Bo Shuai,Mengjun Li,Haifeng Li,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.1109/CECNet.2013.6703400

2013-01-01

Abstract:In order to solve the problems of traditional Fuzzing technique for software vulnerability detection, this paper proposes a novel method based on genetic algorithm and dynamic taint analysis. First, static analysis is applied to calculate the critical path information, including danger functions, high cyclomatic number functions and loop structures. Second, dynamic taint analysis is introduced to identify the key bytes to reduce the input space. Third, the genetic algorithm fitness function is constructed based on the critical path information to guide the test case generation and the genetic operators are executed on the reduced input space. Experiments show that the method could obtain higher vulnerability detection accuracy and efficiency.

Bo Shuai,Haifeng Li,Jian Wang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.2991/nceece-15.2016.213

2016-01-01

Abstract:In order to elevate efficiency of traditional Fuzzing technique, a novel method using genetic algorithm is proposed based on path coverage and test cost. There are evidences that GA has been already successful in generating test cases. Considering path coverage as the test adequacy criterion, we have designed a GA-based test data generator that is able to synthesize multiple test data to cover multiple target paths. Meanwhile, in order to reduce the test cost in Fuzzing process, test cost is analyzed respectively from running time and loop structure in the method. Experimental results show that proposed approach could obtain higher vulnerability detection accuracy and efficiency.

Jun Yang,Guojun Mei,Chen Chen

DOI: https://doi.org/10.1109/ICCCN.2018.8487461

2018-01-01

Abstract:The fuzzy technology based on model constraint is lack of guidance in variation process, and the fuzzy technology based on coverage information has a weak code penetration ability when meeting a complex logic verification, what's more, these two methods' code coverage are deeply dependent on the initial samples, if there are no specific file structure types in the initial samples, the possibility of covering the corresponding code blocks will be very low. This paper proposes a vulnerability mining method based on genetic algorithm and constraint model. The method uses the model constraint technology to create test samples, and uses the fuzzy technology based on coverage information feedback to guide the direction of data variation. Besides that, using genetic algorithm to enrich the diversity of file structure types and combinations among test samples, and generate high-quality test samples gradually at the same time, which can greatly improve the efficiency of fuzzing test.

MA Jinxin,ZHANG Tao,LI Zhoujun,ZHANG Jiangxiao

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2016.25.004

2016-01-01

Abstract:Fuzzing testing is one of the most widely used and most effective methods for vulnerability detection.However,the traditional fuzzy analysis method is inefficient and works blindly.This paper describes a refining method that reduces the test sample size with the same code coverage.A weighted testing time model is used to give the better sample more time.A taint based exception analysis method is used to evaluate the severity of exceptions and to improve the vulnerability analysis efficiency.Comparisons with Peach show that this method improves the traditional fuzzy analysis method.

Fanping Zeng,Minghui Chen,Kaitao Yin,Xufa Wang

DOI: https://doi.org/10.1109/cmc.2009.141

2009-01-01

Abstract:On the basis of analyzing the safety formulas for various types of vulnerabilities, this paper presents a novel method for software vulnerability testing, which uses source-code conversion and the state information of function-call to test the vulnerability of software. This method could cover a variety of vulnerabilities. The implementation shows that it can check the attack of buffer overflow accurately, on the occasions of no large losses in performance.

Guang-Hong Liu,Gang Wu,Zheng Tao,Jian-Mei Shuai,Zhuo-Chun Tang

DOI: https://doi.org/10.1109/ICCIT.2008.9

2008-01-01

Abstract:Fuzzing was successfully used to discover security bugs in popular programs, though released without source code. It becomes a major tool in security analysis, but needs large input space, ineffective. This paper presents a new method for the identification of vulnerabilities in executable program called GAFuzzing (Genetic Algorithm Fuzzing), which combines static and dynamic analysis to extend random Fuzzing. First, it uses static analysis to obtain the structural behavior, interface and interest region of code, then formally describes test requirement. Second, it uses genetic algorithm to intelligently direct test data generation and improve the testing objective. Unlike many software testing tools, our implementation analyzes the executables without source code directly. Our evaluation shows that GAFuzzing is superior to random Fuzzing for vulnerabilty analysis.

