设计 任务书 文档 开题 答辩 说明书 格式 模板 外文 翻译 范文 资料 作品 文献 课程 实习 指导 调研 下载 网络教育 计算机 网站 网页 小程序 商城 购物 订餐 电影 安卓 Android Html Html5 SSM SSH Python 爬虫 大数据 管理系统 图书 校园网 考试 选题 网络安全 推荐系统 机械 模具 夹具 自动化 数控 车床 汽车 故障 诊断 电机 建模 机械手 去壳机 千斤顶 变速器 减速器 图纸 电气 变电站 电子 Stm32 单片机 物联网 监控 密码锁 Plc 组态 控制 智能 Matlab 土木 建筑 结构 框架 教学楼 住宅楼 造价 施工 办公楼 给水 排水 桥梁 刚构桥 水利 重力坝 水库 采矿 环境 化工 固废 工厂 视觉传达 室内设计 产品设计 电子商务 物流 盈利 案例 分析 评估 报告 营销 报销 会计
 首 页 机械毕业设计 电子电气毕业设计 计算机毕业设计 土木工程毕业设计 视觉传达毕业设计 理工论文 文科论文 毕设资料 帮助中心 设计流程 
垫片
您现在所在的位置:首页 >>电子电气毕业设计 >> 文章内容
                 
垫片
   我们提供全套毕业设计和毕业论文服务,联系微信号:biyezuopin QQ:2922748026   
基于AFL的覆盖引导模糊测试优化技术研究 参考文献+相关数据+相关图片+毕业答辩PPT+毕业论文初稿+毕业论文定稿+成果验收PPT+开题报告+开题答辩PPT+课题检查报告+论文自评表+评阅意见+万方检
文章来源:www.biyezuopin.vip   发布者:毕业作品网站  

基于AFL的覆盖引导模糊测试优化技术研究

摘  要

随着互联网的发展,应用软件已经渗透至各行各业,极大地方便人们的生产和生活,随之而来的是软件的安全问题。软件中的缺陷被称为漏洞,漏洞的存在除了影响软件的正常运行外,更大的威胁是被攻击者发现并利用,进而造成隐私泄露和财产损失。模糊测试作为一种自动化漏洞挖掘技术具有可扩展性强、专业要求低、适用性广等优势。覆盖引导模糊测试是模糊测试领域近几年来最成功的技术分支,它的核心思想是跟踪代码覆盖范围,并利用覆盖信息作为反馈来指导输入的生成,使测试朝着更高的代码覆盖率的方向前进。AFL是最流行的覆盖引导模糊测试器,其凭借高效性和易扩展性受到安全研究者的青睐,学术界已经形成了基于AFL的覆盖引导模糊测试技术生态圈。基于AFL的覆盖引导模糊测试主要包括预处理、种子选择、确定变异、随机变异、执行追踪和反馈指导六个模块,对以上任意一个模块进行合理地优化仍然可以提高模糊测试器的速度、效率或针对性。经过前期的调研分析工作发现技术生态圈仍然存在如下问题:第一,在随机变异阶段,现有随机变异调度策略无法为种子的每个变异位置选择最合适的变异算子。第二,在确定变异阶段存在大量的无效变异,将无效变异生成的测试用例输入到目标程序中执行会造成性能浪费。第三,在预处理阶段为目标程序插入的记录覆盖信息的桩代码存在哈希冲突,导致收集到的覆盖信息不准确。针对上述问题,本文分别设计了优化方案,并实现了新的模糊测试器,主要工作如下:

(1)提出基于强化学习的随机变异调度策略。变异调度是指随机变异阶段每一次变异时变异算子的选择,现有的变异调度策略能为不同种子选择出较适合的变异算子,但是无法为种子的每个变异位置选择最有效的变异算子,针对上述问题提出一种位置自适应变异调度策略,该技术通过一种自定义的双层多臂老虎机模型为变异位置和变异算子建立联系,并且采用置信区间上界算法解决模糊测试场景中的多臂老虎机问题。基于AFL实现了位置自适应的模糊测试器Position-Adaptive Mutation Scheduling Strategy AFL(PAMSSAFL),实验结果表明,位置自适应的变异调度策略能明显提升模糊测试器的bug发现能力和覆盖能力。

(2)提出轻量级自适应敏感区域确定变异技术。确定变异阶段存在大量无效变异,将无效变异生成的测试用例输入到目标程序中执行会造成性能浪费。针对上述问题提出一种自适应敏感区域变异算法,该算法将变异后执行新路径的字节标记为敏感字节,并基于敏感字节延展形成敏感区域,将后续变异限制在敏感区域内,并且根据测试用例的执行结果自适应地调整种子的敏感区域,实现减少无效变异的目的。此外,为了更深入地探索敏感区域,设计了新的种子选择策略和修剪策略来配合敏感区域变异。将自适应敏感区域变异算法集成到AFL中,并将其命名为Sensitive-region-based Mutation American Fuzzy Lop(SMAFL)。实验结果表明,自适应敏感区域变异算法能够提升模糊测试器的探索效率。

