| With the continuous development of Internet technology,the scale of various software continues to expand,and defects in software are also emerging in endlessly.Fuzz testing technology is a very popular software vulnerability mining technology today,it has a good software defect mining ability.However,fuzz testing is more blind when exploring the state space of the program,which wasted a large amount of computing resources.The directed fuzzing tool,AFLGo,based on grey-box fuzzing,focus test resources on pre-set target code regions,guiding mutation to pre-set target code regions,which can explore vulnerabilities at specific regions of program efficiently.However,AFLGo doesn’t taken full advantage of runtime information to optimize the mutation sequence of seeds at exploration stage and exploitation stage in terms of its seed choosing strategy,limiting its performance.Additionally,the annealing-based power schedule of AFLGo regulates power over time,which is unstable.In case the number of seeds in queue is too large,or the execution time of a seed is too long,the effect of that schedule decreased.This paper improves the seed choosing strategy and the power schedule of traditional directed grey-box fuzzing tool(AFLGo)by using the number of low frequency branch coverd by a seed and the distance to target code regions to impact the priority of seeds,aiming at enhancing the test performance of two stages of AFLGo individually.Meanwhile,this paper adopts Artificial Bee Colony Algorithm to regulate power,and an improved directed grey-box fuzzing tool,named HyFuzz,is implemented.The experimental result shows that,for four kinds of common open source software,compared to AFLGo,HyFuzz can increase the coverage more efficiently at exploration stage,can generate seeds which are more close to target code regions at exploitation stage,and Artificial Bee Colony Algorithm also can regulate power as intended.The experimental result indicates that HyFuzz is a better directed grey-box fuzzing tool than AFLGo. |
PDF Full Text Request