{"title":"Fuzzing technology based on suspicious basic block orientation","authors":"Yifan Feng","doi":"10.1117/12.3032100","DOIUrl":null,"url":null,"abstract":"With the increasing complexity of software and the diversification of vulnerability forms, manual vulnerability mining can no longer meet the needs of software vulnerability mining, and automated vulnerability mining methods are becoming increasingly important. Fuzzing is one of the popular automated vulnerability mining techniques, which is widely used in software vulnerability mining due to its ease of deployment and efficiency. However, fuzzing has strong randomness, which leads to the generation of a large number of redundant and invalid inputs during the fuzzing process, wasting program execution time, resulting in low code coverage, and only a small number of inputs can truly trigger program exceptions. Therefore, the research on oriented fuzzing methods is becoming increasingly important. This article proposes a fuzzing method based on suspicious basic blocks, which uses LLVM in the static analysis stage to analyze the target program and identify the code that may have vulnerabilities. In fuzzing, tracking the execution of these codes, recording edge coverage information, prioritizing the selection of seeds that can trigger potential vulnerability areas for testing, and verifying the effectiveness of the proposed method through experiments.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Other Conferences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1117/12.3032100","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
With the increasing complexity of software and the diversification of vulnerability forms, manual vulnerability mining can no longer meet the needs of software vulnerability mining, and automated vulnerability mining methods are becoming increasingly important. Fuzzing is one of the popular automated vulnerability mining techniques, which is widely used in software vulnerability mining due to its ease of deployment and efficiency. However, fuzzing has strong randomness, which leads to the generation of a large number of redundant and invalid inputs during the fuzzing process, wasting program execution time, resulting in low code coverage, and only a small number of inputs can truly trigger program exceptions. Therefore, the research on oriented fuzzing methods is becoming increasingly important. This article proposes a fuzzing method based on suspicious basic blocks, which uses LLVM in the static analysis stage to analyze the target program and identify the code that may have vulnerabilities. In fuzzing, tracking the execution of these codes, recording edge coverage information, prioritizing the selection of seeds that can trigger potential vulnerability areas for testing, and verifying the effectiveness of the proposed method through experiments.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
