结构状态覆盖导向的灰盒模糊测试技术

doi:10.19665/j.issn1001-2400.2021.01.013

Abstract

Abstract:

In order to solve the problem of program state coverage that cannot be effectively solved by code coverage feedback indicators,we propose a fuzzing method that uses the state coverage of a specific code structure in the source code as the feedback indicator,and introduce the concept of target structure state coverage distribution.By inserting piles for a specific structure,statistics of the target structure state distribution,seed selection and energy scheduling according to the structure state distribution,in order to achieve uniform program state coverage.This method implements the prototype system SFL,and compares it with the existing code coverage fuzzing method AFL.Experimental results show that the method proposed in this paper can more fully cover the program state and can accelerate the discovery speed of specific types of vulnerabilities.

Key words: vulnerability discovery, Fuzzing, network security

CLC Number:

TP393.08

LIU Huayuan,SU Yunfei,LI Ruilin,TANG Chaojing. Structure-statebased graybox Fuzzing technique[J].Journal of Xidian University, 2021, 48(1): 117-123.

Figures/Tables 10

References 18

[1]	MANES V J M, HAN H S, HAN C, et al.The Art,Science,and Engineering of Fuzzing:a Survey[J/OL].[2020-06-20].https://arxiv.org/abs/1812.00140?context=cs.CR.
[2]	LEMIEUX C, SEN K. Fairfuzz:A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage [C]//Proceedings of the 2018 33rd ACM/IEEE International Conference on Automated Software Engineering.New York:ACM, 2018: 475-485.
[3]	BOHME M, PHAM V T, ROYCHOUDHURY A. Coverage-based Greybox Fuzzing as Markov Chain[J]. IEEE Transactions on Software Engineering, 2019,45(5):489-506.
[4]	WANG P, ZHOU X. SoK:the Progress,Challenges,and Perspectives of Directed Greybox Fuzzing[J/OL].[2020-06-20].https://arxiv.org/pdf/2005.11907.pdf.
[5]	ASCHERMANN C, SCHUMILO S, BLAZYTKO T, et al. REDQUEEN:Fuzzing with Input-to-state Correspondence[C/OL].[2020-06-20].https://www.ei.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2018/12/17/NDSS19-Redqueen.pdf.
[6]	GAN S, ZHANG C, QIN X, et al. CollAFL:Path Sensitive Fuzzing [C]//Proceedings of the 2018 IEEE Symposium on Security and Privacy.Piscataway:IEEE, 2018: 679-696.
[7]	LI Y, CHEN B, CHANDRAMOHAN M, et al. Steelix:Program-state Based Binary Fuzzing [C]//Proceedings of the 2017 ACM SIGSOFT Symposium on the Foundations of Software Engineering.New York:ACM, 2017: 627-637.
[8]	王志强, 张玉清, 刘奇旭, 等. 一种简单网络管理协议漏洞挖掘算法[J]. 西安电子科技大学学报, 2015,42(4):20-26.
	WANG Zhiqiang, ZHANG Yuqing, LIU Qixu, et al. Algorithm for Discovering SNMP Protocol Vulnerability[J]. Journal of Xidian University, 2015,42(4):20-26.
[9]	SHASTRY B, LEUTNER M, FIEBIG T, et al. Static Program Analysis as a Fuzzing Aid [C]//Lecture Notes in Computer Science:10453,Heidelberg:Springer Verlag, 2017: 26-47.
[10]	LI Y, XUE Y, CHEN H, et al. Cerebro:Context-aware Adaptive Fuzzing for Effective Vulnerability Detection [C]//Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering.New York:ACM, 2019: 533-544.
[11]	NICK S, JOHN G, CHRISTOPHER S, et al. Driller:Augmenting Fuzzing Through Selective Symbolic Execution [C]//Proceedings of the 2016 Network and Distributed System Security Symposium.New York:ACM, 2016: 1-16.
[12]	YUN I, LEE S, XU M, et al. QSYM:a Practical Concolic Execution Engine Tailored for Hybrid Fuzzing [C]//Proceedings of the 2018 27th USENIX Security Symposium.Berkeley:USENIX Association, 2018: 745-761.
[13]	GODEFROID P, KIEZUN A, LEVIN M Y. Grammar-based Whitebox Fuzzing[J]. ACM Sigplan Notices, 2008,43(6):206-215.
[14]	CHEN P, CHEN H. Angora:Efficient Fuzzing by Principled Search [C]//Proceedings of the 2018 IEEE Symposium on Security and Privacy.Piscataway:IEEE, 2018: 711-725.
[15]	RAWAT S, JAIN V, KUMAR A, et al. VUzzer:Application-aware Evolutionary Fuzzing[C/OL].[2020-06-20].https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/vuzzer-application-aware-evolutionary-fuzzing/.
[16]	LI S S, YE J, ZHANG B, et al. Augmented Fuzzing with Promotion on Numerical Dependence [C]//Proceedings of the 2020 10th International Workshop on Computer Science and Engineering.Shanghai:International Workshop on Computer Science and Engineering, 2020: 42-51.
[17]	JOYCE J M. Kullback-Leibler Divergence[M]. Heidelberg:Springer, 2011.
[18]	夏冰冰, 赵险峰, 张弘. 拟合盲隐写分析结果的隐写组合测评方法[J]. 西安电子科技大学学报, 2015,42(4):153-158.
	XIA Bingbing, ZHAO Xianfeng, ZHANG Hong. Assorted Benchmarking for Steganography Based on Blind Steganalyzer Accuracy Fitting[J]. Journal of Xidian University, 2015,42(4):153-158.

