A Distance-based Fuzzing Mutation Method

doi:10.3969/j.issn.1671-1122.2021.10.009

Abstract

Abstract:

In order to solve the problem that the inputs generated by the existing directed greybox fuzzing tools account for a very low proportion of the input which can reach the target code segment, this paper proposed a distance-based mutation method. The mutation method proposed in this paper is based on a reinforcement learning algorithm which can minimize the distance between the new input and the target code segment. It could make the directed greybox fuzzing select the modification action that generates the new input with minimum distance to the target program locations, thereby increasing the proportion of inputs that can reach the target program locations. This paper implemented a directed greybox fuzzing tool based on this mutation method, and compare experiments with the existing directed greybox fuzzing tool. The experimental results shows that the directed greybox fuzzing tool based on the mutation method in this paper can effectively increase the proportion of inputs that can reach the target program locations.

Key words: network security, vulnerability mining, fuzzing testing

CLC Number:

TP309

WU Jiaming, XIONG Yan, HUANG Wenchao, WU Jianshuang. A Distance-based Fuzzing Mutation Method[J]. Netinfo Security, 2021, 21(10): 63-68.

Figures/Tables 5

References 14

[1]	BÖHME M, PHAM V T, NGUYEN M D, et al. Directed Greybox Fuzzing [C]//ACM. 2017 ACM SIGSAC Conference on Computer and Communications Security, October 30-November 3, 2017, Dallas, TX, USA. New York: ACM, 2017: 2329-2344.
[2]	WANG Song, NAM J, TAN L. QTEP: Quality-aware Test Case Prioritization [C]//ACM. 11th Joint Meeting on Foundations of Software Engineering, September 4-8, 2017, Paderborn, Germany. New York: ACM, 2017: 523-534.
[3]	CHEN Hongxu, XUE Yinxing, LI Yuekang, et al. Hawkeye: Towards a Desired Directed Grey-box Fuzzer [C]//ACM. 2018 ACM SIGSAC Conference on Computer and Communications Security, October 15-19, 2018, Toronto, Canada. New York: ACM, 2018: 2095-2108.
[4]	YOU Wei, ZONG Peiyuan, CHEN Kai, et al. Semfuzz: Semantics-based Automatic Generation of Proof-of-concept Exploits [C]//ACM. 2017 ACM SIGSAC Conference on Computer and Communications Security, October 30-November 3, 2017, Dallas, TX, USA. New York: ACM, 2017: 2139-2154.
[5]	ZONG Peiyuan, LV Tao, WANG Dawei, et al. Fuzzguard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning[EB/OL]. https://www.usenix.org/conference/usenixsecurity20/presentation/zong, 2020-08-13.
[6]	LENGAUER T, TARJAN R E. A Fast Algorithm for Finding Dominators in a Flowgraph[J]. ACM Transactions on Programming Languages and Systems(TOPLAS), 1979, 1(1):121-141. doi: 10.1145/357062.357071 URL
[7]	DULAC-ARNILD G, EVANS R, VAN H H, et al. Deep Reinforcement Learning in Large Discrete Action Spaces[EB/OL]. https://arxiv.org/abs/1512.07679, 2016-04-04.
[8]	ZAHAVY T, HAROUSH M, MERLIS N, et al. Learn What not to Learn: Action Elimination with Deep Reinforcement Learning[EB/OL]. https://arxiv.org/abs/1809.02121, 2019-02-14.
[9]	LLVM. Writing An LLVMPass[EB/OL]. https://llvm.org/docs/WritingAnLLVMPass.html#introduction-what-is-a-pass, 2019-06-10.
[10]	DOKIDAKI. Basic Block[EB/OL]. https://en.wikipedia.org/wiki/Basic_block, 2021-02-19.
[11]	COOPER K D, HARVEY T J, KENNEDY K. A Simple, Fast Dominace Algorithm[J]. Software Practice & Experience, 2001, 4(1-10):1-8.
[12]	CHEN Peng, CHEN Hao. Angora: Efficient Fuzzing by Principled Search [C]//IEEE. 2018 IEEE Symposium on Security and Privacy(SP), May 21-23, 2018, San Francisco, CA, USA. New Jersey: IEEE, 2018: 711-725.
[13]	GAN Shuitao, ZHANG Chao, QIN Xiaojun, et al. Collafl: Path Sensitive Fuzzing [C]//IEEE. 2018 IEEE Symposium on Security and Privacy(SP), May 21-23, 2018, San Francisco, CA, USA. New Jersey: IEEE, 2018: 679-696.
[14]	LEMIEUX C, SEN K. Fairfuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage [C]//ACM. 33rd ACM/IEEE International Conference on Automated Software Engineering, September 3-7, 2018, Montpellier, France. New York: ACM, 2018: 475-485.