(3)提出基于位运算的覆盖信息记录方案。覆盖引导模糊测试利用覆盖信息指导探索方向,所以覆盖信息的准确性一定程度上决定了模糊测试器发现漏洞的能力。AFL利用一个位图存储边的命中次数作为覆盖信息,每条边都被随机分配到位图中的一个位置,并在该位置上记录命中次数。由于分配的随机性,不同的边可能在位图中的同一个位置存储命中计数,即发生哈希冲突。哈希冲突导致覆盖信息不准确,甚至可能影响模糊测试器的探索方向。针对上述问题,对造成哈希冲突的情况进行定量分析,根据分析结果提出了一种基于位运算的哈希冲突缓解方案,该方案将目标程序分为小型程序和大型程序,对小型程序采用位运算解决哈希冲突,对大型程序采用再哈希法缓解哈希冲突。在AFL之上实现该方案形成了BitAFL,实验结果表明该方案能为AFL提供更准确的覆盖信息并提升覆盖率。

(4)实现了新的覆盖引导模糊测试器Smart Coverage-guided Fuzzer(SmartCGF)。将基于强化学习的随机变异调度策略、轻量级自适应敏感区域确定变异技术和基于位运算的覆盖信息记录方案进行有机融合,实现了新的覆盖引导模糊测试器SmartCGF。实验结果表明,在可接受的额外开销的前提下,SmartCGF的漏洞挖掘能力和覆盖能力提升显著。

关键词:软件漏洞,漏洞挖掘,模糊测试,覆盖率,遗传算法,变异



Abstract

With the development of the Internet, application software has penetrated into all walks of life, greatly facilitating people's production and life, followed by software security issues. The defects in software are called bug. In addition to affecting the normal operation of software, the existence of bugs is more threatening to be found and used by attackers, thus causing privacy leakage and property losses. As an automated vulnerability mining technology, fuzzing has the advantages of strong scalability, low professional requirements, and wide applicability. Coverage-guided fuzzing is the most successful technology branch in the field of fuzzing in recent years. Its core idea is to track code coverage and use coverage information as feedback to guide the generation of input, so that testing moves towards higher code coverage. AFL is the most popular coverage-guided fuzzer, which is favored by security researchers because of its efficiency and scalability. The academic community has formed an AFL based coverage-guided fuzzing technology ecosystem. The coverage-guided fuzzing based on AFL mainly includes six modules: pretreatment, seed selection, deterministic mutation, random mutation, execution tracking and feedback guidance. Reasonable optimization of any of the above modules can still improve the speed, efficiency or pertinence of the fuzzer. After the previous research and analysis work, it is found that the following problems still exist in the technology ecosystem: First, in the random mutation stage, the existing random mutation scheduling strategy cannot select the most appropriate mutation operator for each mutation position of the seed. Second, there are a lot of invalid mutations in the deterministic mutation stage, and it will waste performance to input the test cases generated by invalid mutations into the target program for execution. Third, there is hash conflict in the instrumentation code inserted for the target program to record the coverage information in the preprocessing stage, resulting in inaccurate coverage information collected. In view of the above problems, this paper has designed optimization schemes and implemented new fuzzers. The main work is as follows:

(1) A random mutation scheduling strategy based on reinforcement learning is proposed. The mutation scheduling refers to the selection of mutation operators at each mutation in the random mutation stage. The existing mutation scheduling strategy can select more suitable mutation operator for different seeds, but it is unable to select the most effective mutation operator for each mutation position of a seed. To solve the above problem, a position-adaptive mutation scheduling strategy is proposed. This technology establishes the relationship between the mutation position and the mutation operator through a user-defined double-layer multi-armed bandit model, and uses the Upper Confidence Bound algorithm to solve the multi-armed bandit problem in the fuzzing scenario. PAMSSAFL(Position-Adaptive Mutation Scheduling Strategy AFL), a position-adaptive fuzzer, is implemented based on AFL. The experimental results show that the position-adaptive mutation scheduling strategy can significantly improve the bug detection ability and coverage ability of the fuzzer.

(2) A lightweight adaptive sensitive region determination mutation technique is proposed. There are a lot of invalid mutations in the deterministic mutation stage, and it will cause performance waste to input the test cases generated by the invalid mutations into the target program for execution. To solve the above problem, an adaptive sensitive region mutation algorithm is proposed. The algorithm marks the byte executing the new path after mutation as sensitive byte, and forms a sensitive region based on the extension of sensitive byte. The subsequent mutation is limited to the sensitive region, and the sensitive region of the seed is adaptively adjusted according to the execution results of the test case to reduce invalid mutations. In addition, in order to explore the sensitive region more deeply, new seed selection strategies and trimming strategies were designed to match the sensitive region mutation. The adaptive sensitive region mutation algorithm is integrated into AFL and named Sensitive-region-based Mutation AFL (SMAFL). The experimental results show that the adaptive sensitive region mutation algorithm can improve the exploration efficiency of the fuzzer.

