一种基于距离导向的模糊测试变异方法

doi:10.3969/j.issn.1671-1122.2021.10.009

信息网络安全 ›› 2021, Vol. 21 ›› Issue (10): 63-68.doi: 10.3969/j.issn.1671-1122.2021.10.009

一种基于距离导向的模糊测试变异方法

吴佳明¹(), 熊焰², 黄文超², 武建双³

1.中国科学技术大学网络空间安全学院,合肥 230026
2.中国科学技术大学计算机科学与技术学院,合肥 230026
3.合肥天帷信息安全技术有限公司,合肥 230000

收稿日期:2021-04-12 出版日期:2021-10-10 发布日期:2021-10-14
通讯作者: 吴佳明 E-mail:lpwjm@mail.ustc.edu.cn
作者简介:吴佳明（1997—）,男,陕西,硕士研究生,主要研究方向为模糊测试、漏洞挖掘|熊焰（1960—）,男,安徽,教授,博士,主要研究方向为网络安全、漏洞挖掘、形式化建模|黄文超（1982—）,男,湖北,副教授,博士,主要研究方向为网络安全、漏洞挖掘、形式化建模|武建双（1984—）,男,山西,硕士,主要研究方向为网络安全等级保护
基金资助:
国家自然科学基金(61972369);国家重点研发计划(2018YFB2100301)

A Distance-based Fuzzing Mutation Method

WU Jiaming¹(), XIONG Yan², HUANG Wenchao², WU Jianshuang³

1. School of Cyberspace Science and Technology, University of Science and Technology of China, Hefei 230026, China
2. School of Computer Science and Technology, University of Science and Technology of China, Hefei 230026, China
3. Hefei Tianwei Information Security Technology Co., Ltd., Hefei 230000, China

Received:2021-04-12 Online:2021-10-10 Published:2021-10-14
Contact: WU Jiaming E-mail:lpwjm@mail.ustc.edu.cn

摘要/Abstract

摘要：

为解决现有的导向性灰盒测试工具生成的输入中能够到达目标代码段的输入占比较低的问题,文章提出一种基于距离导向的变异方法。该方法利用强化学习算法,以最小化新输入与目标代码段之间的距离为目标,使得导向性灰盒测试在生成输入时选择生成的新输入与目标代码段之间距离最小的修改动作,从而提高到达目标代码段的输入占比。文章实现了基于该变异方法的导向性灰盒测试工具,并与现有的导向性灰盒测试工具进行对比,结果表明,基于文中的变异方法的导向性灰盒测试工具能够有效提升到达目标代码段的输入占比。

关键词: 网络安全, 漏洞挖掘, 模糊测试

Abstract:

In order to solve the problem that the inputs generated by the existing directed greybox fuzzing tools account for a very low proportion of the input which can reach the target code segment, this paper proposed a distance-based mutation method. The mutation method proposed in this paper is based on a reinforcement learning algorithm which can minimize the distance between the new input and the target code segment. It could make the directed greybox fuzzing select the modification action that generates the new input with minimum distance to the target program locations, thereby increasing the proportion of inputs that can reach the target program locations. This paper implemented a directed greybox fuzzing tool based on this mutation method, and compare experiments with the existing directed greybox fuzzing tool. The experimental results shows that the directed greybox fuzzing tool based on the mutation method in this paper can effectively increase the proportion of inputs that can reach the target program locations.

Key words: network security, vulnerability mining, fuzzing testing

中图分类号:

TP309

吴佳明, 熊焰, 黄文超, 武建双. 一种基于距离导向的模糊测试变异方法[J]. 信息网络安全, 2021, 21(10): 63-68.

WU Jiaming, XIONG Yan, HUANG Wenchao, WU Jianshuang. A Distance-based Fuzzing Mutation Method[J]. Netinfo Security, 2021, 21(10): 63-68.

