摘要
针对目前模糊测试方法存在大量无效测试用例的缺陷,提出了一种利用动态污点跟踪优化模糊测试的方法.该方法通过将外部输入的测试用例标记为污点数据,并记录污点数据的传播路径,然后利用传播路径相似度比对来判断某个测试用例是否有效,若测试用例无效则直接丢弃,若测试用例有效则进行并行化处理,进一步对测试用例进行分析.通过构建原型系统对上述方法进行验证,结果表明优化后的模糊测试比未优化的模糊测试在性能上提升了近一倍.
Considering the existing fuzzing methods have a common flaw that there are a large number of redundant test cases,a method of dynamic taint tracking to optimize fuzzing was investigated.The key idea of this method was marking the input test case as taint data,and recording the propagation path of taint data,then using the comparison of propagation paths’similarity to judge a test case is redundant or not.If the test case is redundant,it is discarded directly.Otherwise,it is used to help further analysis through parallel processing.To validate the method,aprototype system was implemented.The test results show that the optimized Fuzzing method has been promoted nearly one time in efficiency than the non-optimized Fuzzing method.
作者
赵斌
李伟明
王永剑
Zhao Bin;Li Weiming;Wang Yongjian(School of Computer Science,Huazhong University of Science and Technology,Wuhan 430074,China;Key Laboratory of Information Security of Ministry of Public Security,The Third Research Institute of Ministry of Public Security,Shanghai 201204,China)
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2016年第S1期75-79,共5页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家自然科学基金资助项目(61370230)
公安部第三研究所信息网络安全公安部重点实验室开放基金资助项目(C14603)
