模糊测试基本流程
改进点
1 改进种子生成方法:
[1] J. Wang, B. Chen, L. Wei, and Y. Liu, “Skyfire: Data- driven seed generation for fuzzing,” in S&P, 2017.
[2] M. Woo, S. K. Cha, S. Gottlieb, and D. Brumley, “Scheduling black-box mutational fuzzing,” in CCS, 2013.
[3] A.Rebert,S.K.Cha,T.Avgerinos,J.Foote,D.Warren, G. Grieco, and D. Brumley, “Optimizing seed selection for fuzzing.” in USENIX, 2014.
[4] S. Gan, C. Zhang, X. Qin, X. Tu, K. Li, Z. Pei, and Z. Chen, “Collafl: Path sensitive fuzzing,” in S&P, 2018.
[5] S. Rawat, V. Jain, A. Kumar, L. Cojocar, C. Giuffrida, and H. Bos, “Vuzzer: Application-aware evolutionary fuzzing,” in NDSS, 2017.
2 改进种子选择策略
[6] M. Bo ̈hme, V.-T. Pham, and A. Roychoudhury, “Coverage-based greybox fuzzing as markov chain,” in CCS, 2016.
[7] K. Bo ̈ttinger, P. Godefroid, and R. Singh, “Deep rein- forcement fuzzing,” arXiv preprint arXiv:1801.04589, 2018.
[8] W. Drozd and M. D. Wagner, “Fuzzergym: A competitive framework for fuzzing and learning,” arXiv preprint arXiv:1807.07490, 2018.
[9] P. Chen and H. Chen, “Angora: Efficient fuzzing by principled search,” in S&P, 2018.
3 提高测试速度和代码覆盖率
[10] Y. Li, B. Chen, M. Chandramohan, S.-W. Lin, Y. Liu, and A. Tiu, “Steelix: program-state based binary fuzzing,” in FSE, 2017.
[11] H. Peng, Y. Shoshitaishvili, and M. Payer, “T-fuzz: fuzzing by program transformation,” in S&P, 2018.
[12] W. Xu, S. Kashyap, C. Min, and T. Kim, “Designing new operating primitives to improve fuzzing perfor- mance,” in CCS, 2017.
[13] I. Haller, A. Slowinska, M. Neugschwandtner, and H. Bos, “Dowsing for overflows: a guided fuzzer to find buffer boundary violations.” in USENIX, 2013.
4 将其他技术与模糊测试技术相结合
[14] S. K. Cha, M. Woo, and D. Brumley, “Program- adaptive mutational fuzzing,” in S&P, 2015.
[15] N. Stephens, J. Grosen, C. Salls, A. Dutcher, R. Wang, J. Corbetta, Y. Shoshitaishvili, C. Kruegel, and G. Vi- gna, “Driller: Augmenting fuzzing through selective symbolic execution.” in NDSS, 2016.
5 改进突变因子调度策略
MOPT: Optimize Mutation Scheduling for Fuzzers