{"title":"Network application vulnerability detection based on fuzzing technology","authors":"Chen Chong, Zou Ping","doi":"10.1109/NaNA53684.2021.00067","DOIUrl":null,"url":null,"abstract":"In recent years, the vulnerabilities of network applications have frequently appeared, which has made the mining of vulnerabilities more and more concerned in recent years, because once the vulnerabilities caused by network applications are exploited, they will cause high-level security problems and have a big impact. AFL (American Fuzzy Lop) is a mutation-based fuzzing technology, and it is also one of the most popular and effective fuzzing tools. It has good performance and performance in mining vulnerabilities. Aiming at network applications and based on AFL, this paper optimizes the framework’s deficiencies in seed generation and seed selection, and designs and implements a higher-performance vulnerability detection tool. In the aspect of seed generation, the PSO (particle swarm optimization) algorithm is used to modify some related algorithms in the mutation stage of AFL to optimize the operator selection process in this stage. Instead of using the fixed selection algorithm, the current operator environment and the previous operator environment are considered in each operator selection to make a decision. In the aspect of seed selection, we model the number of mutation times needed by the seeds to generate new paths, give priority to the seeds that execute low-frequency paths, and give them higher mutation times, that is, the power of the seeds, so as to improve the utilization efficiency of the seeds and obtain more path coverage.","PeriodicalId":414672,"journal":{"name":"2021 International Conference on Networking and Network Applications (NaNA)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Networking and Network Applications (NaNA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NaNA53684.2021.00067","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
In recent years, the vulnerabilities of network applications have frequently appeared, which has made the mining of vulnerabilities more and more concerned in recent years, because once the vulnerabilities caused by network applications are exploited, they will cause high-level security problems and have a big impact. AFL (American Fuzzy Lop) is a mutation-based fuzzing technology, and it is also one of the most popular and effective fuzzing tools. It has good performance and performance in mining vulnerabilities. Aiming at network applications and based on AFL, this paper optimizes the framework’s deficiencies in seed generation and seed selection, and designs and implements a higher-performance vulnerability detection tool. In the aspect of seed generation, the PSO (particle swarm optimization) algorithm is used to modify some related algorithms in the mutation stage of AFL to optimize the operator selection process in this stage. Instead of using the fixed selection algorithm, the current operator environment and the previous operator environment are considered in each operator selection to make a decision. In the aspect of seed selection, we model the number of mutation times needed by the seeds to generate new paths, give priority to the seeds that execute low-frequency paths, and give them higher mutation times, that is, the power of the seeds, so as to improve the utilization efficiency of the seeds and obtain more path coverage.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