图/表 5

图1

表1

图2

图3

图4

参考文献 14

[1]	BÖHME M, PHAM V T, NGUYEN M D, et al. Directed Greybox Fuzzing [C]//ACM. 2017 ACM SIGSAC Conference on Computer and Communications Security, October 30-November 3, 2017, Dallas, TX, USA. New York: ACM, 2017: 2329-2344.
[2]	WANG Song, NAM J, TAN L. QTEP: Quality-aware Test Case Prioritization [C]//ACM. 11th Joint Meeting on Foundations of Software Engineering, September 4-8, 2017, Paderborn, Germany. New York: ACM, 2017: 523-534.
[3]	CHEN Hongxu, XUE Yinxing, LI Yuekang, et al. Hawkeye: Towards a Desired Directed Grey-box Fuzzer [C]//ACM. 2018 ACM SIGSAC Conference on Computer and Communications Security, October 15-19, 2018, Toronto, Canada. New York: ACM, 2018: 2095-2108.
[4]	YOU Wei, ZONG Peiyuan, CHEN Kai, et al. Semfuzz: Semantics-based Automatic Generation of Proof-of-concept Exploits [C]//ACM. 2017 ACM SIGSAC Conference on Computer and Communications Security, October 30-November 3, 2017, Dallas, TX, USA. New York: ACM, 2017: 2139-2154.
[5]	ZONG Peiyuan, LV Tao, WANG Dawei, et al. Fuzzguard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning[EB/OL]. https://www.usenix.org/conference/usenixsecurity20/presentation/zong, 2020-08-13.
[6]	LENGAUER T, TARJAN R E. A Fast Algorithm for Finding Dominators in a Flowgraph[J]. ACM Transactions on Programming Languages and Systems(TOPLAS), 1979, 1(1):121-141. doi: 10.1145/357062.357071 URL
[7]	DULAC-ARNILD G, EVANS R, VAN H H, et al. Deep Reinforcement Learning in Large Discrete Action Spaces[EB/OL]. https://arxiv.org/abs/1512.07679, 2016-04-04.
[8]	ZAHAVY T, HAROUSH M, MERLIS N, et al. Learn What not to Learn: Action Elimination with Deep Reinforcement Learning[EB/OL]. https://arxiv.org/abs/1809.02121, 2019-02-14.
[9]	LLVM. Writing An LLVMPass[EB/OL]. https://llvm.org/docs/WritingAnLLVMPass.html#introduction-what-is-a-pass, 2019-06-10.
[10]	DOKIDAKI. Basic Block[EB/OL]. https://en.wikipedia.org/wiki/Basic_block, 2021-02-19.
[11]	COOPER K D, HARVEY T J, KENNEDY K. A Simple, Fast Dominace Algorithm[J]. Software Practice & Experience, 2001, 4(1-10):1-8.
[12]	CHEN Peng, CHEN Hao. Angora: Efficient Fuzzing by Principled Search [C]//IEEE. 2018 IEEE Symposium on Security and Privacy(SP), May 21-23, 2018, San Francisco, CA, USA. New Jersey: IEEE, 2018: 711-725.
[13]	GAN Shuitao, ZHANG Chao, QIN Xiaojun, et al. Collafl: Path Sensitive Fuzzing [C]//IEEE. 2018 IEEE Symposium on Security and Privacy(SP), May 21-23, 2018, San Francisco, CA, USA. New Jersey: IEEE, 2018: 679-696.
[14]	LEMIEUX C, SEN K. Fairfuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage [C]//ACM. 33rd ACM/IEEE International Conference on Automated Software Engineering, September 3-7, 2018, Montpellier, France. New York: ACM, 2018: 475-485.

目标程序	目标代码段	可达率/%		提升百分比/%
目标程序	目标代码段	AFLGo	本文方法	提升百分比/%
httpparser	httprequestparser.h:355	10.2	17.9	7.7
jpeg-compressor	jpge.cpp:838	9.6	21.2	11.6
uriparse	uriparse.c:168	8.3	16.3	8.0
dmap-parser	dmap_parser.c:511	15.9	20.6	4.7
dnsparser	dnsparse.cpp:85	7.4	15.6	8.2

[1]	顾兆军, 姚峰, 丁磊, 隋翯. 基于半实物的机场供油自控系统网络安全测试[J]. 信息网络安全, 2021, 21(9): 16-24.
[2]	蔡满春, 王腾飞, 岳婷, 芦天亮. 基于ARF的Tor网站指纹识别技术[J]. 信息网络安全, 2021, 21(4): 39-48.
[3]	金志刚, 王新建, 李根, 岳顺民. 融合攻击图和博弈模型的网络防御策略生成方法[J]. 信息网络安全, 2021, 21(1): 1-9.
[4]	刘大恒, 李红灵. QR码网络钓鱼检测研究[J]. 信息网络安全, 2020, 20(9): 42-46.
[5]	李世斌, 李婧, 唐刚, 李艺. 基于HMM的工业控制系统网络安全状态预测与风险评估方法[J]. 信息网络安全, 2020, 20(9): 57-61.
[6]	毕亲波, 赵呈东. 基于STRIDE-LM的5G网络安全威胁建模研究与应用[J]. 信息网络安全, 2020, 20(9): 72-76.
[7]	来疆亮, 侯一凡, 卢旭明. 基于信息度量和损耗的网络安全系统综合效能分析研究[J]. 信息网络安全, 2020, 20(8): 81-88.
[8]	杜笑宇, 叶何, 文伟平. 基于字节码搜索的Java反序列化漏洞调用链挖掘方法[J]. 信息网络安全, 2020, 20(7): 19-29.
[9]	冉金鹏, 王翔, 赵尚弘, 高航航. 基于果蝇优化的虚拟SDN网络映射算法[J]. 信息网络安全, 2020, 20(6): 65-74.
[10]	孟相如, 徐江, 康巧燕, 韩晓阳. 基于熵权VIKOR的安全虚拟网络映射算法[J]. 信息网络安全, 2020, 20(5): 21-28.
[11]	李明磊, 黄晖, 陆余良. 面向漏洞挖掘的基于符号分治区的测试用例生成技术[J]. 信息网络安全, 2020, 20(5): 39-46.
[12]	刘建伟, 韩祎然, 刘斌, 余北缘. 5G网络切片安全模型研究[J]. 信息网络安全, 2020, 20(4): 1-11.
[13]	赵志岩, 纪小默. 智能化网络安全威胁感知融合模型研究[J]. 信息网络安全, 2020, 20(4): 87-93.
[14]	黎水林, 祝国邦, 范春玲, 陈广勇. 一种新的等级测评综合得分算法研究[J]. 信息网络安全, 2020, 20(2): 1-6.
[15]	郭启全, 张海霞. 关键信息基础设施安全保护技术体系[J]. 信息网络安全, 2020, 20(11): 1-9.

一种基于距离导向的模糊测试变异方法

A Distance-based Fuzzing Mutation Method

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 14

相关文章 15

编辑推荐

Metrics

本文评价