Algorithm of key branch exploration and hotspot update for software vulnerability fuzzy testing

Vol. 41, 2024 No. 7

Tang Chenghua^1,2a

Cai Weijia¹

Qiang Baohua^1,2b

1. Guangxi Key Laboratory of Trusted Software, Guilin Guangxi 541004, China

2. a. Guangxi Key Laboratory of Cryptography & Information Security, b. Guangxi Cloud Computing & Big Data Collaborative Innovation Center, Guilin University of Electronic Technology, Guilin Guangxi 541004, China

DOI: 10.19734/j.issn.1001-3695.2023.11.0508

Abstract

In software development and application, due to its reproducibility, fuzzy testing can help identify vulnerabilities and analyze the causes of vulnerabilities in a targeted manner. In order to address the issues of efficiency and testing intensity in the fuzzy testing process, this paper proposed a key branch exploration and hotspot update algorithm for software vulnerability fuzzy testing. This method guided the exploration direction of the fuzzy testing process and the generation of test cases by capturing, analyzing, and utilizing key information on the execution position of the inspected program when processing test cases. The experimental results showed that the proposed method had a significant improvement in vulnerability detection ability compared to the traditional randomly divergent fuzzy testing methods, and more than 100 undisclosed vulnerabilities were found in 14 open source programs such as Otfcc and Swftools. Exploring key branches and updating hotspots provide a new and reliable approach for using fuzzy testing for software vulnerability detection.

Key Words

fuzzy testing code analysis key branch vulnerability detection

Foundation Support

国家自然科学基金资助项目(62062028)

广西可信软件重点实验室基金资助项目(KX202320)

广西研究生教育创新计划项目(YCSW2023295)

Publish Information

DOI: 10.19734/j.issn.1001-3695.2023.11.0508

Publish at: Application Research of Computers Accepted Paper, Vol. 41, 2024 No. 7

Publish History

Cite This Article

唐成华, 蔡维嘉, 林和, 等. 软件漏洞模糊测试的关键分支探索及热点更新算法 [J]. 计算机应用研究, 2024, 41 (7). (2024-04-10). https://doi.org/10.19734/j.issn.1001-3695.2023.11.0508. (Tang Chenghua, Cai Weijia, Lin He, et al. Algorithm of key branch exploration and hotspot update for software vulnerability fuzzy testing [J]. Application Research of Computers, 2024, 41 (7). (2024-04-10). https://doi.org/10.19734/j.issn.1001-3695.2023.11.0508. )

Abstract Key Words Foundation Support Publish Information Publish History Cite This Article

About the Journal

Application Research of Computers Monthly Journal
Journal ID ISSN 1001-3695
CN 51-1196/TP

Application Research of Computers, founded in 1984, is an academic journal of computing technology sponsored by Sichuan Institute of Computer Sciences under the Science and Technology Department of Sichuan Province.

Aiming at the urgently needed cutting-edge technology in this discipline, Application Research of Computers reflects the mainstream technology, hot technology and the latest development trend of computer application research at home and abroad in a timely manner. The main contents of the journal include high-level academic papers in this discipline, the latest scientific research results and major application results. The contents of the columns involve new theories of computer discipline, basic computer theory, algorithm theory research, algorithm design and analysis, blockchain technology, system software and software engineering technology, pattern recognition and artificial intelligence, architecture, advanced computing, parallel processing, database technology, computer network and communication technology, information security technology, computer image graphics and its latest hot application technology.

Application Research of Computers has many high-level readers and authors, and its readers are mainly senior and middle-level researchers and engineers engaged in the field of computer science, as well as teachers and students majoring in computer science and related majors in colleges and universities. Over the years, the total citation frequency and Web download rate of Application Research of Computers have been ranked among the top of similar academic journals in this discipline, and the academic papers published are highly popular among the readers for their novelty, academics, foresight, orientation and practicality.

Indexed & Evaluation

The Second National Periodical Award 100 Key Journals
Double Effect Journal of China Journal Formation
the Core Journal of China (Peking University 2023 Edition)
the Core Journal for Science
Chinese Science Citation Database (CSCD) Source Journals
RCCSE Chinese Core Academic Journals
Journal of China Computer Federation
2020-2022 The World Journal Clout Index (WJCI) Report of Scientific and Technological Periodicals
Full-text Source Journal of China Science and Technology Periodicals Database
Source Journal of China Academic Journals Comprehensive Evaluation Database
Source Journals of China Academic Journals (CD-ROM Version), China Journal Network
2017-2019 China Outstanding Academic Journals with International Influence (Natural Science and Engineering Technology)
Source Journal of Top Academic Papers (F5000) Program of China's Excellent Science and Technology Journals
Source Journal of China Engineering Technology Electronic Information Network and Electronic Technology Literature Database
Source Journal of British Science Digest (INSPEC)
Japan Science and Technology Agency (JST) Source Journal
Russian Journal of Abstracts (AJ, VINITI) Source Journals
Full-text Journal of EBSCO, USA
Cambridge Scientific Abstracts (Natural Sciences) (CSA(NS)) core journals
Poland Copernicus Index (IC)
Ulrichsweb (USA)