Xiaosong Zhang,Lin Shao,Jiong Zheng

DOI: https://doi.org/10.1109/ICACIA.2008.4770021

2008-01-01

Abstract:Buffer overflow vulnerabilities can cause attacks that result in serious consequences. However the techniques of buffer overflow vulnerability detection are limited to manual analysis, binary-patch comparison, fuzzing and so on. They rely on manual analysis, thus cause high overhead. In this paper, we propose a novel method of detection of buffer overflow vulnerabilities, which is based on fuzzing, data-flow dynamic analysis and automated exception analysis. This new method effectively improves the detection of unknown security vulnerabilities (0 Day). Moreover, it is more automated and has better performance in finding new security vulnerabilities.

LI Zhen,ZOU Deqing,WANG Zeli,JIN Hai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2019001

2019-01-01

Abstract:Static software vulnerability detection is mainly divided into two types according to different analysis objects: vulnerability detection for binary code and vulnerability detection for source code. Because the source code contains more semantic information, it is more favored by code auditors. The existing vulnerability detection research works for source code are summarized from four aspects: code similarity-based vulnerability detection, symbolic execution-based vulnerability detection, rule-based vulnerability detection, and machine learning-based vulnerability detection. The vulnerability detection system based on source code similarity and the intelligent software vulnerability detection system for source code are taken as two examples to introduce the process of vulnerability detection in detail.

Bo Wu,Meng Jun Li,Bin Zhang,Chao Feng,Quan Zhang,Chao Jing Tang

DOI: https://doi.org/10.4028/www.scientific.net/amm.571-572.553

2014-01-01

Applied Mechanics and Materials

Abstract:Despite many automatic vulnerability detection approaches have been well documented, existing solutions for discovering software vulnerabilities in binary software are still difficult and time consuming. In this paper we present an approach based on random programming that works to quickly discover vulnerability in programmable binary software. By extracting the code snippets for special features and fixed API usages, we can get a set of original functional templates, and then we randomize the mutable factors in those templates. After that we reasonably make combination of those templates to produce final test templates. Finally, by concretizing the random factors we execute those test templates and monitor the software be tested to discover vulnerabilities. By template programming we can produce more reasonable test case, which makes our approach more effective than other solutions.

Longbin Zhou,Zhoujun Li

DOI: https://doi.org/10.1145/3194452.3194477

2018-01-01

Abstract:As people pay more and more attention to software security, the technology of vulnerability mining has gradually become the research hotspot in the industry. Fuzz testing is the mainstream of the vulnerability mining technology. In order to solve the shortcomings of the traditional document fuzz testing, such as efficiency is not high and the function is missing, so a new method of document fuzz testing will be introduced. In this paper, there will be a new way to streamline the test sample. It depends on the code coverage. So the smallest sample set of maximum code coverage will be gotten by using this method. It relies on virtual machine technology, it is more reliable and more accurate than Binary instrumentation technology. This method can effectively reduce a large number of invalid test.

Jun Yang,Peng Zhou,Yunze Ni

DOI: https://doi.org/10.1007/978-3-030-02613-4_28

2018-01-01

Abstract:Software Fuzzing technology is widely used in automated software vulnerability mining. In order to improve efficiency, various techniques such as symbolical execution and taint tracking have been applied to software Fuzzing. Due to the lack of uniform and standardized test samples, researchers can only use existing software for testing. Therefore, there are sample differences when compared with existing technologies, and it is impossible to accurately measure the advantages and disadvantages of different technologies. In this paper, we propose a source-based software vulnerability auto-generation technology, through the analysis of the source code structure characteristics, to find the potential vulnerability insertion point, combined with known types of vulnerabilities, and automatically insert the vulnerability into the source code. We selected some open source projects such as coreutils as the test target, and inserted multiple vulnerabilities in the source code. We create a basis of judgement by providing a standardized sample of vulnerability programs.

Hanyi Nie,Xu Zhou,Junnan Zhang

DOI: https://doi.org/10.1109/icsess47205.2019.9040815

2019-01-01

Abstract:In software testing, code coverage can be one of the major metrics for evaluating the effectiveness of a test. Among all existing software testing methods, coverage-guided fuzzing is widely used nowadays, but the way it uses to obtain path coverage is mostly based on code instrumentation or emulation. However, a tester cannot take targeted measures if have no information about where the progress of the test is stuck. This paper proposes a method to record precise code coverage in a hybrid way which combining static program analysis and dynamic tracing. This work is on the basis of previous work that leverages hardware mechanism (Intel Processor Trace) to collect branch information and implement a tool called CovFuzz. Our approach can achieve an accurate coverage track that can reversibly find the corresponding source code or assembly code to assist program analysis and break through the bottleneck when the progress of software testing gets stuck. Our experiments show that the code coverage can be improved with the help of accurate path information.

