计算机应用研究2024,Vol.41Issue(11):3455-3463,9.DOI:10.19734/j.issn.1001-3695.2024.01.0060
基于多目标支配分析和路径动态修剪优化的定向模糊测试技术
Directional fuzzing based on multi-objective domination analysis and path dynamic pruning optimization
摘要
Abstract
Current directed fuzzing techniques suffer from a lack of specificity towards individual targets in multi-target testing,limited path diversity when aiming at the same target,and a failure to dynamically adjust distance metrics based on the coverage level of different targets,leading to imbalanced testing and reduced efficiency in environments that integrate static analysis alerts for vulnerability mining.To address these issues,this paper introduced MTDFuzz,a multi-target directed exploration fuzzing technique that identified dominating nodes for targeted traversal.By leveraging test case optimization through multi-objective dominance analysis and a coverage score incentive mechanism,MTDFuzz generated test cases that covered both dominating nodes and targets,enabling diversified and directed exploration of target paths within the constraints of key coverage elements.The technique dynamically pruned paths based on target coverage,excluding thoroughly tested paths and targets from distance metric feedback.Through pruning and global dominating node adjustment,it dynamically tuned the scores of dominating nodes and target basic blocks,optimizing seed scheduling strategies based on dominating node coverage to efficiently allocate multi-target testing resources.Experimental results demonstrate that MTDFuzz significantly reduces the average time to discover vulnerabilities by 57.6%compared to commonly used directed fuzzing tools,and has uncovered 120-day vulnerabilities in four open-source programs,including Glibc and FFmpeg,significantly enhancing the multi-target exploration capability and vulnerability mining efficiency of directed fuzzing.关键词
定向模糊测试/漏洞挖掘/多目标导向/程序分析Key words
directed fuzzing/vulnerability mining/multi-objective orientation/program analysis分类
信息技术与安全科学引用本文复制引用
李泽源,尹中旭,宗国笑,桑海涯..基于多目标支配分析和路径动态修剪优化的定向模糊测试技术[J].计算机应用研究,2024,41(11):3455-3463,9.基金项目
河南省重点研发资助项目(2211112103007) (2211112103007)
