| Fuzzing is one of the main technical means of automated vulnerability discovery.In recent years,most researches on fuzzing have focused on improving the code coverage of the newly generated input to the target program,ignoring the impact of the seed feedback strategy on improving the efficiency of fuzzing,and unable to explore specific target location in the program in a targeted manner.In the process of static analysis,this thesis extracts the program call graph(CG)and the corresponding Control-flow graph(CFG)of the target program,and on this basis,the intermediate targets(Hinges)are extracted to provide support for the subsequent sample accessibility research and sample selection.The main research contents are as follows:(1)This thesis proposes a Fuzzing idea based on the guidance of gradual approximation strategy,that is,instead of taking the target location as the target destination,Fuzzing is guided to the target location step by step by selecting intermediate targets,so as to improve the ability to mine vulnerabilities in complex process paths.(2)This thesis proposes a seed selection strategy for directional Fuzzing based on Hinges coverage.The sample coverage is measured by the coverage feedback information of Hinges.Based on the measurement result of sample coverage,a seed selection and priority algorithm based on Hinges coverage is defined to guide the Fuzzing to generate test cases that can reach the target position.(3)This thesis proposes and implements a directed vulnerability discovery model based on Hinges coverage,Hinge Fuzz,and selects widely used real programs for experiments.The experimental results show that compared to AFLGO,Hawkeye,and Beacon,Hinge Fuzz can guide the fuzzer to generate better test cases and has good performance in vulnerability discovery efficiency. |
PDF Full Text Request