JiaYu Li,Ye Yao,Yian Zhu,Mutitaba,Yongkai Zhang,Hang Li

DOI: https://doi.org/10.1109/icnisc60562.2023.00011

2023-01-01

Abstract:The paper presented and implemented a C-Scanner source code vulnerability detection tool, which can solve the buffer overflow problem. The main idea was to rewrite the source code of a C or C++, so that the resulting code contained the safe version of the old vulnerable functions, which may contain a buffer overflow security problem. If rewriting was not possible, due to some reasons, a warning was issued along with a hint to solve the problem if it was possible. C-Scanner in this paper took the C or C++ source code as input, and then it did a parsing process. Every time it encountered a vulnerable function call, it classified this function call. If this function call was belonging to a category of its interest, then it would rewrite this vulnerable function by a safe version, which prevented the buffer overflow vulnerability.

Yuwei Li,Shouling Ji,Chenyang Lyu,Yuan Chen,Jianhai Chen,Qinchen Gu,Chunming Wu,Raheem Beyah

DOI: https://doi.org/10.1109/TCYB.2020.3013675

Abstract:Fuzzing is a technique of finding bugs by executing a target program recurrently with a large number of abnormal inputs. Most of the coverage-based fuzzers consider all parts of a program equally and pay too much attention to how to improve the code coverage. It is inefficient as the vulnerable code only takes a tiny fraction of the entire code. In this article, we design and implement an evolutionary fuzzing framework called V-Fuzz, which aims to find bugs efficiently and quickly in limited time for binary programs. V-Fuzz consists of two main components: 1) a vulnerability prediction model and 2) a vulnerability-oriented evolutionary fuzzer. Given a binary program to V-Fuzz, the vulnerability prediction model will give a prior estimation on which parts of a program are more likely to be vulnerable. Then, the fuzzer leverages an evolutionary algorithm to generate inputs which are more likely to arrive at the vulnerable locations, guided by the vulnerability prediction result. The experimental results demonstrate that V-Fuzz can find bugs efficiently with the assistance of vulnerability prediction. Moreover, V-Fuzz has discovered ten common vulnerabilities and exposures (CVEs), and three of them are newly discovered.

Yuan LIU,Yong-hui YANG,Chun-rui ZHANG,Wei WANG

DOI: https://doi.org/10.3969/j.issn.0372-2112.2017.03.007

2017-01-01

Abstract:Considering the features of the traditional Fuzzing technology,a method is proposed for Fuzzing test case generating in vulnerability exploiting,which is aimed at nonlinear solution and single input problem.This method takes advantage of the genetic algorithm and deals with those two problems mentioned above.The experiment results show that,the proposed solution has an obvious improvement compared with the early method which generates the test cases randomly.

Lei Cui,Zhiyu Hao,Yang Jiao,Haiqiang Fei,Xiaochun Yun

DOI: https://doi.org/10.1109/tifs.2020.3047756

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Code similarity is one promising approach to detect vulnerabilities hidden in software programs. However, due to the complexity and diversity of source code, current methods suffer low accuracy, high false negative and poor performance, especially in analyzing a large program. In this paper, we propose to tackle these problems by presenting VulDetector, a static-analysis tool to detect C/C++ vulnerabilities based on graph comparison at the granularity of function. At the key of VulDetector is a weighted feature graph (WFG) model which characterizes function with a small yet semantically rich graph. It first pinpoints vulnerability-sensitive keywords to slice the control flow graph of a function, thereby reducing the graph size without compromising security-related semantics. Then, each sliced subgraph is characterized using WFG, which provides both syntactic and semantic features in varying degrees of security. As for graph comparison, we take full usage of vulnerability graph and patch graph to improve accuracy. In addition, we propose two optimization methods based on analysis of vulnerabilities. We have implemented VulDetector to automatically detect vulnerabilities in software programs with known vulnerabilities. The experimental results prove the effectiveness and efficiency of VulDetector.