(3) A coverage information recording scheme based on divide and conquer is proposed. Coverage-guided fuzzing uses coverage information to guide the direction of exploration, so the accuracy of coverage information to some extent determines the ability of fuzzers to detect vulnerabilities. AFL uses a bitmap to store the hit counts of edges as coverage information. Each edge is randomly assigned to a location in the bitmap, and the hit counts are recorded at that location. Due to the randomness of the allocation, different edges may store hit counts at the same location in the bitmap, that is, hash conflicts occur. Hash conflict leads to inaccurate coverage information and may even affect the exploration direction of the fuzzer. In view of the above problems, a quantitative analysis of the situation that causes hash conflict is carried out. According to the analysis results, a hash conflict mitigation scheme based on bit operation is proposed. The scheme divides the target program into small programs and large programs. For small programs, bit operation is used to solve hash conflict, and for large programs, rehash method is used to alleviate hash conflict. The scheme is implemented on top of AFL to form BitAFL. Experimental results show that the scheme can provide more accurate coverage information for AFL and improve coverage.

(4) A smart coverage-guided fuzzer (SmartCGF) is implemented. By organically integrating the random mutation scheduling strategy based on reinforcement learning, the lightweight adaptive sensitive region determination mutation technology and the coverage information recording scheme based on divide and conquer, the smart coverage-guided fuzzer SmartCGF is realized. The experimental results show that under the premise of acceptable additional overhead, the vulnerability mining ability and coverage ability of SmartCGF are significantly improved.

Key words:Software vulnerability, vulnerability mining, fuzzing, coverage, genetic algorithm, mutation



目  录

摘  要

Abstract

目  录

图  录

表  录

第一章 绪论

1.1  研究背景与意义

1.2  研究现状

1.3  研究内容

1.4  章节安排

第二章 覆盖引导模糊测试技术介绍及相关研究

2.1  覆盖引导模糊测试

2.2  相关研究

2.2.1  预处理

2.2.2  种子选择

2.2.3  确定变异

2.2.4  随机变异

2.2.5  执行追踪

2.2.6  反馈指导

2.3  存在的问题

2.4  本章小结

第三章 基于强化学习的随机变异调度策略

3.1  概述

3.2  种子自适应变异调度策略

3.3  位置自适应变异调度策略

3.3.1  自定义双层多臂老虎机

3.3.2  强化学习算法

3.4  PAMSSAFL

3.5  实验评估

3.5.1  实验设置

3.5.2  bug发现能力

3.5.3  覆盖能力

3.6  本章小结

第四章 轻量级自适应敏感区域确定变异技术

4.1  概述

4.2  研究动机

4.3  自适应敏感区域变异算法

4.3.1  形式化定义

4.3.2  算法流程

4.3.3  基于敏感区域的种子选择策略

4.3.4  基于敏感区域的修剪策略

4.4  SMAFL

4.5  实验评估

4.5.1  实验设置

4.5.2  实验结果

4.6  本章小结

第五章 基于位运算的覆盖信息记录方案

5.1  概述

5.2  背景知识介绍

5.2.1  哈希冲突

5.2.2  局部冲突与全局冲突

5.3  冲突情况剖析

5.4  基于位运算的覆盖信息记录方案

5.4.1  朴素的解决方案

5.4.2  位运算和再哈希法

5.4.3  存储过程

5.5  BitAFL

5.5.1  整体流程

5.5.2  实现细节

5.6  实验评估

5.6.1  实验设置

5.6.2  实验结果

5.7  本章小结

第六章 覆盖引导模糊测试器SmartCGF

6.1  系统流程

6.2  实验评估

6.2.1  实验设置

6.2.2  漏洞挖掘能力

6.2.3  覆盖能力

6.2.4  吞吐量

6.3  本章小结

第七章 总结与展望

7.1  本文工作总结

7.2  下一步工作展望

致  谢

参考文献

































  全套毕业设计论文现成成品资料请咨询微信号:biyezuopin QQ:2922748026     返回首页 如转载请注明来源于www.biyezuopin.vip  

                 

打印本页 | 关闭窗口
本类最新文章
基于PLC的立体式仓库控制系统设 基于PLC的温室大棚控制系统设计 基于西门子S7-200PLC四层
基于PLC的鸡禽自动喂食机控制系 基于PLC的智能楼宇消防控制系统 三菱FX2N PLC在5层电梯逻
| 关于我们 | 友情链接 | 毕业设计招聘 |

Email:biyeshejiba@163.com 微信号:biyezuopin QQ:2922748026  
本站毕业设计毕业论文资料均属原创者所有,仅供学习交流之用,请勿转载并做其他非法用途.如有侵犯您的版权有损您的利益,请联系我们会立即改正或删除有关内容!