| 多维Fuzzing技术综述* |
| |
| 引用本文: | 吴志勇,夏建军,孙乐昌,张旻b. 多维Fuzzing技术综述*[J]. 计算机应用研究, 2010, 27(8): 2810-2813. DOI: 10.3969/j.issn.1001-3695.2010.08.002 |
| |
| 作者姓名: | 吴志勇 夏建军 孙乐昌 张旻b |
| |
| 作者单位: | 1. 解放军电子工程学院604研究室,合肥,230037
2. 解放军电子工程学院309研究室,合肥,230037 |
| |
| 基金项目: | 国家自然科学基金资助项目(60972161);解放军电子工程学院博士生创新基金资助项目(CX2007016) |
| |
| 摘 要: | Fuzzing技术是一项有效的动态漏洞挖掘技术,但是当前对多维Fuzzing技术的研究还不多见。把多维Fuzzing技术面临的问题归纳为组合爆炸、覆盖脆弱语句和触发潜在漏洞三个问题,对存在的多种多维Fuzzing技术进行了研究和比较,并总结出多维Fuzzing技术的三个基本步骤:定位脆弱语句、查找影响脆弱语句的输入元素和多维Fuzzing测试挖掘脆弱语句中的漏洞。最后,给出了多维Fuzzing技术的进一步发展方向。
|
| 关 键 词: | 多维Fuzzing技术; 组合爆炸; 演化测试; 遗传算法 |
Survey of multi-dimensional Fuzzing technology |
| |
| WU Zhi-yong,XIA Jian-jun,SUN Le-chang,ZHANG Minb. Survey of multi-dimensional Fuzzing technology[J]. Application Research of Computers, 2010, 27(8): 2810-2813. DOI: 10.3969/j.issn.1001-3695.2010.08.002 |
| |
| Authors: | WU Zhi-yong XIA Jian-jun SUN Le-chang ZHANG Minb |
| |
| Affiliation: | (a. Division 604, b. Division 309, Electronic Engineering Institute of PLA, Hefei 230037, China) |
| |
| Abstract: | Fuzzing is an effective dynamic vulnerability mining technology, however, there is not too much research on multi-dimensional Fuzzing. This paper concluded that the problems of multi-dimensional Fuzzing included combinational explosion, covering vulnerable statements and triggering suspend vulnerabilities. Gave a research and a comparison on existing multi-dimensional Fuzzing technologies and got that they could be divided into three basic steps: locating vulnerable statements, finding input elements which influenced corresponding vulnerable statements and finding the vulnerabilities with multi-dimensional Fuzzing technology. At last, gave its further improvement directions. |
| |
| Keywords: | multi-dimensional Fuzzing combination explosion evolutionary testing genetic algorithm |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
