Research And Design Of Vulnerability Discovery Based On Fuzzing Technology

In today’s society, computer technology and network technology have been greatly developed,and informatization degree of society has deepened ceaselessly.Computers and networks have brought convenience to people,but this also makes people depend on computer and network more and more.At the same time, it also brings a lot of security issues.In recent years, security incidents occur frequently and it presents an increasing trend. Security issues are generally caused by software vulnerabilities and network vulnerabilities.So researching vulnerability mining technology and strengthening safety protection are very important for the protection of computer and network security.Vulnerability mining methods include white box testing,black box testing and gray box testing.In addition, fuzzing technology is also an important vulnerability mining method.During fuzzing test,fuzzing tools send a large number of illegal data to the target to be tested,and monitor the target program being tested whether an exception occurs.Testers determine whether the target is vulnerable though this method.Fuzzing test has the characteristics of high automation, wide application scope and strong reusability of test cases,it’s a very efficient test method.At present,most of the fuzzing tests have blindness, and the test cases are redundant.In response to these conditions,this paper presents a modified fuzzing framework and policy which constructs test cases based on prior knowledge,sends these test cases to target program and monitors the situation of target program. On this basis,this paper designed and implemented the appropriate fuzzing test system.The main work of this paper is as follows:1.Expound the concept and causes of the vulnerability. And research the existing mainstream vulnerability discovery techniques.Through analysis, summarize their strengths and weaknesses.2-Research on existing fuzzing techniques,summarize some shortcomings.This paper presents a modified fuzzing framework and policy,through the analysis of historical vulnerabilities, sum up the law.Then generate test cases targetedly.At the same time, use this strategy to improve the genetic algorithm to generate more test cases with higher probability of triggering vulnerabilities.3.Design and implement the fuzzing test system.The whole system is divided into two parts:server and client.The client includes test cases generation module and fuzzing test session script,the server includes the target program and the process monitoring module.4.Set up experimental environment and do simulation experiment.In this paper,the fuzzing test system was applied for testing two ftp server software.During the experiment,some vulnerabilities were found.The experimental results have reached the theoretical expectation.At the same time,the results have proved the correctness of the theory,availability of the fuzzing test system.The research results of this paper have some practical value.