面向二进制程序的导向性模糊测试方法被引量：2

Directed fuzzing method for binary programs

下载PDF

导出

摘要为了解决当前模糊测试技术中变异存在一定的盲目性以及变异生成的样本大多经过相同的高频路径的问题,提出并实现了一种基于轻量级程序分析技术的二进制程序模糊测试方法。首先对目标二进制程序进行静态分析来筛选在模糊测试过程中阻碍样本文件深入程序内部的比较指令;随后对目标文件进行插桩来获取比较指令中操作数的具体值,并根据该具体值为比较指令建立实时的比较进度信息,通过比较进度衡量样本的重要程度;然后基于模糊测试过程中实时的路径覆盖信息为经过稀有路径的样本增加其被挑选进行变异的概率;最后根据比较进度信息并结合启发式策略有针对性地对样本文件进行变异,通过变异引导提高模糊测试中生成能够绕过程序规约检查的有效样本的效率。实验结果表明,所提方法发现crash及发现新路径的能力均优于模糊测试工具AFL-Dyninst。 In order to address the problem that the mutation in the current fuzzing has certain blindness and the samples generated by the mutation mostly pass through the same high-frequency paths, a binary fuzzing method based on light-weight program analysis technology was proposed and implemented. Firstly, the target binary program was statically analyzed to filter out the comparison instructions which hinder the sample files from penetrating deeply into the program during the fuzzing process. Secondly, the target binary program was instrumented to obtain the specific values of the operands in the comparison instructions, according to which the real-time comparison progress information for each comparison instruction was established, and the importance of each sample was measured according to the comparison progress information. Thirdly, the real-time path coverage information in the fuzzing process was used to increase the probability that the samples passing through rare paths were selected to be mutated. Finally, the input files were directed and mutated by the comparison progress information combining with a heuristic strategy to improve the efficiency of generating valid inputs that could bypass the comparison checks in the program. The experimental results show that the proposed method is better than the current binary fuzzing tool AFL-Dyninst both in finding crashes and discovering new paths.

作者张瀚方周安民贾鹏刘露平刘亮 ZHANG Hanfang;ZHOU Anmin;JIA Peng;LIU Luping;LIU Liang(College of Cybersecurity, Sichuan University, Chengdu Sichuan 610065, China;College of Electronics and Information Engneering, Sichuan University, Chengdu Sichuan 610065, China)

机构地区四川大学网络空间安全学院四川大学电子信息学院

出处《计算机应用》 CSCD 北大核心 2019年第5期1389-1393,共5页 journal of Computer Applications

基金国家重点研发计划项目(2017YFB0802900) CCF-启明星辰"鸿雁"科研资助计划项目(CCF-VenustechRP2017002)~~

关键词导向性模糊测试反馈式模糊测试二进制模糊测试程序插桩漏洞挖掘 directed fuzzing feedback fuzzing binary fuzzing program instrumentation vulnerability mining

分类号 TP311 [自动化与计算机技术—计算机软件与理论]

引文网络
相关文献

参考文献1

1张斌,李孟君,吴波,唐朝京.基于动态污点分析的二进制程序导向性模糊测试方法[J].现代电子技术,2014,37(19):89-94. 被引量：2

二级参考文献11

1SUTTON Michael.模糊测试:强制性安全漏洞发掘[M].北京:机械工业出版社,2009.
2SCHWARTZ E J,AVGERINOS T,BRUMLEY D. All you everwanted to know about dynamic taint analysis and forward sym.bolic execution(but might have been afraid to ask)[C]// 2010IEEE Symposium on Security and Privacy(SP). [S.l.]:IEEE,2010:317.331.
3LIN Z,JIANG X,XU D,et al. Automatic protocol format re.verse engineering through context . aware monitored execution[J]. NDSS,2008,8:1.15.
4LIN Z,ZHANG X,XU D. Reverse engineering input syntacticstructure from program execution and its applications [J]. IEEETransactions on Software Engineering,2010,36(5):688.703.
5CABALLERO J,YIN H,LIANG Z,et al. Polyglot:Automaticextraction of protocol message format using dynamic binary anal.ysis [C]// Proceedings of the 14th ACM conference on Computerand Communications Security. [S.l.]:ACM,2007:317.329.
6KANER C,BOND W P. Software engineering metrics:Whatdo they measure and how do we know [J]. Methodology,2004,8:6.18.
7MCCABE T J. A complexity measure [J]. IEEE Transactions onSoftware Engineering,1976(4):308.320.
8HATTON L. The role of empiricism in improving the reliabili.ty of future software [J/OL]. [2012.08.29]. http://www.comput.er.org/csdl/.
9SONG D,BRUMLEY D,YIN H,et al. BitBlaze:A new ap.proach to computer security via binary analysis [J]. Informa.tion Systems Security:Lecture Notes in Computer Science,2008,5352:1.25.
10YIN H,SONG D. Temu:Binary code analysis via whole.sys.tem layered annotative execution,UCB/EECS . 2010 . 3 [R].Berkeley:EECS Department,University of California,2010.

