Research On Fuzz Testing Technology Based On Low-hit-branche

In the field of software security testing,fuzz testing is an effective vulnerability detection technology.Coverage-based grey-box fuzzing is a method that is more efficient in fuzz testing.It uses the code coverage information of the tested program to guide random test case generation.AFL(American Fuzzy Lop)is a widely used gray box fuzzing tool based on basic block coverage.However,AFL can hardly find errors and security holes hidden in the deepness of the tested program,and its security vulnerability detection capability needs to be further improved.Generally speaking,statements located deeper in the tested program are more difficult to be covered by the test case.It can be considered that the corresponding branches are covered by the test cases less frequently(low-hit-branch),and test cases that cover low-hit-branch are generated,and are more likely to be discover errors and security holes hidden deep in the program under test.Therefore,this paper proposes a gray box fuzz test method based on low-hit-branch.Based on the generation of random mutation test cases for the initial seed,the new basic block covering the low hit branches is used as a guide to update and select the seed queue,generating a large number of random test cases;and in the mutation test case generation process,the corresponding byte mutation flag is set to provide guidance for the generation of double-byte and four-byte random test cases,so as to improve the security vulnerability detection capability and detection efficiency of the fuzz testing.In order to verify the effectiveness of the grey-box fuzzing test method based on low-hit-branch proposed in this paper,a prototype system was programmed and the gray box fuzzing test was performed on five benchmark programs with the AFL gray box fuzzing tool as the object,analyze and compare the security vulnerability detection capabilities and mutation test case generation efficiency.The experimental results show that compared with AFL,fuzz testing based on low-hit-branch can find more security holes,and its test generation efficiency is greatly improved,and the number of branch coverage increased by 28.6%in 24 hours based on the low-hit-branch fuzz test method.