Journal of Xidian University ›› 2021, Vol. 48 ›› Issue (1): 117-123.doi: 10.19665/j.issn1001-2400.2021.01.013

Previous Articles     Next Articles

Structure-statebased graybox Fuzzing technique

LIU Huayuan(),SU Yunfei(),LI Ruilin(),TANG Chaojing()   

  1. College of Electronic Science and Technology,National University of Defense Technology,Changsha 410073,China
  • Received:2020-07-30 Online:2021-02-20 Published:2021-02-03


In order to solve the problem of program state coverage that cannot be effectively solved by code coverage feedback indicators,we propose a fuzzing method that uses the state coverage of a specific code structure in the source code as the feedback indicator,and introduce the concept of target structure state coverage distribution.By inserting piles for a specific structure,statistics of the target structure state distribution,seed selection and energy scheduling according to the structure state distribution,in order to achieve uniform program state coverage.This method implements the prototype system SFL,and compares it with the existing code coverage fuzzing method AFL.Experimental results show that the method proposed in this paper can more fully cover the program state and can accelerate the discovery speed of specific types of vulnerabilities.

Key words: vulnerability discovery, Fuzzing, network security

CLC Number: 

  • TP393.08