模糊测试中的位置自适应变异调度策略

Position-Adaptive Mutation Scheduling Strategy in Fuzzing

种子自适应变异调度策略是基于变异的模糊测试中最新的技术,该技术能够根据种子的语法和语义特征自适应地调整变异算子的概率分布,然而其存在两个问题:(1)无法根据变异位置自适应地调整概率分布;(2)使用的汤普森采样算法在模糊测试场景中容易导致学习到的概率分布接近平均分布,进而导致变异调度策略失效。针对上述问题,该文提出一种位置自适应变异调度策略,通过一种自定义的双层多臂老虎机模型为变异位置和变异算子建立联系,并且采用置信区间上界算法选择变异算子,实现位置自适应的同时避免了出现平均分布的问题。基于American Fuzzy Lop(AFL)实现了位置自适应的模糊测试器(PAMSSAFL),实验结果表明位置自适应的变异调度策略能明显提升模糊测试器的bug发现能力和覆盖能力。

The seed-adaptive mutation scheduling strategy is the latest technology in mutation-based fuzzing,which can adaptively adjust the probability distribution of the mutation operators according to the syntax and semantic characteristics of the seed.However,it has two problems:(1)it is unable to adaptively adjust the probability distribution according to the mutation position;(2)The Thompson Sampling algorithm used in the fuzzing scenario is easy to lead to the learned probability distribution close to the average distribution,which leads to the failure of the mutation scheduling strategy.Focusing on the above problems,a position-adaptive mutation scheduling strategy is proposed.This technology establishes the relationship between the mutation position and the mutation operators through a user-defined double-layer multi-armed bandit model,and uses the Upper Confidence Bound algorithm to select the mutation operator,so as to achieve position adaptation and avoid the problem of average distribution.The position-adaptive fuzzer Position-Adaptive Mutation Scheduling Strategy AFL(PAMSSAFL)is implemented based on American Fuzzy Lop(AFL).The comparison results show that the position-adaptive mutation scheduling strategy can improve the bug detection ability and coverage ability of the fuzzer.