An Xifeng,Li Weihua,Pan Wei

DOI: https://doi.org/10.1109/ISKE.2008.4730998

2008-01-01

Abstract:Through comprehensive analysis of software security vulnerability, a novel vulnerability detecting method based on similar characteristic is proposed in this paper. The method aims at C Code security detection. Based on Case-based Reasoning technology, the method performs similarity matching between security characteristic of source code and the characteristic of known security vulnerabilities, and calculates the similarity to determine if the code has security vulnerabilities. The experiments demonstrate that the presented method can effectively improve the veracity and efficiency of vulnerability detection. And it solves the problems that current detecting methods based on rule-matching cannot rapidly and accurately handle the large-scale legacy software and structurecomplicated software. Furthermore, the definition and selection of threshold also improves the adaptability and agility of detecting method. © 2008 IEEE.

Wenjie Wang,Donghai Tian,Rui Ma,Hang Wei,Qianjin Ying,Xiaoqi Jia,Lei Zuo

DOI: https://doi.org/10.23919/jcc.2021.08.001

2021-01-01

China Communications

Abstract:Fuzzing is an effective technique to find security bugs in programs by quickly exploring the input space of programs. To further discover vulnerabilities hidden in deep execution paths, the hybrid fuzzing combines fuzzing and concolic execution for going through complex branch conditions. In general, we observe that the execution path which comes across more and complex basic blocks may have a higher chance of containing a security bug. Based on this observation, we propose a hybrid fuzzing method assisted by static analysis for binary programs. The basic idea of our method is to prioritize seed inputs according to the complexity of their associated execution paths. For this purpose, we utilize static analysis to evaluate the complexity of each basic block and employ the hardware trace mechanism to dynamically extract the execution path for calculating the seed inputs' weights. The key advantage of our method is that our system can test binary programs efficiently by using the hardware trace and hybrid fuzzing. To evaluate the effectiveness of our method, we design and implement a prototype system, namely SHFuzz. The evaluation results show SHFuzz discovers more unique crashes on several real-world applications and the LAVA-M dataset when compared to the previous solutions.

Yuwei Li,Shouling Ji,Chenyang Lv,Yuan Chen,Jianhai Chen,Qinchen Gu,Chunming Wu

DOI: https://doi.org/10.48550/arxiv.1901.01142

2019-01-01

Abstract:Fuzzing is a technique of finding bugs by executing a software recurrently with a large number of abnormal inputs. Most of the existing fuzzers consider all parts of a software equally, and pay too much attention on how to improve the code coverage. It is inefficient as the vulnerable code only takes a tiny fraction of the entire code. In this paper, we design and implement a vulnerability-oriented evolutionary fuzzing prototype named V-Fuzz, which aims to find bugs efficiently and quickly in a limited time. V-Fuzz consists of two main components: a neural network-based vulnerability prediction model and a vulnerability-oriented evolutionary fuzzer. Given a binary program to V-Fuzz, the vulnerability prediction model will give a prior estimation on which parts of the software are more likely to be vulnerable. Then, the fuzzer leverages an evolutionary algorithm to generate inputs which tend to arrive at the vulnerable locations, guided by the vulnerability prediction result. Experimental results demonstrate that V-Fuzz can find bugs more efficiently than state-of-the-art fuzzers. Moreover, V-Fuzz has discovered 10 CVEs, and 3 of them are newly discovered. We reported the new CVEs, and they have been confirmed and fixed.

Lei Wang,Qiang Zhang,Peng Zhao

DOI: https://doi.org/10.1109/SCAM.2008.24

2008-10-03

Abstract:Ensuring the correctness and reliability of software systems is one of the main problems in software development. Model checking, a static analysis method, is preponderant in improving the precision of vulnerabilities detection. However, when applied to buffer overflow and other bugs, it is hard to automatically construct the model for detecting the vulnerabilities. To address this problem we propose an approach that combines constraint based analysis and model checking together. We trace the memory size of buffer-related variables and instrument the code with corresponding constraint assertions before the potential vulnerable points by constraint based analysis. Then the problem of detecting vulnerabilities is converted into the problem of detecting vulnerabilities to verifying the reach ability of these assertions by model checking. In order to reduce the cost of model checking, program slicing is introduced to reduce the code size. CodeAuditor is a prototype implementation of our approach. With CodeAuditor, several yet unreported vulnerabilities are discovered in several open source software, and the performance is shown to be improved significantly with the help of program slicing.

Computer Science