Research On Key Technologies Of Directed Fuzz Testing

The most typical approach in current vulnerability mining technologies is fuzz testing.The efficiency of discovering vulnerabilities,however,is not very excellent because of the randomness and blindness of the initial fuzz testing method at the stage of generating test cases.For directed fuzzing technology,it is more likely to carry out vulnerability detection in the specified area of the target program under test,and can efficiently direct to the problematic key system call or dangerous location,or point to the stack of the reported vulnerability that we want to reproduce tracking.In actuality,directed fuzz testing technology has flaws as well,main among them neglecting critical vulnerabilities and poor testing effectiveness.The directed fuzzing technique primarily confronts two challenges at the present:(1)The unequal distribution of power.(2)It is impossible to cover each pathway for vulnerability detection.The directed gray box fuzzer AFLGO uses the algorithm based on calculating the distance between the test case and the location of the target under test and the simulated annealing power algorithm to guide the fuzzer to perform different energy allocations on the seeds,realizing the directed fuzzing of the program under test.However,because the calculation method of AFLGO is overly simple,seeds closer to the target area will receive more energy while seeds farther away will not receive enough energy,making it impossible to cover the path leading away from the target area and making it impossible to detect deeper vulnerabilities.This thesis uses AFL as its object and introduces improvement methods for calculation of the distance to the target area and seed energy allocation.The primary work is as follows:1.This thesis used a more lightweight static analysis that considers patterns of(on-the-fly)call connections based on the created call graph.To increase the stability of the direction,we added the neighbor function calculation using the results of the static analysis.This technique runs directed fuzzing by taking into account all target trajectories and avoiding deviations from specific trajectories.2.This thesis introduced the fruit fly algorithm to construct the energy scheduling function,and dynamically regulates the energy allocation of the seeds during the fuzz testing,so that the number and number of mutations of the seeds can reach better results.And you can reach the designated area for fuzz testing more quickly and effectively,which helps to detect more vulnerabilities.3.This thesis improved the original open-source AFL system and created and put into use the AFLmo system by the improvement strategy provided in this work.The research examines the target programs GNU Binutils and Libpng,respectively,and compares the experimental results to those of AFL and AFLGO.The results show that in terms of vulnerability exposure time and target site coverage,AFLmo performs better than AFL and AFLGO.This research analyzes the AFLmo system through experiments and shows that the target distance calculation optimization approach it suggests can more precisely guide the directed fuzz testing.Also,it has been demonstrated that the energy scheduling method based on the fruit fly algorithm significantly increases the effectiveness of the target system’s fuzz testing.