Research On Fuzzng Method Of Fine-grained Mutation Strategy Based On Dynamic Taint Analysis

As software increases in complexity and functionality,so does the likelihood that the software has potential vulnerabilities.Vulnerability mining methods based on fuzz testing are used to prevent software vulnerabilities,and fuzz testing technology has gradually become a research hotspot in the field of software security.In the existing fuzz testing solutions,due to the lack of feedback mechanism or the lack of targeted fine-grained mutation methods,problems such as low software execution path coverage,the small number of mutated testcases,and premature convergence occur,resulting in unsatisfactory vulnerability mining results.Firstly,in view of the lack of measurement of key basic blocks in fuzzing tools,the paper studies the exploration problem of key basic blocks,and proposes a method of statically constructing and dynamically adjusting the weights of basic blocks.In the static construction stage,the basic block weights are initialized according to the path depth,and in the dynamic adjustment stage,the actual basic block execution times of the target software are obtained by using the binary instrumentation technology to adjust and optimize the basic block weights.Through the measurement of the weights of the basic blocks,the comprehensive fitness is sorted and filtered.Secondly,in view of the large number of invalid and repeated test cases in the fuzzing tool,the paper studies the problem of population selection by genetic algorithm,and proposes a comprehensive fitness calculation method based on multiple dimensions.The samples are screened by comprehensive fitness ranking,which reduces the duplication of fuzz testing.In addition,the paper proposes a targeted fine-grained mutation strategy for key offset fields that cannot be mutated by fuzzing tools.Before the mutation stage,the key field location is tracked and completed by the dynamic taint analysis technology,and the fine-grained field level mutation is performed according to the key offset field and the block mutation method based on the file structure is performed to reduce the number of invalid samples and improve the efficiency of fuzz testing.Based on the fine-grained mutation strategy algorithm based on dynamic taint analysis,the paper designs and implements a fine-grained mutation fuzzing test prototype tool DynamicPeach,and conducts comparative experiments with the popular fuzzing test solutions WinAFL and Peach.The basic block coverage is improved,and it is concluded that DynamicPeach has the ability to continuously exploit vulnerabilities in the iterative test comparison experiment.