基于文件格式信息的改进模糊测试方法

本文针对盲目变异的模糊测试策略带来的效率低下的问题，综合程序控制流图、输入种子样本特征、异常样本发现、模糊测试器路径反馈等信息，提出一种更为有效的种子输入变异策略.本文通过不断监控种子文件在目标程序中的执行路径，并引入污点分析的方法，以建立起新增执行路径的起始语句与种子文件中关键字节的一对多映射关系.最终本文将根据这种映射关系对种子文件中的能够增加路径覆盖的字节进行变异，以期得到更有效率的模糊测试结果.我们的实验表明，增加定向变异之后的模糊测试器在代码覆盖率，以及模糊测试的效率上都有较为显著的提升.

File-Type-Based Method to Improve Fuzz Testing

To solve the problem of low efficiency caused by random mutation, a more effective mutation strategy is proposed in this study. The proposed approach synthesizes different kinds of information to help the Fuzzer mutate seed file, i.e., the CFG of program, the characteristics of input seed file, the information of abnormal input detection, and the branch courage of the Fuzzer. Based on this strategy, we design a new Fuzzer which continuously monitors the execution path of each seed file used as input of target program. Meanwhile, as most path constraints depend on only a few bytes in the input, periodical byte-level taint tracking will be necessary in the whole fuzzing process. After all this, we can infer a one-to-many mapping relation between the new execution path and key bytes in seed files, which can highlight the target start-end tuples of the seed file with more possibility to explore new branches in the target program to mutate. The result shows our design can improve the branch coverage of target program and the efficient of Fuzzing.