计算机工程与科学 ›› 2022, Vol. 44 ›› Issue (12): 2173-2186.
牛胜杰1,李鹏2,张玉杰1,2
收稿日期:
2021-08-17
修回日期:
2022-03-18
接受日期:
2022-12-25
出版日期:
2022-12-25
发布日期:
2023-01-04
基金资助:
NIU Sheng-jie1,LI Peng2,ZHANG Yu-jie1,2
Received:
2021-08-17
Revised:
2022-03-18
Accepted:
2022-12-25
Online:
2022-12-25
Published:
2023-01-04
摘要: 随着人们对软件系统安全问题关注度的不断提升,模糊测试作为一种用于安全漏洞检测的安全测试技术,具有自动化程度高、误报率低等优点,其应用越来越广泛,地位也越来越重要。经过近些年的不断改进,模糊测试无论在技术发展上还是在应用创新上,都取得了诸多成就。首先,对模糊测试的相关概念和基本理论进行简要说明,总结了模糊测试在各领域的应用情况,针对不同领域的漏洞挖掘需求,分析得出相应的模糊测试解决方案。其次,重点总结了近几年来模糊测试的重要发展成果,包括测试工具、框架、系统及方法的改进与创新,并分析总结了各发展成果所采用的创新方法,提出的理论以及各工具、系统的优点与不足。最后,分别从协议逆向工程应用、云平台建设、新兴技术结合、模糊测试对抗技术研究及模糊测试工具集成的角度,为模糊测试下一步的研究提供了方向参考。
牛胜杰, 李鹏, 张玉杰, . 模糊测试技术研究综述[J]. 计算机工程与科学, 2022, 44(12): 2173-2186.
NIU Sheng-jie, LI Peng, ZHANG Yu-jie, . Survey on fuzzy testing technologies[J]. Computer Engineering & Science, 2022, 44(12): 2173-2186.
[1] | Miller B P,Fredriksen L,So B.An empirical study of the reliability of UNIX utilities[J].Communications of the ACM,1990,33(12):32-44. |
[2] | Miller B P.Fuzz Revisited:A re-examination of the reliability of UNIX utilities and services[J/OL].[2001-12-09].ftp://grilled.cs.wisc.edu/technical_papers/fuzz-revisited.ps.Z. |
[3] | Kaksonen R,Laakso M,Takanen A.System security assessment through specification mutations and fault injection[C]∥Proc of International Conference on Communications and Multimedia Security Issues of the New Century, 2001:27. |
[4] | Aitel D.The advantages of block-based protocol analysis for security testing[Z].USA:Immunity Inc,2002. |
[5] | Gao Jun, Xu Zhi-da, Li Jian. Research on fuzzing test for compound cocument[J].Computer & Digital Engineering,2008,36(12):116-119.(in Chinese) |
[6] | Ganesh V,Leek T,Rinard M.Taint-based directed whitebox fuzzing[C]∥Proc of the 31st IEEE International Conference on Software Engineering,2009:474-484. |
[7] | Wang T,Tao W,Gu G,et al.TaintScope:A checksum-aware directed fuzzing tool for automatic software vulnerability detection[C]∥Proc of the IEEE Symposium on Security and Privacy,2010:497-512. |
[8] | Zhu X Y,Wu Z Y,Atwood J W.A new fuzzing method using multi data samples combination[J].Journal of Computers,2011,6(5):881-888. |
[9] | Fratantonio Y,Bianchi A,Robertson W,et al.TriggerScope:Towards detecting logic bombs in Android applications[C] ∥Proc of the IEEE Symposium on Security and Privacy,2016:377-396. |
[10] | Zhang Y,Yang M,Yang Z,et al.Permission use analysis for vetting undesirable behaviors in Android apps[J].IEEE Transactions on Information Forensics and Security,2014,9(11):1828-1842. |
[11] | Fu H,Hu P,Zheng Z,et al.Towards automatic detection of nonfunctional sensitive transmissions in mobile applications[J].IEEE Transactions on Mobile Computing,2021,20(10):3066-3080. |
[12] | Wang X,Yang Y,Zhu S.Automated hybrid analysis of android malware through augmenting fuzzing with forced execution[J].IEEE Transactions on Mobile Computing,2019,18(12):2768-2782. |
[13] | Wang Kai, Liu Qi-xu, Zhang Yu-qing. Android inter- application communication vulnerability mining technique based on fuzzing[J].Journal of University of Chinese Aca- demy of Sciences,2014,31(6):827-835.(in Chinese) |
