Journal of Information Security Reserach ›› 2024, Vol. 10 ›› Issue (7): 668-.

Previous Articles     Next Articles

Research Advance and Challenges of Fuzzing Techniques

Wang Meiqin, Xia Yang, Jia Qiong, Chen Zhihao, and Liu Mingzhe   

  1. (Beijing Institute of Computer Technology and Applications, Beijing 100854)
  • Online:2024-07-14 Published:2024-07-18

模糊测试技术的研究进展与挑战

汪美琴夏旸贾琼陈志浩刘明哲   

  1. (北京计算机技术及应用研究所北京100854)
  • 通讯作者: 汪美琴 硕士,助理工程师.主要研究方向为模糊测试、漏洞挖掘. 1569677451@qq.com
  • 作者简介:硕士,助理工程师.主要研究方向为模糊测试、漏洞挖掘. 1569677451@qq.com 夏旸 硕士,高级工程师.主要研究方向为网络安全、密码通信. 15810194836@139.com 贾琼 硕士,高级工程师.主要研究方向为网络与信息安全. 821825059@qq.com 陈志浩 硕士,研究员.主要研究方向为网络与信息安全. czh8553@sina.com 刘明哲 硕士,助理工程师.主要研究方向为网络空间安全. arthur_lmz@126.com

Abstract: Fuzzing. as an efficient vulnerability discovery technique, has garnered increasing attention from researchers due to its rapid development in recent years. To delve deeper into fuzzing techniques, this paper introduces its definition and analyzes the advantages and disadvantages. It summarizes the research progress of fuzzing techniques from various perspectives, including energy scheduling for seed selection, test case mutation algorithms, fuzzy test execution performance, mixed fuzzy testing. Furthermore, it compares the improvement points and shortcomings of different fuzzing studies, and further proposes suggestions for future development. Additionally, the paper describes the research achievements of fuzzing in vulnerability discovery in the fields of operating system kernel, network protocol, firmware, and deep learning. Finally the paper concludes with a summary and offers insights into the future challenges and research hotspots of fuzzing.

Key words: fuzzy testing, vulnerability mining, network security, reverse analysis, Vulnerability verification

摘要: 模糊测试作为一种高效的漏洞挖掘技术,近年来发展快速,受到了越来越多研究人员的广泛关注.为了深入研究模糊测试技术,介绍了模糊测试的定义,分析了优点和缺点;从种子选择的能量调度、测试用例变异算法、模糊测试执行性能、混合模糊测试等方面,总结了模糊测试的研究进展,比较了各项研究的改进点和不足,进一步提出了模糊测试未来改进的建议;描述了模糊测试在操作系统内核、协议、固件、深度学习等领域的漏洞挖掘研究成果;对模糊测试未来的挑战和研究热点提出一些思考.

关键词: 模糊测试, 漏洞挖掘, 网络安全, 逆向分析, 漏洞验证

CLC Number: