Vulnerability Mining Method Based on Genetic Algorithm and Model Constraint
暂无分享,去创建一个
The fuzzy technology based on model constraint is lack of guidance in variation process, and the fuzzy technology based on coverage information has a weak code penetration ability when meeting a complex logic verification, what's more, these two methods' code coverage are deeply dependent on the initial samples, if there are no specific file structure types in the initial samples, the possibility of covering the corresponding code blocks will be very low. This paper proposes a vulnerability mining method based on genetic algorithm and constraint model. The method uses the model constraint technology to create test samples, and uses the fuzzy technology based on coverage information feedback to guide the direction of data variation. Besides that, using genetic algorithm to enrich the diversity of file structure types and combinations among test samples, and generate high-quality test samples gradually at the same time, which can greatly improve the efficiency of fuzzing test.
[1] Baojiang Cui,et al. The Study on Integer Overflow Vulnerability Detection in Binary Executables Based Upon Genetic Algorithm , 2011 .
[2] Abhik Roychoudhury,et al. Model-based whitebox fuzzing for program binaries , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).
[3] Herbert Bos,et al. VUzzer: Application-aware Evolutionary Fuzzing , 2017, NDSS.