[14] | Zhang Mi,Yang Li,Zhang Jun-wei.FuzzerAPP:The robustness test of application component communication in Android[J].Journal of Computer Research and Development,2017,54(2):338-347.(in Chinese) |
[15] | Zhao Sai,Liu Hao,Wang Yu-feng,et al.Fuzz testing of Android inter-component communication[J].Computer Science,2020,47(S2):303-309.(in Chinese) |
[16] | He Yuan,Zhang Yu-qing,Zhang Guang-hua.Android driver vulnerability discovery based on black-box genetic algorithm[J].Chinese Journal of Computers,2017,40(5):1031-1043.(in Chinese) |
[17] | Din F,Zamli K.Fuzzy adaptive teaching learning-based optimization strategy for GUI functional test cases generation[C]∥Proc of the 7th International Conference on Software and Computer Applications,2018:92-96. |
[18] | Zhang Xing,Feng Chao,Lei Jing,et al.Real time idle state decection method in fuzzing test in GUI program[J].Journal of Software,2018,29(5):1288-1302.(in Chinese) |
[19] | Zalewski M. American fuzzy lop [CP/OL].[2021-08-14]. https://lcamtuf.coredump.cx/afl/. |
[20] | Huo Wei,Dai Ge,Shi Ji,et al.Browser fuzzing technology based on pattern-generation[J].Journal of Software,2018,29(5):1275-1287.(in Chinese) |
[21] | Li Wei-ming, Zhang Ai-fang,Liu Jian-cai,et al.An automa- tic network protocol fuzz testing and vulnerability discover- ing method[J].Chinese Journal of Computers,2011,34(2):242-255.(in Chinese) |
[22] | Ma R,Ren S M,Ma K,et al.Semi-valid fuzz testing case generation for stateful network protocol[J].Tsinghua Science and Technology,2017,22(5):458-468. |
[23] | Walz A, Sikora A.Exploiting dissent:Towards fuzzing-based differential black-box testing of TLS implementations[J].IEEE Transactions on Dependable and Secure Comput- ing,2020,17(2):278-291. |
[24] | Ma R,Wang D,Hu C,et al.Test data generation for stateful network protocol fuzzing using a rule-based state machine[J].Tsinghua Science and Technology,2016,21(3):352-360. |
[25] | Tacliad F,Nguyen T,Gondree M.DoS exploitation of allen-bradley's legacy protocol through fuzz testing[C]∥Proc of the 3rd Annual Industrial Control System Security Workshop,2017:24-31. |
[26] | Zhang Ya-feng,Hong Zheng,Wu Li-fa,et al.Protocol state based fuzzing method for industrial control protocol[J].Computer Science,2017,44(5):132-140.(in Chinese) |
[27] | Kim S, Jo W, Shon T.A novel vulnerability analysis approach to generate fuzzing test case in industrial control systems[C] ∥Proc of the IEEE Information Technology,Networking,Electronic and Automation Control Conference,2016:566-570. |
[28] | Li H F,Wang S L,Zhang B, et al.Network protocol security testing based on fuzz[C]∥Proc of the 4th International Conference on Computer Science and Network Technology,2015:955-958. |
[29] | Wang W,Sun H,Zeng Q.SeededFuzz:Selecting and generat- ing seeds for directed fuzzing[C]∥Proc of the 10th International Symposium on Theoretical Aspects of Software Engineering,2016:49-56. |
