H-Fuzzing: A New Heuristic Method for Fuzzing Data Generation
نویسندگان
چکیده
How to efficiently reduce the fuzzing data scale while assuring high fuzzing veracity and vulnerability coverage is a pivotal issue in program fuzz test. This paper proposes a new heuristic method for fuzzing data generation named with H-Fuzzing. H-Fuzzing achieves a high program execution path coverage by retrieving the static information and dynamic property from the program. Our experiments evaluate H-Fuzzing, Java Path Finder (JPF) and random fuzzing method. The evaluation results demonstrate that H-Fuzzing can use fewer iterations and testing time to reach more test path coverage compared with the other two methods.
منابع مشابه
An Exploratory Survey of Hybrid Testing Techniques Involving Symbolic Execution and Fuzzing
Recent efforts in practical symbolic execution have successfully mitigated the path-explosion problem to some extent with search-based heuristics and compositional approaches. Similarly, due to an increase in the performance of cheap multi-core commodity computers, fuzzing as a viable method of random mutation-based testing has also seen promise. However, the possibility of combining symbolic e...
متن کاملA New Fuzzing Method Using Multi Data Samples Combination
* Corresponding Author Abstract-Knowledge-based Fuzzing technologies have been applied successfully in software vulnerability mining, however, its current methods mainly focus on Fuzzing target software using a single data sample with one or multi-dimension input mutation [1], and thus the vulnerability mining results are not stable, false negatives of vulnerability are high and the selection o...
متن کاملDetection and Mitigation of Web Application Vulnerabilities Based on Security Testing
The paper proposes a security testing technique to detect known vulnerabilities of web applications using both static and dynamic analysis. We also present a process to improve the security of web applications by mitigating many of the vulnerabilities revealed in the testing phase, and address a new method for detecting unknown vulnerabilities by applying dynamic black-box testing based on a fu...
متن کاملA New Fuzzing Technique for Software Vulnerability Mining
Test case mutation and generation (m&g) based on data samples is an effective way to generate test cases for Knowledge-based fuzzing, but present m&g technique is only capable of one-dimensional m&g at a time, based on a data sample, and thus it is impossible to find a vulnerability that can only be detected by multidimensional m&g. This paper proposes a mathematical model FTSG that formally de...
متن کاملProactive Security Testing and Fuzzing
Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flawless. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly insta...
متن کامل