Bo Shuai,Haifeng Li,Jian Wang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.2991/nceece-15.2016.213

2016-01-01

Abstract:In order to elevate efficiency of traditional Fuzzing technique, a novel method using genetic algorithm is proposed based on path coverage and test cost. There are evidences that GA has been already successful in generating test cases. Considering path coverage as the test adequacy criterion, we have designed a GA-based test data generator that is able to synthesize multiple test data to cover multiple target paths. Meanwhile, in order to reduce the test cost in Fuzzing process, test cost is analyzed respectively from running time and loop structure in the method. Experimental results show that proposed approach could obtain higher vulnerability detection accuracy and efficiency.

Mingrui Ma,Lansheng Han,Yekui Qian

DOI: https://doi.org/10.3390/s22031265

2022-02-07

Abstract:As one of the most effective methods of vulnerability mining, fuzzy testing has scalability and complex path detection ability. Fuzzy testing sample generation is the key step of fuzzy testing, and the quality of sample directly determines the vulnerability mining ability of fuzzy tester. At present, the known sample generation methods focus on code coverage or seed mutation under a critical execution path, so it is difficult to take both into account. Therefore, based on the idea of ensemble learning in artificial intelligence, we propose a fuzzy testing sample generation framework named CVDF DYNAMIC, which is based on genetic algorithm and BI-LSTM neural network. The main purpose of CVDF DYNAMIC is to generate fuzzy testing samples with both code coverage and path depth detection ability. CVDF DYNAMIC generates its own test case sets through BI-LSTM neural network and genetic algorithm. Then, we integrate the two sample sets through the idea of ensemble learning to obtain a sample set with both code coverage and vulnerability mining ability for a critical execution path of the program. In order to improve the efficiency of fuzzy testing, we use heuristic genetic algorithm to simplify the integrated sample set. We also innovatively put forward the evaluation index of path depth detection ability (pdda), which can effectively measure the vulnerability mining ability of the generated test case set under the critical execution path of the program. Finally, we compare CVDF DYNAMIC with some existing fuzzy testing tools and scientific research results and further propose the future improvement ideas of CVDF DYNAMIC.

zhiyong wu,lechang sun,heping tang,min zhang,jingju liu

DOI: https://doi.org/10.1109/ICCET.2010.5485274

2010-01-01

Abstract:Knowledge-based Fuzzing technology successfully applies in software vulnerability mining, however, current Fuzzing technology mainly focuses on fuzzing target software based on single data sample and thus the vulnerability mining results are not stable, false negatives of vulnerability are high and the selection of data sample depends on people's analysis. To solve these problems, this paper proposes a model named Fuzzing Test Suite Generation model based on data sample combination (FTSGc) which can automatically select data samples combination from large scale data sample set to fuzz target software. To solve Data Sample Combination Problem (DSCP), this paper proposes a method of covering all possible basic blocks in Control Flow Graph (CFG) with minimum running cost and gives a theorem named Maximum Degree Coverage (MFD) to select data sample combination and gets the conclusion that DSCP is actually the Set Covering Problem (SCP). Practical experiment results show that the proposed Fuzzing technology which selects automatically data sample combination based on CFG works much better than current Fuzzing technology on both the Ability of Vulnerability Mining (AVM) and the Efficiency of Vulnerability Mining (EVM).

WU Zhi-yong,WANG Hong-chuan,SUN Le-chang,CHEN Tao,ZHANG Min

2011-01-01

Abstract:The genetic algorithm in existing multi-dimensional Fuzzing technologies can not represent most types of input elements and can not use got knowledge thoroughly,which limit its discovered vulnerability′s scope and vulnerability mining ability,and this paper designs a genetic algorithm including select,crossover,mutate and mend operations and which can represent most input elements′ type,proposes an encoding and operation scheme where several input elements′ small chromosomes cascades a big chromosome and the operations on big chromosomes are divided into the operations on the small chromosomes,and proposes a suite of encoding and operations on variable-length chromosomes of input elements of string type.Experiment results on vulnerability mining show that the multi-dimensional Fuzzing technology which uses the proposed genetic algorithms works better than other multi-dimensional vulnerability mining ability both on the ability of vulnerability mining and the efficiency of vulnerability mining.

Bo Shuai,Mengjun Li,Haifeng Li,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.1109/CECNet.2013.6703400

2013-01-01

Abstract:In order to solve the problems of traditional Fuzzing technique for software vulnerability detection, this paper proposes a novel method based on genetic algorithm and dynamic taint analysis. First, static analysis is applied to calculate the critical path information, including danger functions, high cyclomatic number functions and loop structures. Second, dynamic taint analysis is introduced to identify the key bytes to reduce the input space. Third, the genetic algorithm fitness function is constructed based on the critical path information to guide the test case generation and the genetic operators are executed on the reduced input space. Experiments show that the method could obtain higher vulnerability detection accuracy and efficiency.