[30] | Li Jia-li,Chen Yong-le,Li Zhi,et al.Mining RTSP protocol vulnerabilities based on traversal of protocol state graph[J].Computer Science,2018,45(9):171-176.(in Chinese) |
[31] | Zhang Wei-yao,Zhang Lei,Mao Jian-ling,et al.An automated method of unknown protocol fuzzing test[J].Chinese Journal of Computers,2020,43(4):653-667.(in Chinese) |
[32] | Peng C, Rajan A.Automated test generation for OpenCL kernels using fuzzing and constraint solving[C]∥Proc of the 13th Annual Workshop on General Purpose Processing using Graphics,2020:61-70. |
[33] | Wang Ying,Wang Bing-qing,Guan Yong,et al.Differential fuzz testing of robot operating system[J].Journal of Software,2021,32(6):1867-1881.(in Chinese) |
[34] | Sha Le-tian, Xiao Fu,Yang Hong-ke,et al.Vulnerability discovery method for virtualization in IaaS based on self- adapting fuzzing test[J].Journal of Software,2018,29(5):1303-1317.(in Chinese) |
[35] | Gao J,Xu Y,Jiang Y,et al.EM-Fuzz:Augmented firmware fuzzing via memory checking[J].IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems,2020,39(11):3420-3432. |
[36] | Shukla A, Saidi S J,Schmid S,et al.Toward consistent SDNs:A case for network state fuzzing[J].IEEE Transactions on Network and Service Management,2020,17(2):668-681. |
[37] | Zhang Q,Wang J,Gulzar M A,et al.BigFuzz:Efficient fuzz testing for data analytics using framework abstraction[C]∥Proc of the 35th IEEE/ACM International Conference on Automated Software Engineering,2020:722-733. |
[38] | Li Wei-ming,Yu Jun-qing,Ai Shao-bo.PyFuzzer:Automatic in-memory fuzz testing method[J].Journal on Communications,2013,34(S2):64-68.(in Chinese) |
[39] | Wang Ying,Gu Li-ze,Yang Yi-xian,et al.EWFT:Execution whitebox fuzzing for executables[J].Chinese Journal of Electronics,2014,42(10):2016-2023.(in Chinese) |
[40] | Wen C,Wang H,Li Y,et al.MEMLOCK:Memory usage guided fuzzing[C]∥Proc of the 42nd IEEE/ACM International Conference on Software Engineering,2020:765-777. |
[41] | Fu Y,Ren M,Ma F,et al.EVMFuzzer:Detect EVM vulnerabilities via fuzz testing[C]∥Proc of the 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering,2019:1110-1114. |
[42] | Kargén U,Shahmehri N.Turning programs against each other:High coverage fuzz-testing using binary-code mutation and dynamic slicing[C]∥Proc of the 10th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering,2015:782-792. |
[43] | Le De-guang,Gong Sheng-rong,Wu Shao-gang,et al.Research on RTF array overflow vulnerability detection [J].Journal on Communications,2017,38(5):96-107.(in Chinese) |
[44] | Lemieux C,Sen K.FairFuzz:A targeted mutation strategy for increasing greybox fuzz testing coverage[C]∥Proc of the 33rd ACM/IEEE International Conference on Automated Software Engineering,2018:475-485. |
[45] | Jiang H, Chen X, He T, et al. Fuzzy clustering of crowdsourced test reports for apps[J].ACM Transactions on Internet Technology,2018,18(2):1-28. |
[46] | Huang Hua-feng,Wang Jia-jie,Yang Yi,et al.Automatic software vulnerability discovery and exploit under the limited resource conditions[J].Journal of Computer Research and Development,2019,56(11):2299-2314.(in Chinese) |
