《计算机应用研究》|Application Research of Computers

基于动态适应度函数的模糊测试技术研究

Research on fuzzing technique based on dynamic fitness function

免费全文下载 (已被下载 次)  
获取PDF全文
作者 邓一杰,刘克胜,朱凯龙,常超
机构 国防科技大学 电子对抗学院,合肥 230031
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2019)05-028-1415-04
DOI 10.19734/j.issn.1001-3695.2018.04.0266
摘要 模糊测试是一种有效的自动化漏洞挖掘技术,主流模糊测试技术采用遗传算法生成测试用例,存在早熟现象,导致路径覆盖率不足。针对该问题,提出一种基于动态适应度函数的模糊测试方法。综合考虑了种子新度和路径深度因素,设计了根据测试阶段不同而动态变化的适应度函数,实现了基于动态适应度函数的模糊测试工具DynFuzzer。在BegBunch和CGC提供的测试集上进行实验,结果表明,与现有模糊测试工具相比,DynFuzzer路径覆盖率提高了40%,多发现了10%的bug。基于动态适应度函数的模糊测试方法能有效克服早熟问题,提高路径覆盖率,发现更多的bug。
关键词 遗传算法; 动态适应度函数; DynFuzzer; 路径覆盖率
基金项目 国家重点研发计划重点专项资助项目(2017YFB0802905)
本文URL http://www.arocmag.com/article/01-2019-05-028.html
英文标题 Research on fuzzing technique based on dynamic fitness function
作者英文名 Deng Yijie, Liu Kesheng, Zhu Kailong, Chang Chao
机构英文名 National University of Defense Technology,Electronic Engineering Institute,Hefei 230031,China
英文摘要 Fuzzing is an effective technique for automatically mining vulnerabilities. The mainstream fuzzing technique uses genetic algorithm to generate cases for testing, but almost there exists a premature phenomenon, which leads to lower ratio of path coverage. Given this problem, this paper proposed a fuzzing test method based on dynamic fitness function. Considering the newness of seed and the depth of the path, it designed an improved fitness function of dynamic change with different test phases, by which, implemented the fuzzing testing tool——DynFuzzer. On the test set provided by BegBunch and CGC, it devised a experiment. The results show that compared with the existing fuzzing test tools, the DynFuzzer path coverage is 40% higher and 10% more bugs are found. The fuzzing test method based on dynamic fitness function can overcome the problem of prematurity, improve path coverage and find more bugs.
英文关键词 genetic algorithm; dynamic fitness function; DynFuzzer; path coverage
参考文献 查看稿件参考文献
 
收稿日期 2018/4/10
修回日期 2018/6/8
页码 1415-1418,1427
中图分类号 TP311.5
文献标志码 A