摘要
模糊测试被广泛应用于各种软件和系统的漏洞挖掘中.而模糊测试的效果与其采用的变异策略以及初始种子文件的代码覆盖率有直接的关系.本文提出了一种基于深度学习的种子文件生成方法,分析并学习初始种子文件和其在目标程序中的执行路径之间的关系,最终输出可能覆盖新执行路径的种子文件,从而提高初始种子文件集合的代码覆盖率.我们以PDF阅读器作为目标程序进行了实验,实验结果表明该方法所生成的种子文件保证了良好的通过率,而且明显提高了代码覆盖率.同时实验证明该方法在针对多种PDF阅读器进行模糊测试时都获得了更高的代码覆盖率.
Fuzzing is widely used for different kinds of software and systems to detect the vulnerabilities.The effectiveness and efficiency of fuzzing is related to the mutation strategy of the seed files and the code coverage of the seed files for the target program.This study proposes a new method based on deep learning for seed generation.The proposed method analyses and learns the correlation between the seed files and their paths in the target program.Finally,the proposed method generates seed files that more likely explore uncovered paths,thus increases the code coverage of the initial seed files for the target program.Aiming at the PDF reader,we carry out the experiment.The results demonstrates that the seed files generated by proposed method have a good passing rate of the PDF reader,in the meantime,significantly improve the code coverage.The experiment also indicates the applicability of proposed method:the seed files which are generated for specific target program(PDF reader)can also obtain higher code coverage when fuzzing some other kinds of PDF readers.
作者
李张谭
程亮
张阳
LI Zhang-Tan;CHENG Liang;ZHANG Yang(University of Chinese Academy of Sciences,Beijing 100049,China;Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China)
出处
《计算机系统应用》
2019年第4期9-17,共9页
Computer Systems & Applications
基金
国家自然科学基金(61471344
61772506)
国家重点研发计划(2017YFB0802902)~~