Structure-statebased graybox Fuzzing technique

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 18

Related Articles 15

Metrics

Comments

Recommended 10

[1]	YANG Hongyu,ZENG Renyun. Method for assessment of network security situation with deep learning [J]. Journal of Xidian University, 2021, 48(1): 183-190.
[2]	LI Teng,CAO Shijie,YIN Siwei,WEI Dawei,MA Xindi,MA Jianfeng. Optimal method for the generation of the attack path based on the Q-learning decision [J]. Journal of Xidian University, 2021, 48(1): 160-167.
[3]	YANG Hongyu,ZHANG Xugao. Network security situation adaptive prediction model [J]. Journal of Xidian University, 2020, 47(3): 14-22.
[4]	YANG Baowang. Low-rate-denial-of-service attack detection by symbolic dynamics method [J]. Journal of Xidian University, 2018, 45(1): 140-144.
[5]	LIANG Hongquan;WU Wei. Secure link status routing protocol based on node trustworthiness [J]. Journal of Xidian University, 2016, 43(5): 121-127.
[6]	WANG Jindong;YU Dingkun;ZHANG Hengwei;WANG Na. Active defense strategy selection based on the static Bayesian game [J]. J4, 2016, 43(1): 144-150.
[7]	WANG Zhiqiang;ZHANG Yuqing;LIU Qixu;HUANG Tingpei. Algorithm for discovering SNMP protocol vulnerability [J]. J4, 2015, 42(4): 20-26+40.
[8]	GUO Jingjing;MA Jianfeng. Trust recommendation algorithm for the virtual community based Internet of Things(IoT) [J]. J4, 2015, 42(2): 52-57+179.
[9]	WANG Yichuan;MA Jianfeng;LU Di;ZHANG Liumei;MENG Xianjia. Cloud droplets freezing attack in cloud computing [J]. J4, 2014, 41(3): 116-122.
[10]	GUO Jianghong;MA Jianfeng;ZHANG Liumei;LU Di. Efficient encrypted data aggregation scheme for wireless sensor networks [J]. J4, 2013, 40(3): 95-101+120.
[11]	DU Zhi-qiang;SHEN Yu-long;MA Jian-feng;ZHOU Li-hua. Practical broadcast authentication protocol for sensor networks [J]. J4, 2010, 37(2): 305-310+325.
[12]	ZHOU Ye-jun;LI Hui;MA Jian-fen. Random network coding against the eavesdropping adversaries [J]. J4, 2009, 36(4): 696-701.
[13]	ZHOU Hua;MENG Xiang-ru;ZHANG Li;QIAO Xiang-dong. Proactive recovery algorithm in the distributed intrusion-tolerance system [J]. J4, 2009, 36(2): 378-384.
[14]	ZHAN Yang1;PANG Liao-jun1;ZHU Xiao-yan1;WANG Yu-min2. An autonomous distributed trust mode [J]. J4, 2008, 35(3): 469-473.
[15]	Lü Xi-xiang;YANG Bo;PEI Chang-xin;SU Xiao-long. A data mining based design for the detection engine of the intrusion detection system [J]. J4, 2004, 31(4): 574-580.