarizes the current advantages and shortcomings of smart fuzzing from three aspects:optimizing test input generation,improving test efficiency,and enhancing test oracles.Finally,this paper offers a prospective outlook and summary of the challenges and future research directions in the field of smart fuzzing.
作者 王琴应 许嘉诚 李宇薇 潘祖烈 张玉清 张超 纪守领 WANG Qin-Ying;XU Jia-Cheng;LI Yu-Wei;PAN Zu-Lie;ZHANG Yu-Qing;ZHANG Chao;JI Shou-Ling(College of Computer Science and Technology,Zhejiang University,Hangzhou 310007;College of Control Science and Engineering,Zhejiang University,Hangzhou 310007;College of Electronic Engineering,National University of Defense Technology,Hefei 230037;Department of National Computer Network Intrusion Protection Center,University of Chinese Academy of Sciences,Beijing 101408;Institute for Network Science and Cyberspace,Tsinghua University,Beijing 100084)
出处 《计算机学报》 EI CAS CSCD 北大核心 2024年第9期2059-2083,共25页 Chinese Journal of Computers
基金 国家自然科学基金联合重点项目(U1936215) 国家自然科学基金青年基金项目(62202484) 国家自然科学基金联合重点项目(U2336203)资助.
关键词 模糊测试 软件与系统安全 漏洞挖掘 人工智能 程序分析 fuzzing software and system security vulnerability discovery artificial intelligence program analysis
  • 相关文献

参考文献1

二级参考文献1

共引文献25

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部