西安电子科技大学学报(自然科学版)2024,Vol.51Issue(2):126-136,11.DOI:10.19665/j.issn1001-2400.20230901
一种高效的软件模糊测试种子生成方法
Efficient seed generation method for software fuzzing
摘要
Abstract
As one of the effective ways to exploit software vulnerabilities in the current software engineering field,fuzzing plays a significant role in discovering potential software vulnerabilities.The traditional seed selection strategy in fuzzing cannot effectively generate high-quality seeds,which results in the testcases generated by mutation being unable to reach deeper paths and trigger more security vulnerabilities.To address these challenges,a seed generation method for efficient fuzzing based on the improved generative adversarial network(GAN)is proposed which can flexibly expand the type of seed generation through encoding and decoding technology and significantly improve the fuzzing performance of most applications with different input types.In experiments,the seed generation strategy adopted in this paper significantly improved the coverage and unique crashes,and effectively increased the seed generation speed.Six open-sourced programs with different highly-structured inputs were selected to demonstrate the effectiveness of our strategy.As a result,the average branch coverage increased by 2.79%,the number of paths increased by 10.35%and additional 86.92%of unique crashes were found compared to the original strategy.关键词
漏洞挖掘/网络安全/模糊测试/深度学习Key words
vulnerability detection/network security/fuzz testing/deep learning分类
信息技术与安全科学引用本文复制引用
刘振岩,张华,刘勇,杨立波,王梦迪..一种高效的软件模糊测试种子生成方法[J].西安电子科技大学学报(自然科学版),2024,51(2):126-136,11.基金项目
国家自然科学基金(62072051) (62072051)
