• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学 ›› 2022, Vol. 44 ›› Issue (12): 2173-2186.

• 软件工程 • 上一篇    下一篇

模糊测试技术研究综述

牛胜杰1,李鹏2,张玉杰1,2   

  1. (1.南京邮电大学计算机学院,江苏 南京210023;2.江苏省无线传感网高技术研究重点实验室,江苏 南京 210023) 


  • 收稿日期:2021-08-17 修回日期:2022-03-18 接受日期:2022-12-25 出版日期:2022-12-25 发布日期:2023-01-04
  • 基金资助:
    国家自然科学基金(61872196,61872194,61902196,62102194,62102196);江苏省科技支撑计划(BE2019740,BK20200753,20KJB520001);江苏省高等学校自然科学研究重大项目(18KJA520008);江苏省六大人才高峰高层次人才项目(RJFW-111)

Survey on fuzzy testing technologies

NIU Sheng-jie1,LI Peng2,ZHANG Yu-jie1,2   

  1. (1.School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023;
    2.Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks,Nanjing 210023,China)
  • Received:2021-08-17 Revised:2022-03-18 Accepted:2022-12-25 Online:2022-12-25 Published:2023-01-04

摘要: 随着人们对软件系统安全问题关注度的不断提升,模糊测试作为一种用于安全漏洞检测的安全测试技术,具有自动化程度高、误报率低等优点,其应用越来越广泛,地位也越来越重要。经过近些年的不断改进,模糊测试无论在技术发展上还是在应用创新上,都取得了诸多成就。首先,对模糊测试的相关概念和基本理论进行简要说明,总结了模糊测试在各领域的应用情况,针对不同领域的漏洞挖掘需求,分析得出相应的模糊测试解决方案。其次,重点总结了近几年来模糊测试的重要发展成果,包括测试工具、框架、系统及方法的改进与创新,并分析总结了各发展成果所采用的创新方法,提出的理论以及各工具、系统的优点与不足。最后,分别从协议逆向工程应用、云平台建设、新兴技术结合、模糊测试对抗技术研究及模糊测试工具集成的角度,为模糊测试下一步的研究提供了方向参考。

关键词: 模糊测试, 漏洞挖掘, 软件测试, 协议测试

Abstract: As people pay more and more attention to software system security issues, fuzzy testing, as a security testing technology for security vulnerability detection, has become more and more widely used and more and more important due to its high degree of automation and low false alarm rate. After continuous improvement in recent years, fuzzy testing has achieved many achievements in both technical development and application innovation. Firstly, we briefly explain the related concepts and basic theories of fuzzing, summarize the application of fuzzy testing in various fields, and analyze the corresponding fuzzy testing solutions according to the needs of vulnerability mining in different fields. Then ,we focus on the important development results of fuzzy testing in recent years, including the improvement and innovation of testing tools, frameworks, systems, and methods. We also analyze and summarize the innovative methods and theories adopted by each development results, as well as the advantages and disadvantages of each tools and systems. Finally, from the perspectives of protocol reverse engineering application, cloud platform construction, emerging technology integration, fuzzy testing countermeasure technology research, and fuzzing tool integration, we provide direction reference for the further research of fuzzy testing.

Key words: fuzzy testing, vulnerability mining, software test, protocol test