Research on fuzzy test algorithm based on slight coding variation

• 1、School of Cyberspace Security, Beijing University of Post and Telecommunication，Beijing，100876

Abstract：An important direction of network space security is software security. Fuzzing is an important detection method of software vulnerability automated detection. In order to detect software vulnerabilities more efficiently and accurately, this paper studies and proposes a fuzzy testing technique for source code programs. In order to solve the problem that the sample variation is blind in the white box fuzzy test technology, which leads to the low efficiency of the variation, a fuzzy test sample generation algorithm based on mild coding variation is proposed and implemented in this paper. For the source code program to be tested, it relies on LLVM architecture for instruction piling and class comparison instruction hook to obtain the dynamic feedback information of fuzzy testing process. Furthermore, the test samples are mutated through lightweight coding to generate samples that can effectively cover more code paths and branches. The experimental results show that the fuzzy test method based on slight coding variation is better than the traditional fuzzy test tools AFL and AFLFast in discovering crash and new path.

Keywords： Fuzzing Code Coverage Mutation algorithm Dynamic Analysis