当前位置: X-MOL 学术Comput. Secur. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A priority based path searching method for improving hybrid fuzzing
Computers & Security ( IF 5.6 ) Pub Date : 2021-02-24 , DOI: 10.1016/j.cose.2021.102242
Pei-hong Lin , Zheng Hong , Yi-hao Li , Li-fa Wu

Hybrid fuzzing which combines classical fuzzing with concolic execution to produce effective test suites is an advanced software vulnerability detection technique. Because fuzzing and concolic execution are complementary in nature, some researchers propose “optimal strategy” and “discriminative dispatch strategy” to improve the performance of hybrid fuzzing. Although the ideas are interesting and useful, they have some limitations, such as high time overhead and difficulties in implementation. In this paper, we propose a Priority Based Path Searching method (PBPS) to utilize the capability of concolic execution better. PBPS evaluates each path's solving cost and solving demand, and prioritizes them based on two path characteristics, which are path lengths and sample-hits for concolic execution. The rationale is to keep the pipeline full by readily feeding the concolic engine with paths whose constraints are simpler to solve and are less likely to be explored by fuzz testing. We implement PBPS in Driller, which is a popular hybrid fuzzer and we evaluate our system “QuickFuzz” with the CQE dataset. Experimental results show that compared with DigFuzz and the original Driller, “QuickFuzz” discovers more vulnerabilities and achieves higher code coverage on the CQE dataset.



中文翻译:

基于优先级的路径搜索方法,用于改善混合模糊

混合模糊测试结合了经典模糊测试和concolic执行以产生有效的测试套件,是一种先进的软件漏洞检测技术。由于模糊和主体执行本质上是互补的,因此一些研究人员提出了“最佳策略”和“区分派遣策略”,以提高混合模糊的性能。尽管这些想法有趣且有用,但它们仍存在一些局限性,例如高昂的时间开销和实施上的困难。在本文中,我们提出了一种基于优先级的路径搜索方法(PBPS),以更好地利用策略执行的能力。PBPS评估每条路径的求解成本和解决需求,并基于两个路径特征(它们是路径长度和样本执行的样本命中)对它们进行优先级排序。基本原理是通过随时向圆锥形引擎提供路径,使其约束更易于解决,并且不太可能通过模糊测试进行探索,从而保持管道满载。我们在流行的混合模糊器Driller中实现PBPS,并使用CQE数据集评估系统“ QuickFuzz”。实验结果表明,与DigFuzz和原始的Driller相比,“ QuickFuzz”发现了更多的漏洞,并在CQE数据集上实现了更高的代码覆盖率。

更新日期:2021-03-04
down
wechat
bug