基于异常分布导向的智能Fuzzing方法

现有主流智能Fuzzing测试一般通过对程序内部结构的精确分析构造新测试样本,因而严重依赖于当前计算机的性能,往往忽略了已发现的程序异常信息对新测试样本构造的指导意义.为了克服上述缺陷,该文提出一种基于异常分布导向的智能Fuzzing方法.该方法针对二进制程序测试,建立了TGM(Testcase Generation Model)样本构造模型:首先根据计算能力收集测试样本集的相关信息;然后随机选择初始测试样本进行测试;最后,基于测试结果初始化模型参数,根据模型优先选择更有效的输入属性构造新样本并进行新一轮测试,通过重复进行该步骤,在迭代测试中不断更新模型参数,用于指导下一轮新测试样本构造.实验数据表明该方法可以辅助Fuzzing选择更有效的样本优先进行测试,设计的原型工具CombFuzz在异常检测能力和代码覆盖能力上都有良好表现,同时,在对大型应用程序进行测试时,与微软SDL实验室的MiniFuzz测试器相比,在限定时间内平均异常发现率提高近18倍,并在WPS 2013等软件中发现了7个MiniFuzz无法发现的未公开“可利用”脆弱点.

Intelligent Fuzzing Based on Exception Distribution Steering

The current mainstream intelligent Fuzzing often constructs new test samples through precise analysis of the program’s internal structure, which is heavily dependent on the performance of the computer and often overlooks the guiding significance of the discovered program information of exceptions for construction of new testing samples. To overcome these shortcomings, this paper presents a method based on intelligent Fuzzing exception distribution steering, which establishes a data-constructing model named TGM (Testcase Generation Model) for binary program testing. Firstly the relevant information of testing samples is collected according to the computing capability. Then random initial testing samples are selected for testing. Finally, the testing results are used to initialize parameters of the model, which guides the priority selection of more effective input attributes to construct new samples for the next round of testing. This procedure is repeated in iterative testing to constantly update model parameters for guiding the next testing. Experimental data shows that this method can assist Fuzzing to prioritize more effective samples for testing. Design prototyping tool CombFuzz has good performance in the exception detection capability and code coverage capability, meanwhile, when the tests are carried out on large programs, compared with MiniFuzz of Microsoft,s SDL lab, this method increases the average of exception detection rate by nearly 18 times in a limited period of time, and has found 7 undisclosed “exploitable” vulnerabilities in WPS 2013 and other softwares that MiniFuzz did not find.