本文已被:浏览 2341次 下载 2483次
Received:October 10, 2018 Revised:October 30, 2018
Received:October 10, 2018 Revised:October 30, 2018
中文摘要: 模糊测试被广泛应用于各种软件和系统的漏洞挖掘中.而模糊测试的效果与其采用的变异策略以及初始种子文件的代码覆盖率有直接的关系.本文提出了一种基于深度学习的种子文件生成方法,分析并学习初始种子文件和其在目标程序中的执行路径之间的关系,最终输出可能覆盖新执行路径的种子文件,从而提高初始种子文件集合的代码覆盖率.我们以PDF阅读器作为目标程序进行了实验,实验结果表明该方法所生成的种子文件保证了良好的通过率,而且明显提高了代码覆盖率.同时实验证明该方法在针对多种PDF阅读器进行模糊测试时都获得了更高的代码覆盖率.
Abstract:Fuzzing is widely used for different kinds of software and systems to detect the vulnerabilities. The effectiveness and efficiency of fuzzing is related to the mutation strategy of the seed files and the code coverage of the seed files for the target program. This study proposes a new method based on deep learning for seed generation. The proposed method analyses and learns the correlation between the seed files and their paths in the target program. Finally, the proposed method generates seed files that more likely explore uncovered paths, thus increases the code coverage of the initial seed files for the target program. Aiming at the PDF reader, we carry out the experiment. The results demonstrates that the seed files generated by proposed method have a good passing rate of the PDF reader, in the meantime, significantly improve the code coverage. The experiment also indicates the applicability of proposed method:the seed files which are generated for specific target program (PDF reader) can also obtain higher code coverage when fuzzing some other kinds of PDF readers.
文章编号: 中图分类号: 文献标志码:
基金项目:国家自然科学基金(61471344,61772506);国家重点研发计划(2017YFB0802902)
引用文本:
李张谭,程亮,张阳.基于深度学习的模糊测试种子生成技术.计算机系统应用,2019,28(4):9-17
LI Zhang-Tan,CHENG Liang,ZHANG Yang.Seed Generation for Fuzzing Based on Deep Learning.COMPUTER SYSTEMS APPLICATIONS,2019,28(4):9-17
李张谭,程亮,张阳.基于深度学习的模糊测试种子生成技术.计算机系统应用,2019,28(4):9-17
LI Zhang-Tan,CHENG Liang,ZHANG Yang.Seed Generation for Fuzzing Based on Deep Learning.COMPUTER SYSTEMS APPLICATIONS,2019,28(4):9-17