目标程序	目标代码段	可达率/%		提升百分比/%
目标程序	目标代码段	AFLGo	本文方法	提升百分比/%
httpparser	httprequestparser.h:355	10.2	17.9	7.7
jpeg-compressor	jpge.cpp:838	9.6	21.2	11.6
uriparse	uriparse.c:168	8.3	16.3	8.0
dmap-parser	dmap_parser.c:511	15.9	20.6	4.7
dnsparser	dnsparse.cpp:85	7.4	15.6	8.2

[1]	GU Zhaojun, YAO Feng, DING Lei, SUI He. Network Security Test of Airport Fuel Supply Automatic Control System Based on Semi-physical Object [J]. Netinfo Security, 2021, 21(9): 16-24.
[2]	JIN Zhigang, WANG Xinjian, LI Gen, YUE Shunmin. The Generation Method of Network Defense Strategy Combining with Attack Graph and Game Model [J]. Netinfo Security, 2021, 21(1): 1-9.
[3]	DONG Qiang, LUO Guoming, SHI Hongkui, ZHANG Yongyue. Research on Authentication and Key Agreement Method of IMS-based Mobile Communication Private Network [J]. Netinfo Security, 2021, 21(1): 88-96.
[4]	LIU Daheng, LI Hongling. Research on QR Code Phishing Detection [J]. Netinfo Security, 2020, 20(9): 42-46.
[5]	LI Shibin, LI Jing, TANG Gang, LI Yi. Method of Network Security States Prediction and Risk Assessment for Industrial Control System Based on HMM [J]. Netinfo Security, 2020, 20(9): 57-61.
[6]	LAI Jiangliang, HOU Yifan, LU Xuming. Research on Comprehensive Effectiveness Analysis of Network Security System Based on Information Metrics and Loss [J]. Netinfo Security, 2020, 20(8): 81-88.
[7]	RAN Jinpeng, WANG Xiang, ZHAO Shanghong, GAO Hanghang. Virtual SDN Network Embedding Algorithm Based on Fruit Fly Optimization [J]. Netinfo Security, 2020, 20(6): 65-74.
[8]	MENG Xiangru, XU Jiang, KANG Qiaoyan, HAN Xiaoyang. Secure Virtual Network Embedding Algorithm Based on Entropy Weight VIKOR [J]. Netinfo Security, 2020, 20(5): 21-28.
[9]	LI Minglei, HUANG Hui, LU Yuliang. Test Case Generation Technology Based on Symbol Divide and Conquer Area for Vulnerability Mining [J]. Netinfo Security, 2020, 20(5): 39-46.
[10]	ZHAO Zhiyan, JI Xiaomo. Research on the Intelligent Fusion Model of Network Security Situation Awareness [J]. Netinfo Security, 2020, 20(4): 87-93.
[11]	JING Tao, WAN Wei. Research on a P2P Network Communication Behavior Analytical Method for Status Migration Attribute-oriented [J]. Netinfo Security, 2020, 20(1): 16-25.
[12]	Yue QIU. Network Security Risk Analysis and Assessment of Large-scale Sports Events [J]. Netinfo Security, 2019, 19(9): 61-65.
[13]	Mengru GAO, Fangjun XIE, Hongqin DONG, Xiang LIN. Research on Network Security Evaluation System Oriented to Critical Information Infrastructure [J]. Netinfo Security, 2019, 19(9): 111-114.
[14]	Wenli SHANG, Long YIN, Xianda LIU, Jianming ZHAO. Construction Technology and Application of Industrial Control System Security and Trusted Environment [J]. Netinfo Security, 2019, 19(6): 1-10.
[15]	Ke ZHANG, Youjie WANG, Shaoyin CHENG, Lidong WANG. Intrusion Collaborative Disposal Method of Spoofed IP Address in DDoS Attacks [J]. Netinfo Security, 2019, 19(5): 22-29.