[47] | Yang Mei-fang,Huo Wei,Zou Yan-yan,et al.Programmable fuzzing technology[J].Journal of Software,2018,29(5):1258-1274.(in Chinese) |
[48] | Xie X F,Ma L,Juefei-Xu F,et al.DeepHunter:A coverage-guided fuzz testing framework for deep neural networks[C]∥Proc of the 28th ACM SIGSOFT International Sympo- sium on Software Testing and Analysis,2019:146-157. |
[49] | Zhou C,Wang M,Liang J,et al.Zeror:Speed up fuzzing with coverage-sensitive tracing and scheduling[C]∥Proc of the 35th IEEE/ACM International Conference on Automated Software Engineering,2020:858-870. |
[50] | Li Y, Ji S, Lyu C, et al. V-Fuzz:Vulnerability prediction- assisted evolutionary fuzzing for binary programs[J].IEEE Transactions on Cybernetics,2020,52(5):3745-3765. |
[51] | Chen K, Zhang Y,Liu P.Dynamically discovering likely memory layout to perform accurate fuzzing[J].IEEE Transactions on Reliability,2016,65(3):1180-1194. |
[52] | Eddington M.Peach fuzzing platform [CP/OL].[2021-08-14]. https:∥community.peachfuzzer.com/WhatIsPeach.html. |
[53] | Xie Xiao-fei,Li Xiao-hong,Chen Xiang,et al.Hybrid testing based on symbolic execution and fuzzing[J].Journal of Software,2019,30(10):3071-3089.(in Chinese) |
[54] | Chen K,Feng D,Su P,et al.Black-box testing based on colorful taint analysis[J].Science China Information Sciences,2012,55(1):171-183. |
[55] | Li Ming-lei,Huang Hui,Lu Yu-liang,et al.SymFuzz:Vulnerability detection technology under complex path conditions[J].Computer Science,2021,48(5):25-31.(in Chinese) |
[56] | Godefroid P,Peleg H,Singh R.Lean&Fuzz:Machine learning for input fuzzing[C]∥Proc of the 32nd IEEE/ACM International Conference on Automated Software Engineering,2017:50-59. |
[57] | Dolan-Gavitt B,Hulin P,Kirda E,et al.LAVA:Large-scale automated vulnerability addition[C]∥Proc of the IEEE Symposium on Security and Privacy,2016:110-121. |
[58] | Zou Yan-yan,Zou Wei,Yin Jia-wei,et al.Research on mutator strategy-aware parallel fuzzing[J].Journal of Information Security,2020,5(5):1-16.(in Chinese) |
[59] | Zhang Yi-chen,Zhao Lei,Jin Yin-shan.Sensitive region prediction based on neural network in fuzzy test algorithm research[J].Journal of Information Security,2020,5(1):10-19.(in Chinese) |
[60] | Tu Ling,Ma Yue,Cheng Cheng,et al.Hybrid protocol deformation based Web security fuzzy testing and utility evaluation approach[J].Computer Science,2017,44(5):141-145.(in Chinese) |
[61] | Liu Yuan,Yang Yong-hui,Zhang Chun-rui,et al.A novel method for fuzzing test cases generating based on genetic algorithm[J].Acta Electronics Sinica,2017,45(3):552-556.(in Chinese) |
[62] | Cheng Cheng,Zhou Yan-hui.Findding XSS vulnerability based on fuzzing test and genetic algorithm[J].Computer Science,2016,43(Z6):328-331.(in Chinese) |
[63] | Lin Chuang, Su Wen-bo,Meng Kun,et al.Cloud computing security:Architecture,mechanism and modeling[J].Chinese Journal of Computers,2013,36(9):1765-1784.(in Chinese) |
附中文参考文献: | |
[5] | 高峻,徐志大,李健. 针对复合文档的Fuzzing测试技术[J]. 计算机与数字工程,2008,36(12):116-119. |
[13] | 王凯,刘奇旭,张玉清.基于Fuzzing的Android应用通信过程漏洞挖掘技术[J].中国科学院大学学报,2014,31(6):827-835. |