共引文献1

1杨思燕,归达伟,杨元柱.污点标记技术在恶意代码分析中的应用[J].现代电子技术,2015,38(13):76-80.

同被引文献30

1高瑞,周彩兰,朱荣.网络应用程序漏洞挖掘技术研究[J].现代电子技术,2018,41(3):115-119. 被引量：6
2李川,刘宝旭.ParaIntentFuzz:安卓应用漏洞的并行化模糊测试方法[J].计算机工程与应用,2018,54(4):110-116. 被引量：2
3杨梅芳,霍玮,邹燕燕,尹嘉伟,刘宝旭,龚晓锐,贾晓启,邹维.可编程模糊测试技术[J].软件学报,2018,29(5):1258-1274. 被引量：8
4张兴,冯超,雷菁,唐朝京.一种面向模糊测试的GUI程序空转状态实时检测方法[J].软件学报,2018,29(5):1288-1302. 被引量：5
5沙乐天,肖甫,杨红柯,喻辉,王汝传.基于自适应模糊测试的IaaS层漏洞挖掘方法[J].软件学报,2018,29(5):1303-1317. 被引量：6
6王静,高昆仑,卞超轶,梁潇.基于大数据的能源集团统一运行监测与安全预警平台[J].电信科学,2018,34(5):155-162. 被引量：14
7黄影,邹颀伟,范科峰.基于Fuzzing测试的工控网络协议漏洞挖掘技术[J].通信学报,2018,39(A02):181-188. 被引量：17
8石发进,陈金章,赵昆,黄鹤,李炜光.基于矩阵分解的有向网络交叠团模糊分析与信息挖掘[J].电子设计工程,2019,27(3):20-25. 被引量：1
9刘引涛,刘楠.基于ARM与4G网络的视频监控设计与实现[J].电子设计工程,2019,27(3):146-149. 被引量：6
10章宗美,桂盛霖,任飞.基于N-gram的Android恶意检测[J].计算机科学,2019,46(2):145-151. 被引量：8

引证文献2

1刘家豪,杨航,付志博.基于Fuzzing测试的网络安全监测系统设计[J].电子设计工程,2022,30(4):97-100. 被引量：1
2吕华辉,刘欣,农彩勤.基于关联规则的终端软件缺陷检测方法研究[J].电子设计工程,2023,31(5):61-64.

二级引证文献1

1刘仲驰.基于信息融合的计算机网络信息传输安全监测方法[J].长江信息通信,2023,36(4):137-139. 被引量：4

1荀杨,于立君,包兆媛.BIM技术对某项目施工过程的信息化进度管理[J].长春工程学院学报（自然科学版）,2018,19(3):102-106. 被引量：2
2闫明明.商业银行基于COBOL的测试路径的研究分析[J].科技经济导刊,2018(35):208-209.
3冯俊池,赵颖,连尧,尹党辉,安丰亮.Java自动化基本路径测试技术研究[J].计算机测量与控制,2018,26(4):70-73. 被引量：3
4焦龙龙,罗森林,丁庸,潘丽敏,张笈.基于二进制熵的加解密函数定位方法[J].北京理工大学学报,2018,38(11):1163-1167.
5文伟平,李经纬,焦英楠,李海林.一种基于随机探测算法和信息聚合的漏洞检测方法[J].信息网络安全,2019(1):1-7. 被引量：5
6张咏梅,董竹涛,崔夏晖,张英浩.基于AFL的软件漏洞模糊测试[J].科学技术创新,2018(36):78-79.
7王晓丽.一种基于PLC的自动售货机系统的设计[J].集成电路应用,2019,36(2):74-75. 被引量：5
8钱晓丽,陶立华,吴东辉.三维模型在工业管道安装工程中的应用研究[J].石油化工建设,2018,40(5):26-28. 被引量：3
9李晓明,张强.星载合成孔径雷达北极海冰覆盖观测[J].海洋学报,2019,41(4):145-146. 被引量：1
10杨朋霖,陶利民,王海涛.一种星载操作系统进程安全监控设计[J].航天器工程,2018,27(2):81-87. 被引量：2

计算机应用

2019年第5期

浏览历史

内容加载中请稍等...

面向二进制程序的导向性模糊测试方法被引量：2

参考文献1

二级参考文献11

共引文献1

同被引文献30

引证文献2

二级引证文献1

相关作者

相关机构

相关主题

浏览历史

面向二进制程序的导向性模糊测试方法 被引量：2

参考文献1

二级参考文献11

共引文献1

同被引文献30

引证文献2

二级引证文献1

相关作者

相关机构

相关主题

浏览历史

面向二进制程序的导向性模糊测试方法被引量：2