Journal of Information Security Reserach ›› 2022, Vol. 8 ›› Issue (7): 643-.

Previous Articles     Next Articles

Survey of Coverage-guided Grey-box Fuzzing

  

  • Online:2022-07-04 Published:2022-07-04

覆盖率引导的灰盒模糊测试综述

苏文超, 费洪晓   

  1. (中南大学计算机学院长沙410083)
  • 通讯作者: 苏文超 主要研究方向为软件安全. 1372088035@qq.com
  • 作者简介:苏文超 主要研究方向为软件安全. 1372088035@qq.com 费洪晓 硕士生导师.主要研究方向为大数据智能、软件工程、信息安全. hxfei@csu.edu.cn

Abstract: In recent years, coverageguided greybox fuzzing has become one of the most popular techniques for vulnerability mining, which plays an increasingly important role in the software security industry. With the increasing variety of application scenarios and complexity of test applications, the performance requirements of coverageguided greybox fuzzing are further improved. This paper studies the existing coverageguided greybox fuzzing methods, summarizes its general framework, and analyzes its challenges and the development status. The experimental results of these methods are summarized and the problems existing in the experimental evaluation are discussed. Finally, the future development trend of coverageguided greybox fuzzing is prospected.Key words fuzzing; hole mining; coverageguided; greybox; software security


Key words: fuzzing, hole mining, coverageguided, greybox, software security

摘要: 近年来,覆盖率引导的灰盒模糊测试成为流行的漏洞挖掘技术之一,在软件安全行业发挥着日趋重要的作用.随着模糊测试应用场景越来越多样、应用程序越来越复杂,对模糊测试的性能要求也进一步提高.对现有的覆盖率引导的灰盒模糊测试方法进行研究,总结了其通用框架;对其面临的挑战及发展现状进行了分析;总结了这些方法的实验效果并讨论其实验评估所存在的问题;最后对未来发展趋势进行了展望.关键词模糊测试;漏洞挖掘;覆盖率引导;灰盒;软件安全

关键词: 模糊测试, 漏洞挖掘, 覆盖率引导, 灰盒, 软件安全