| PyFuzzer:自动化高效内存模糊测试方法 |
| |
| 引用本文: | 李伟明,于俊清,艾少波.PyFuzzer:自动化高效内存模糊测试方法[J].通信学报,2013,34(Z2):13-68. |
| |
| 作者姓名: | 李伟明 于俊清 艾少波 |
| |
| 作者单位: | 华中科技大学 网络与计算中心,湖北 武汉 430074 |
| |
| 基金项目: | 国家自然科学基金资助项目(61370230) |
| |
| 摘 要: | 针对传统模糊测试(fuzz testing)耗时、无法绕过有效性验证等缺陷,提出了基于快速内存模糊测试,综合运用静态分析和动态跟踪技术的测试工具—PyFuzzer。整个过程高度自动化,通过WarFTPD、Serv-U等程序进行测试,并和4n FTP Fuzzer进行对比,结果表明PyFuzzer能有效地发掘二进制程序中的各种漏洞,极大地提高了模糊测试的效率。
|
| 关 键 词: | 模糊测试 静态分析 动态跟踪 漏洞挖掘 |
PyFuzzer:automatic in-memory fuzz testing method |
| |
| Wei-ming LI,Jun-qing YU,Shao-bo AI.PyFuzzer:automatic in-memory fuzz testing method[J].Journal on Communications,2013,34(Z2):13-68. |
| |
| Authors: | Wei-ming LI Jun-qing YU Shao-bo AI |
| |
| Affiliation: | Network and Computation Center,Huazhong University of Science and Technology,Wuhan 430074,China |
| |
| Abstract: | Fuzz Testing is an effective method to mine all kinds of vulnerabilities.But the main drawbacks to current fuzz testing tools are:firstly,it produces high volume testing data and it’s extraordinary time consumption; secondly,if the accessing needs authentication,the greatest part of test data will be abandoned.PyFuzzer,a novel automatic in-memory fuzz testing tool combining static analysis,dynamic analysis and in-memory fuzz testing,was presented.The tool is highly automatic and effective.Compared with 4n FTP Fuzzer in testing WarFTPD and Serv-U,PyFuzzer can discover all vulnerabilities and improve test efficiency greatly. |
| |
| Keywords: | fuzz testing static analysis dynamic tracking vulnerabilities excavate |
|
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|
