摘 要:AFL 作为模糊测试领域最具有代表性的工具,使用至今已发现大量软件的内存漏洞。实验表明,AFL 超过 60%的变异操作不会产生任何新路径,这些变异都是无效的变异。文章对 AFL 种子变异策略进行分析,研究并提出了一种变异策略的优化算法。该算法通过在确定性变异阶段记录种子文件的有效字节数组,在随机性变异阶段判断要变异的字节是否为有效字节来进行选择性的变异。根据所提出的算法对 AFL 进行了优化,实验验证了该种子变异优化算法的有效性。
关键词:模糊测试;AFL;种子变异策略;错误检测
DOI:10.19850/j.cnki.2096-4706.2021.24.036
基金项目:国家自然科学基金(62172217)
中图分类号:TP391;TP311 文献标识码:A 文章编号:2096-4706(2021)24-0142-04
Research on Optimization of AFL-Fuzzer Seed Mutation Strategy
ZHANG Qi 1,2 , MA Yingzi 1,2
(1.College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 210007, China; 2.State Key Laboratory for Novel Software Technology at Nanjing University, Nanjing 210023, China)
Abstract: As the most representative tool in the field of Fuzzing, AFL has found a large number of software memory vulnerabilities so far. Experiment results show that more than 60% of AFL’s mutations will not find any new paths, and these mutations are invalid. The paper analyzes the AFL seed mutation strategy, studies and proposes an optimization algorithm for the mutation strategy. The algorithm performs selective mutation by recording the effective byte array of the seed file in the deterministic mutation stage, and judging whether the bytes to be mutated are valid bytes in the random mutation stage. According to the proposed algorithm, AFL is optimized, and the experiment verifies the effectiveness of the seed mutation optimization algorithm.
Keywords: Fuzzing; AFL; seed mutation strategy; error detection
参考文献:
[1] VIEGA J, MESSIER M, CHANDRA P. Network security with openSSL:cryptography for secure communications [M].[S.I.]: O’Reilly Media,2002.
[2] CORDY J R. The TXL source transformation language [J]. Science of Computer Programming,2006,61(3):190-210.
[3] BHARDWAJ M,BAWA S. Fuzz testing in stack-based buffer overflow [EB/OL].[2021-11-01].https://link.springer.com/chapt er/10.1007/978-981-13-0341-8_3.
[4] LIANG J,WANG M Z,CHEN Y L,et al. Fuzz testing in practice:Obstacles and solutions [C]//2018 IEEE 25th International Conference on Software Analysis,Evolution and Reengineering (SANER).Campobasso:IEEE,2018:562-566.
[5] 任泽众,郑晗,张嘉元,等 . 模糊测试技术综述 [J]. 计算机研究与发展,2021,58(5):944-963.
[6] 李明磊,陆余良,黄晖,等 . 模糊测试变异算子调度优化模型 [J]. 小型微型计算机系统,2021,42(10):2190-2195.
[7] WANG H J,XIE X F,LI Y,et al. Typestate-guided fuzzer for discovering use-after-free vulnerabilities [C]//2020 IEEE/ACM 42nd International Conference on Software Engineering(ICSE).Seoul: IEEE,2020:999-1010.
[8] YOU W,WANG X Q,MA S Q,et al. Profuzzer:Onthe-fly input type probing for better zero-day vulnerability discovery [C]//2019 IEEE Symposium on Security and Privacy(SP).San Francisco:IEEE,2019:769-786.
作者简介:张琦(1992—),男,汉族,江苏连云港人,硕士生导师,硕士研究生,研究方向:软件工程、软件运行时验证;马莺姿(1996—),女,汉族,山东淄博人,硕士研究生在读,研究方向:软件工程、软件验证。