[14] | 张密,杨力,张俊伟.FuzzerAPP:Android 应用程序组件通信鲁棒性测试[J].计算机研究与发展,2017,54(2):338-347. |
[15] | 赵赛,刘昊,王雨峰,等.Android组件间通信的模糊测试方法[J].计算机科学,2020,47(S2):303-309. |
[16] | 何远,张玉清,张光华.基于黑盒遗传算法的Android驱动漏洞挖掘[J].计算机学报,2017,40(5):1031-1043. |
[18] | 张兴,冯超,雷菁,等.一种面向模糊测试的GUI程序空转状态实时检测方法[J].软件学报,2018,29(5):1288-1302. |
[20] | 霍玮,戴戈,史记,等.基于模式生成的浏览器模糊测试技术[J].软件学报,2018,29(5):1275-1287. |
[21] | 李伟明,张爱芳,刘建财,等.网络协议的自动化模糊测试漏洞挖掘方法[J].计算机学报,2011,34(2):242-255. |
[26] | 张亚丰,洪征,吴礼发,等.基于状态的工控协议Fuzzing测试技术[J].计算机科学,2017,44(5):132-140. |
[30] | 李佳莉,陈永乐,李志,等.基于协议状态图遍历的RTSP协议漏洞挖掘[J].计算机科学,2018,45(9):171-176. |
[31] | 张蔚瑶,张磊,毛建瓴,等.未知协议的逆向分析与自动化测试[J].计算机学报,2020,43(4):653-667. |
[33] | 王颖,王冰青,关永,等.面向ROS的差分模糊测试方法[J].软件学报,2021,32(6):1867-1881. |
[34] | 沙乐天,肖甫,杨红柯,等.基于自适应模糊测试的IaaS层漏洞挖掘方法[J].软件学报,2018,29(5):1303-1317. |
[38] | 李伟明,于俊清,艾少波.PyFuzzer:自动化高效内存模糊测试方法[J].通信学报,2013,34(S2):64-68. |
[39] | 王颖,谷利泽,杨义先,等.EWFT:基于程序执行过程的白盒测试工具[J].电子学报,2014,42(10):2016-2023. |
[43] | 乐德广,龚声蓉,吴少刚,等.RTF数组溢出漏洞挖掘技术研究[J].通信学报,2017,38(5):96-107. |
[46] | 黄桦烽,王嘉捷,杨轶,等.有限资源条件下的软件漏洞自动挖掘与利用[J].计算机研究与发展,2019,56(11):2299-2314. |
[47] | 杨梅芳,霍玮,邹燕燕,等.可编程模糊测试技术[J].软件学报,2018,29(5):1258-1274. |
[53] | 谢肖飞,李晓红,陈翔,等.基于符号执行与模糊测试的混合测试方法[J].软件学报,2019,30(10):3071-3089. |
[55] | 李明磊,黄晖,陆余良,等.SymFuzz:一种复杂路径条件下的漏洞检测技术[J].计算机科学,2021,48(5):25-31. |
[58] | 邹燕燕,邹维,尹嘉伟,等.变异策略感知的并行模糊测试研究[J].信息安全学报,2020,5(5):1-16. |
[59] | 张羿辰,赵磊,金银山.模糊测试中基于神经网络的敏感区域预测算法研究[J].信息安全学报,2020,5(1):10-19. |
[60] | 涂玲,马跃,程诚,等.基于协议混合变形的Web安全模糊测试与效用评估方法[J].计算机科学,2017,44(5):141-145. |
[61] | 刘渊,杨永辉,张春瑞,等.一种基于遗传算法的Fuzzing测试用例生成新方法[J].电子学报,2017,45(3):552-556. |
[62] | 程诚,周彦晖.基于模糊测试和遗传算法的XSS漏洞挖掘[J].计算机科学,2016,43(Z6):328-331. |
[63] | 林闯, 苏文博, 孟坤, 等. 云计算安全:架构、机制与模型评价[J]. 计算机学报, 2013, 36(9): 1765-1784. |
[1] | 顾涛涛, 卢帅兵, 李响, 况晓辉, 赵刚. 并行模糊测试综述[J]. 计算机工程与科学, 2022, 44(06): 1046-1055. |
[2] | 张卫祥,齐玉华,魏波,张敏,窦朝晖. 基于蚁群算法的测试用例优先排序[J]. 计算机工程与科学, 2020, 42(02): 241-249. |
[3] | 宋丛溪,王辛,张文喆. Angr动态软件测试应用分析与优化[J]. 计算机工程与科学, 2018, 40(增刊S1): 163-168. |
[4] | 占徐政. 一种针对高维输入域的适应性随机测试改进性算法[J]. 计算机工程与科学, 2018, 40(11): 1936-1943. |
[5] | 赵一丁,缑西梅,底恒. 项目驱动教学法在软件测试课程中的过程控制[J]. 计算机工程与科学, 2016, 38(增刊): 112-116. |
[6] | 赵一丁1,樊银亭1,郑秋生1,楚纪正2,罗菁1. 工业软件现场测试中的拆分及其测试数据设计[J]. J4, 2016, 38(05): 921-931. |
[7] | 赵翀,高鹏. 软件测试课程工程实践教学模式的探索与实施[J]. J4, 2014, 36(A1): 51-55. |
[8] | 鞠小林1, 2,姜淑娟1,陈翔2,曹鹤玲1,王兴亚1. 一种基于多变量Logistic模型的缺陷定位方法[J]. J4, 2014, 36(10): 1952-1960. |
[9] | 吴洁明,李硕征. CNONIX标准符合性测试研究[J]. J4, 2014, 36(05): 884-890. |
[10] | 王蓁蓁. 基于测试结果调整语句出错概率方法[J]. J4, 2014, 36(05): 891-899. |
[11] | 李毅1,徐萍1,万寒2. 基于QEMU实现的处理器类故障模拟与注入方法研究[J]. J4, 2014, 36(01): 19-27. |
[12] | 时贵英. 改进PSO算法在软件测试数据生成中的应用[J]. J4, 2012, 34(1): 86-89. |
[13] | 牟永敏,姜宇,张志华. 软件自动化测试中热点路径的研究[J]. J4, 2011, 33(6): 79-83. |
[14] | 施寅生,王峰,齐璇. 一种新颖的Web服务安全性测试方法[J]. J4, 2010, 32(9): 81-83. |
[15] | 周志远, 张大方, 缪力. 基于Java内存模型的并发程序模型检测[J]. J4, 2010, 32(3): 111-114. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
湘公网安备 43010502000083号
湘ICP备10006030号
版权所有 © 《计算机工程与科学》 编辑部
地址:中国湖南省长沙市开福区德雅路109号(410073) 电话:0731-87002567 Email: jsjgcykx@vip.163.com
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn