|
|||||
|
|
| 基于多维Fuzzing的缓冲区溢出漏洞挖掘技术研究* | |
| 引用本文: | 夏建军,孙乐昌,刘京菊,张旻,蔡铭. 基于多维Fuzzing的缓冲区溢出漏洞挖掘技术研究*[J]. 计算机应用研究, 2011, 28(9): 3539-3541. DOI: 10.3969/j.issn.1001-3695.2011.09.095 |
| 作者姓名: | 夏建军 孙乐昌 刘京菊 张旻 蔡铭 |
| 作者单位: | 1. 解放军电子工程学院 604研究室,合肥,230037 2. 解放军电子工程学院 309研究室,合肥,230037 3. 中国人民解放军73677部队,南京,210016 |
| 基金项目: | 国家自然科学基金资助项目(60972161) |
| 摘 要: | 缓冲区溢出漏洞一直是计算机安全威胁中最为严重的漏洞之一,在黑客发现利用前检测出漏洞并及时修复极为重要;基于多维Fuzzing设计和实现了一种缓冲区溢出漏洞挖掘模型MFBOF,应用输入样本结构知识、结合静态二进制分析技术和动态输入/输出测试技术,运用自适应模拟退火遗传算法生成测试用例进行测试,并以挖掘Libpng的漏洞为实例说明了该模型的有效性;最后,提出了模型需要优化的地方和下一步研究方向。 |
| 关 键 词: | 多维Fuzzing技术;缓冲区溢出;漏洞挖掘 |
Research for buffer overflow vulnerabilities based on multi-dimensional Fuzzing technology |
|
| XIA Jian-jun,SUN Le-chang,LIU Jing-ju,ZHANG Min,CAI Ming. Research for buffer overflow vulnerabilities based on multi-dimensional Fuzzing technology[J]. Application Research of Computers, 2011, 28(9): 3539-3541. DOI: 10.3969/j.issn.1001-3695.2011.09.095 | |
| Authors: | XIA Jian-jun SUN Le-chang LIU Jing-ju ZHANG Min CAI Ming |
| Affiliation: | XIA Jian-jun1a,SUN Le-chang1a,LIU Jing-ju1a,ZHANG Min1b,CAI Ming2 (1.a.Division 604,b.Division 309,Electronic Engineering Institute of PLA,Hefei 230037,China,2.No.73677 Troops of PLA,Nanjing 210016,China) |
| Abstract: | Buffer overflow(BOF) is always one of the most dangerous vulnerabilities to computer security.This paper proposed multi-dimentional Fuzzing of buffer overflow(MFBOF),which was based on multi-dimentional Fuzzing technology,combined the structure knowledge of target's input,static binary code analysis and dynamic I/O analysis technique,generated test cases using adaptive simulated annealing genetic algorithm.The results of testing Libpng validate that MFBOF is effective.At last,this paper gave its further imp... |
| Keywords: | multi-dimensional Fuzzing buffer overflow vulnerability mining |
| 本文献已被 CNKI 万方数据 等数据库收录! | |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 | |
| 点击此处可从《计算机应用研究》下载全文 | |