Proj THUDBFuzz Paper Reading: A Review of Machine Learning Applications in Fuzzing

标签：view   程序   sts   lips   hat   cut   oca   平衡   int   

2 Overview of Fuzzing

Generation-based fuzzer

Peach, Sulley

Evolutionary Fuzzers

honggfuzz, AFL, libFuzzer

Mutation-based fuzzers

1. where to mutate
2. what new value to use for the mutation

常用变异方法: 随机生成，specific bit flips, integer increments, integer bound analysis, substitution

Symbolic Execution

1. Driller
2. SAGE

需要平衡符号执行的代价,The computational costs and path explosion remain significant hurdles.

Input test scheduling

FuzzSim: 能够通过多次迭代使用输入的性能信息快速比较选择输入的策略
SEC Consult通过人工分析忽略输入空间的一部分

Interesting Program State

1. Valgrind等可以在程序没有崩溃的时候检测到memory corruption
2. Heelan等使用fuzzing来确定潜在的memory allocators

The definition of what an interesting program state should be remains a research challenge

Evaluate Inputs

libFuzzer使用data coverage，如果一个输入引起新数据值出现在之前已经比较过的comparison中，也会有很高的打分

3. Applications of Machine Learning to Fuzzing

AFL就使用了genetic Algorithm来做input generation；
已有不少研究用来减少符号执行中constraint equation 处理的时间，crash triage（确定一大堆有趣的程序状态中和bug相关的）， root cause categoritzation

Generate Inputs

Proj THUDBFuzz Paper Reading: A Review of Machine Learning Applications in Fuzzing

标签：view   程序   sts   lips   hat   cut   oca   平衡   int   

原文地址：https://www.cnblogs.com/xuesu/p/14509932.html