SmartSeed:一种面向模糊测试的智能化种子生成策略

基于变异的模糊测试工具能通过变异初始种子文件来生成许多输入文件(测试样例),使用这些输入文件测试目标程序,挖掘程序的潜在崩溃.现存的种子选择策略的效率似乎并不比随机选择种子文件作为初始种子集更高效.因此,提出一种新颖、通用的模糊测试种子生成系统SmartSeed,用以提升模糊测试的效率.将SmartSeed与AFL结合,在12个具有不同输入文件格式的开源程序上测试其漏洞挖掘性能,进一步将SmartSeed与其它模糊测试工具结合以测试其兼容性.通过实验测试,SmartSeed被证明具有:①SmartSeed能生成具有不同输入格式的种子文件,并能在绝大多数测试程序上显著提升模糊测试工具的漏洞挖掘效率;②SmartSeed与现行主流模糊测试工具能够很好兼容.实验结果表明,SmartSeed可比现存最优种子选择策略多发现超过一倍数量的程序崩溃,并多发现5040条执行路径.根据SmartSeed的报告结果,申请得到16个新的漏洞CVE编号.

SmartSeed:Smart seed generation strategy for fuzzing testing

Mutation-based fuzzers can mutate the initial seed files to obtain a number of inputs,which are used to test the application in order to trigger potential crashes.As shown in existing literature,seed selection is crucial for fuzzing efficiency.However,current seed selection strategies seem not to be better than randomly picking seed files.Therefore,a novel and generic system,named SmartSeed,to generate seed files towards efficient fuzzing is proposed.We evaluate SmartSeed along with American Fuzzy Lop (AFL) on 12 open-source applications with input formats of mp3,bmp or flv.We also combine SmartSeed with different fuzzers to examine its compatibility.From extensive experiments,SmartSeed has the following advantages:① It can generate seeds with different input formats and significantly improves the fuzzing performance on most applications;② SmartSeed is compatible to different fuzzers.In total,SmartSeed finds more than twice unique crashes and 5040 extra paths than the existing best strategy on 12 applications.From the crashes found by SmartSeed,we discover 16 unreported CVEs.