Yuan LIU,Yong-hui YANG,Chun-rui ZHANG,Wei WANG

DOI: https://doi.org/10.3969/j.issn.0372-2112.2017.03.007

2017-01-01

Abstract:Considering the features of the traditional Fuzzing technology,a method is proposed for Fuzzing test case generating in vulnerability exploiting,which is aimed at nonlinear solution and single input problem.This method takes advantage of the genetic algorithm and deals with those two problems mentioned above.The experiment results show that,the proposed solution has an obvious improvement compared with the early method which generates the test cases randomly.

Bo Shuai,Haifeng Li,Lei Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.1109/cis.2015.84

2015-01-01

Abstract:In order to solve the problems of traditional Fuzzing technique for software vulnerability detection, a novel method based on code coverage and test cost is proposed. Firstly, static analysis is applied to calculate the code coverage information, including basic block coverage and new block coverage. In addition, test path diversity information is introduced to elevate path coverage, which is achieved based on the sequence alignment algorithm. Secondly, test cost is analyzed respectively from running time and loop structure. The loop structure is simplified using finite expansion manner. Thirdly, the genetic algorithm fitness function is constructed based on the code coverage and test cost to guide the test case generation. Experiments on realistic binary software show that the method could obtain higher vulnerability detection accuracy and efficiency than the traditional Fuzzing technique.

Jun Yang,Peng Zhou,Yunze Ni

DOI: https://doi.org/10.1007/978-3-030-02613-4_28

2018-01-01

Abstract:Software Fuzzing technology is widely used in automated software vulnerability mining. In order to improve efficiency, various techniques such as symbolical execution and taint tracking have been applied to software Fuzzing. Due to the lack of uniform and standardized test samples, researchers can only use existing software for testing. Therefore, there are sample differences when compared with existing technologies, and it is impossible to accurately measure the advantages and disadvantages of different technologies. In this paper, we propose a source-based software vulnerability auto-generation technology, through the analysis of the source code structure characteristics, to find the potential vulnerability insertion point, combined with known types of vulnerabilities, and automatically insert the vulnerability into the source code. We selected some open source projects such as coreutils as the test target, and inserted multiple vulnerabilities in the source code. We create a basis of judgement by providing a standardized sample of vulnerability programs.

Xinshi Zhou,Bin Wu

DOI: https://doi.org/10.1109/itnec48623.2020.9084765

2020-01-01

Abstract:Web fuzzing has always been an effective way to detect web vulnerabilities. Normally, traditional web fuzzing method mainly use limited test cases or generate test cases based on certain rules, which cause web fuzzing slow and inefficient. To solve this problem, we present improved genetic algorithm with a new mutation method to generate test cases. And the concept of preset functional units is proposed: test cases are divided into different functional units to ensure that the semantic structure will not be damaged during crossover and mutation. The experimental results show that the improved algorithm can generate better test cases than the standard genetic algorithm (SGA) and the adaptive genetic algorithm (AGA) and also detect more web vulnerabilities.

ZHANG Yuan,FANG Yong

DOI: https://doi.org/10.3969/j.issn.1009-8054.2013.04.032

2013-01-01

Abstract:Nowadays,the discovery and use of program vulnerability is the key problem in information security field. Traditional vulnerability mining technology has many limits, including low accuracy and low coverage. In this situation, this paper proposes a new vulnerability mining system using program process tracing technology. Based on static testing technology,combined graph theory like CCG and FCG, and with genetic algorithm to alter the testing samples,and complete vulnerability mining system is proposed and constructed. This system could extend the program coverage,implement efficient and accurate vulnerability mining.

Chunlai Du,Guizhi Xu,Yanhui Guo,Zhongru Wang,Weiqiang Yu

DOI: https://doi.org/10.3390/math12050745

IF: 2.4

2024-03-02

Mathematics

Abstract:Coverage-guided fuzzing has been widely applied in software error and security vulnerability detection. The fuzzing technique based on AFL (American Fuzzy Loop) is a common coverage-guided fuzzing method. The code coverage during AFL fuzzing is highly dependent on the quality of the initial seeds. If the selected seeds' quality is poor, the AFL may not be able to detect program paths in a targeted manner, resulting in wasted time and computational resources. To solve the problems that the seed selection strategy in traditional AFL fuzzing cannot quickly and effectively generate high-quality seed sets and the mutated test cases cannot reach deeper paths and trigger security vulnerabilities, this paper proposes an attention mechanism-based generative adversarial network (GAN) seed generation approach for vulnerability mining, which can learn the characteristics and distribution of high-quality test samples during the testing process and generate high-quality seeds for fuzzing. The proposed method improves the GAN by introducing fully connected neural networks to balance the competitive adversarial process between discriminators and generators and incorporating attention mechanisms, greatly improving the quality of generated seeds. Our experimental results show that the seeds generated by the proposed method have significant improvements in coverage, triggering unique crashes and other indicators and improving the efficiency of AFL fuzzing.

