信息安全研究 ›› 2022, Vol. 8 ›› Issue (7): 643-.
• 自动化漏洞挖掘与攻击检测专题 • 上一篇 下一篇
苏文超, 费洪晓
(中南大学计算机学院长沙410083)
出版日期:
发布日期:
通讯作者:
作者简介:
Online:
Published:
摘要: 近年来,覆盖率引导的灰盒模糊测试成为流行的漏洞挖掘技术之一,在软件安全行业发挥着日趋重要的作用.随着模糊测试应用场景越来越多样、应用程序越来越复杂,对模糊测试的性能要求也进一步提高.对现有的覆盖率引导的灰盒模糊测试方法进行研究,总结了其通用框架;对其面临的挑战及发展现状进行了分析;总结了这些方法的实验效果并讨论其实验评估所存在的问题;最后对未来发展趋势进行了展望.关键词模糊测试;漏洞挖掘;覆盖率引导;灰盒;软件安全
关键词: 模糊测试, 漏洞挖掘, 覆盖率引导, 灰盒, 软件安全
Abstract: In recent years, coverageguided greybox fuzzing has become one of the most popular techniques for vulnerability mining, which plays an increasingly important role in the software security industry. With the increasing variety of application scenarios and complexity of test applications, the performance requirements of coverageguided greybox fuzzing are further improved. This paper studies the existing coverageguided greybox fuzzing methods, summarizes its general framework, and analyzes its challenges and the development status. The experimental results of these methods are summarized and the problems existing in the experimental evaluation are discussed. Finally, the future development trend of coverageguided greybox fuzzing is prospected.Key words fuzzing; hole mining; coverageguided; greybox; software security
Key words: fuzzing, hole mining, coverageguided, greybox, software security
苏文超, 费洪晓. 覆盖率引导的灰盒模糊测试综述[J]. 信息安全研究, 2022, 8(7): 643-.
0 / / 推荐
导出引用管理器 EndNote|Ris|BibTeX
链接本文: http://www.sicris.cn/CN/
http://www.sicris.cn/CN/Y2022/V8/I7/643
