基于动态能量调控的导向式灰盒模糊测试技术

导向式灰盒模糊测试(DGF)是能够快速生成测试用例，达到给定的程序目标区域并且发现漏洞的模糊测试技术. 针对当前DGF技术测试效率较低的问题，提出基于动态能量调控的DGF技术. 通过静态分析技术构建程序的函数调用图(CG)和控制流图(CFGs)，定义并计算更准确的函数级别、基本块级别的目标距离；通过跟踪种子的执行轨迹，计算种子到目标区域的距离；基于动态能量调控函数对模糊测试中种子的变异数量进行更有效的调控，引导生成到达目标区域的测试用例. 基于该方法，实现导向式模糊测试原型系统AFL-Ant，并与现有的导向式模糊测试方法进行对比实验. 结果表明，本研究所提出的方法能够更加快速、有效地对目标区域进行测试，在补丁测试、漏洞复现方面具有较强的应用价值.

Directed grey-box fuzzing technology based on dynamic energy regulation

Directed gray-box fuzzing (DGF) is a kind of fuzzing technology which can quickly generate test cases to reach a given target area of the program and find vulnerabilities. A DGF technology based on dynamic energy regulation was proposed, aiming at the inefficiency of existing DGF technology. The function call graph (CG) and control flow graphs (CFGs) of the program are constructed by static analysis technology, and the more accurate target distance at function level and basic block level is defined and calculated. The distance from seed to the target area is calculated by tracking the execution trajectory of the seed. The dynamic energy regulation function is used to effectively control the mutation quantity of seeds in the process of fuzzing, and to guide the generation of test cases that can reach the target area. A prototype system AFL-Ant for DGF was implemented based on this method, and the comparison experiments with the existing DGF method were carried out. Results demonstrate that the proposed method can test the target area faster and more effectively, and it has strong application value in patch testing and vulnerability reproduction.