计算机应用研究2024,Vol.41Issue(10):3119-3123,5.DOI:10.19734/j.issn.1001-3695.2024.01.0053
有状态协议模糊测试的种子调度算法
Seed scheduling algorithm for fuzzing stateful protocols
谢宇豪 1徐向华1
作者信息
- 1. 杭州电子科技大学计算机学院,杭州 310018
- 折叠
摘要
Abstract
In order to investigate vulnerabilities in stateful protocols,AFL-NET has put forward stateful protocol fuzz testing.In such fuzz testing,the selection of seeds makes a major contribution to the exploration of paths.However,current stateful protocol fuzz testers often repeatedly execute the same several seeds,resulting in an inability to effectively explore more paths.To alleviate this problem,starting from the gain of seeds,this paper proposed an effective seed dynamic scheduling algorithm based on stateful protocols.The algorithm utilized the potential gain,actual gain,and cost of seeds as the gain,using this gain to dynamically schedule seeds and allocate the number of times seeds.Experiments show that this method significantly im-proves the number of vulnerabilities found and also has a certain degree of improvement in increasing coverage,indicating that the definition of this gain and the seed scheduling algorithm can effectively select seeds and explore more paths and vulnerabilities.关键词
模糊测试/灰盒/协议测试/漏洞挖掘Key words
fuzz testing/grey box/protocol testing/vulnerability mining分类
计算机与自动化引用本文复制引用
谢宇豪,徐向华..有状态协议模糊测试的种子调度算法[J].计算机应用研究,2024,41(10):3119-3123,5.