mathematics

Longbin Zhou,Zhoujun Li

DOI: https://doi.org/10.1145/3194452.3194477

2018-01-01

Abstract:As people pay more and more attention to software security, the technology of vulnerability mining has gradually become the research hotspot in the industry. Fuzz testing is the mainstream of the vulnerability mining technology. In order to solve the shortcomings of the traditional document fuzz testing, such as efficiency is not high and the function is missing, so a new method of document fuzz testing will be introduced. In this paper, there will be a new way to streamline the test sample. It depends on the code coverage. So the smallest sample set of maximum code coverage will be gotten by using this method. It relies on virtual machine technology, it is more reliable and more accurate than Binary instrumentation technology. This method can effectively reduce a large number of invalid test.

Guang-Hong Liu,Gang Wu,Zheng Tao,Jian-Mei Shuai,Zhuo-Chun Tang

DOI: https://doi.org/10.1109/ICCIT.2008.9

2008-01-01

Abstract:Fuzzing was successfully used to discover security bugs in popular programs, though released without source code. It becomes a major tool in security analysis, but needs large input space, ineffective. This paper presents a new method for the identification of vulnerabilities in executable program called GAFuzzing (Genetic Algorithm Fuzzing), which combines static and dynamic analysis to extend random Fuzzing. First, it uses static analysis to obtain the structural behavior, interface and interest region of code, then formally describes test requirement. Second, it uses genetic algorithm to intelligently direct test data generation and improve the testing objective. Unlike many software testing tools, our implementation analyzes the executables without source code directly. Our evaluation shows that GAFuzzing is superior to random Fuzzing for vulnerabilty analysis.

Yaoyang Liu,Bin Wu

DOI: https://doi.org/10.1109/icmcce51767.2020.00289

2020-01-01

Abstract:Fuzzy testing technology has a good effect in discovering web vulnerabilities, which is incomparable with other security testing technologies. Because of the randomness and unpredictability of its test cases, it can dig out the relevant vulnerabilities comprehensively and systematically. Before that, some researchers proposed to use genetic algorithm to generate test cases to solve the problem of single test cases. However, the test cases generated by genetic algorithm are often of high randomness, and the proportion of effective test cases is relatively low. According to this problem, I proposed to generate test cases based on generative countermeasure network. On the basis of ensuring its randomness, the relevant test cases are generated pertinently. Through relevant experiments, it is proved that the generated confrontation network can generate effective test cases. Compared with the test cases generated by genetic algorithm, its effectiveness is better and more web vulnerabilities can be found.

Binhe Zhou,Qi Li,Bowen Sun,Yuangang Yao

DOI: https://doi.org/10.1145/3192975.3193005

2018-01-01

Abstract:At present, fuzzy test is one of the most common ways of software vulnerability mining. However, the pertinence of traditional fuzzy test is not strong enough, the coverage is too low. The traditional fuzzy test can't meet the demand of the safety requirements of industrial control systems. This paper is aimed at the characteristics of industrial terminal equipment. We use genetic algorithm to design variation function and improve the memory fuzzy test to detect vulnerabilities. Based on this paper, we can effectively implement the new vulnerability mining system for industrial control system terminal, and greatly shorten the excavation time.

Yuwei Li,Shouling Ji,Chenyang Lyu,Yuan Chen,Jianhai Chen,Qinchen Gu,Chunming Wu,Raheem Beyah

DOI: https://doi.org/10.1109/TCYB.2020.3013675

Abstract:Fuzzing is a technique of finding bugs by executing a target program recurrently with a large number of abnormal inputs. Most of the coverage-based fuzzers consider all parts of a program equally and pay too much attention to how to improve the code coverage. It is inefficient as the vulnerable code only takes a tiny fraction of the entire code. In this article, we design and implement an evolutionary fuzzing framework called V-Fuzz, which aims to find bugs efficiently and quickly in limited time for binary programs. V-Fuzz consists of two main components: 1) a vulnerability prediction model and 2) a vulnerability-oriented evolutionary fuzzer. Given a binary program to V-Fuzz, the vulnerability prediction model will give a prior estimation on which parts of a program are more likely to be vulnerable. Then, the fuzzer leverages an evolutionary algorithm to generate inputs which are more likely to arrive at the vulnerable locations, guided by the vulnerability prediction result. The experimental results demonstrate that V-Fuzz can find bugs efficiently with the assistance of vulnerability prediction. Moreover, V-Fuzz has discovered ten common vulnerabilities and exposures (CVEs), and three of them are newly discovered.

