Abstract
Knowledge-based Fuzzing technology successfully applies in software vulnerability mining, however, current Fuzzing technology mainly focuses on fuzzing target software based on single data sample and thus the vulnerability mining results are not stable, false negatives of vulnerability are high and the selection of data sample depends on people's analysis. To solve these problems, this paper proposes a model named Fuzzing Test Suite Generation model based on data sample combination (FTSGc) which can automatically select data samples combination from large scale data sample set to fuzz target software. To solve Data Sample Combination Problem (DSCP), this paper proposes a method of covering all possible basic blocks in Control Flow Graph (CFG) with minimum running cost and gives a theorem named Maximum Degree Coverage (MFD) to select data sample combination and gets the conclusion that DSCP is actually the Set Covering Problem (SCP). Practical experiment results show that the proposed Fuzzing technology which selects automatically data sample combination based on CFG works much better than current Fuzzing technology on both the Ability of Vulnerability Mining (AVM) and the Efficiency of Vulnerability Mining (EVM).
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
