Abstract
Knowledge-based Fuzzing technology successfully applies in software vulnerability mining, however, current Fuzzing technology mainly focuses on fuzzing target software based on single data sample and thus the vulnerability mining results are not stable, false negatives of vulnerability are high and the selection of data sample depends on people's analysis. To solve these problems, this paper proposes a model named Fuzzing Test Suite Generation model based on data sample combination (FTSGc) which can automatically select data samples combination from large scale data sample set to fuzz target software. To solve Data Sample Combination Problem (DSCP), this paper proposes a method of covering all possible basic blocks in Control Flow Graph (CFG) with minimum running cost and gives a theorem named Maximum Degree Coverage (MFD) to select data sample combination and gets the conclusion that DSCP is actually the Set Covering Problem (SCP). Practical experiment results show that the proposed Fuzzing technology which selects automatically data sample combination based on CFG works much better than current Fuzzing technology on both the Ability of Vulnerability Mining (AVM) and the Efficiency of Vulnerability Mining (EVM).
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call