Wei Zheng,Peiran Deng,Kui Gui,Xiaoxue Wu

DOI: https://doi.org/10.1016/j.infsof.2023.107194

IF: 3.9

2023-06-01

Information and Software Technology

Abstract:Context: Zero-day vulnerabilities are highly destructive and sudden. However, traditional static and dynamic testing methods cannot efficiently detect them. Objective: In this paper, a static fuzzy mutation method for program code is studied. This method can improve the efficiency of mutation sample generation according to the vulnerability evolution law, thus promoting the development of zero-day vulnerability detection methods based on deep learning techniques. Method: A static fuzzy mutation method based on the Abstract Syntax Tree (AST) is proposed. Under the guidance of software vulnerability evolution law, potential evolution paths that threaten program security are detected, and mutation samples containing vulnerabilities are generated at the syntax tree level based on the paths. To verify the effectiveness of static fuzzy mutation based on ASTs, this paper starts with Concurrent Use After Free (CUAF) homologous vulnerability. It uses multi-threaded programs to perform vulnerability feature statement insertion processing to infer the optimal mutation operator execution sequence corresponding to CUAF vulnerabilities triggered by data competition. The Linux kernel code is used to verify whether it can effectively reduce the number of invalid mutation samples. Results: In this paper, we filter the code fragments in the Linux kernel public code containing CUAF vulnerability fix commits and perform static fuzzy mutation on the fix versions of the vulnerabilities to reproduce the vulnerabilities of this type triggered by these code fragments on the timeline. We compare the process with the execution of the random mutation operator in traditional detection methods horizontally and improve the efficiency by 42.4% on average. Conclusion: The static fuzzy mutation based on the AST is effective in stages. When this method is explored in more vulnerability-type evolution laws, it is expected to promote the development of the zero-day vulnerability active detection technology framework.

computer science, information systems, software engineering

Yuwei Li,Shouling Ji,Chenyang Lv,Yuan Chen,Jianhai Chen,Qinchen Gu,Chunming Wu

DOI: https://doi.org/10.48550/arxiv.1901.01142

2019-01-01

Abstract:Fuzzing is a technique of finding bugs by executing a software recurrently with a large number of abnormal inputs. Most of the existing fuzzers consider all parts of a software equally, and pay too much attention on how to improve the code coverage. It is inefficient as the vulnerable code only takes a tiny fraction of the entire code. In this paper, we design and implement a vulnerability-oriented evolutionary fuzzing prototype named V-Fuzz, which aims to find bugs efficiently and quickly in a limited time. V-Fuzz consists of two main components: a neural network-based vulnerability prediction model and a vulnerability-oriented evolutionary fuzzer. Given a binary program to V-Fuzz, the vulnerability prediction model will give a prior estimation on which parts of the software are more likely to be vulnerable. Then, the fuzzer leverages an evolutionary algorithm to generate inputs which tend to arrive at the vulnerable locations, guided by the vulnerability prediction result. Experimental results demonstrate that V-Fuzz can find bugs more efficiently than state-of-the-art fuzzers. Moreover, V-Fuzz has discovered 10 CVEs, and 3 of them are newly discovered. We reported the new CVEs, and they have been confirmed and fixed.

Xiang Li,Jinfu Chen,Zhechao Lin,Lin Zhang,Zibin Wang,Minmin Zhou,Wanggen Xie

DOI: https://doi.org/10.1109/cbd.2017.58

2017-08-01

Abstract:Software vulnerability remains a serious challenge to the software engineering domain over the past decade as a result of the recent technological advancement in information systems. The rapid development in software applications and failure on the part of system developers to properly analyze program codes before been released to the market increases the chance for data breaches. It is a known fact that most system failures are as a result of bugs and errors detected in software applications. Although code errors significantly affect software quality, there is no effective method that can be used in eliminating software errors to improve its reliability. Data Mining and its related algorithms are an active area which can successfully be applied in analyzing software vulnerability. However the concept of applying data mining techniques has not been empirically proven as an effective method for obtaining the essential characteristics of software vulnerability. To investigate this effect, we propose a vulnerability mining algorithm to analyze and obtain the essential characteristics of Software vulnerability based data mining techniques. We first extracted and preprocessed the software vulnerabilities using data mining techniques and common vulnerability database. We evaluate the proposed technique using the Common Vulnerability and Exposure (CVE) Database, Common Weakness Enumeration (CWE) Database, National Vulnerability Database (NVD) datasets. Empirical results show that the proposed vulnerability mining algorithm has a remarkable improvement in the vulnerability mining process. The most interesting finding is that, we observed that across all the three projects, recall was around 70% and precision was approximately 60%.