基于模型约束的灰盒模糊测试技术
Grey box fuzzy technology based on model constraints
灰盒模糊测试技术是现在常用的并且行之有效的一种模糊测试技术。该模糊测试技术可以通过获取程序执行时的路径执行信息来指导模糊测试的方向。但是目前市面上常见的灰盒模糊测试系统都是基于随机变异的模糊测试系统,这样导致样本的穿透性十分的低,而且坏样本的数量也很多,会浪费很多不必要的算力。本文将提出利用模型约束技术来改进灰盒模糊测试系统的样本生成模块,通过对目标软件格式进行定义,从而有针对性的生成特定格式的样本,增加模糊测试中样本文件的穿透性,同时提高模糊测试效率,增加发现漏洞的可能性。
Grey box fuzzing technology is a kind of fuzzing technology that is commonly used now and effective. The fuzzing technology can guide the direction of fuzzing by acquiring the path execution information when the program is executed. However, the common gray box fuzzing test systems on the market are based on random mutation fuzzing test systems. This results in very low sample penetration and a large number of bad samples, which will waste a lot of unnecessary computing power. This article will propose the use of model constraint technology to improve the sample generation module of the gray box fuzzy test system. By defining the target software format, a specific format of the sample can be generated in a targeted manner to increase the penetration of the sample file in the fuzzy test. Improve fuzz testing efficiency and increase the possibility of finding vulnerabilities.
孙伯文、崔宝江
计算技术、计算机技术
灰盒模糊测试模型约束样本生成漏洞挖掘
Grey-box fuzzingModel constraintsSample generationVulnerability mining
孙伯文,崔宝江.基于模型约束的灰盒模糊测试技术[EB/OL].(2020-01-03)[2025-08-18].http://www.paper.edu.cn/releasepaper/content/202001-29.点此复制
评论