Research of Fuzzing Based on Genetic Algorithm
|School||Huazhong University of Science and Technology|
|Keywords||Vulnerability Discovery Evolutionary Fuzzing Genetic Algorithms Code Coverage|
With an increase in software security vulnerabilities numbers, more and more researcher pay attention to the discovering technology of software security vulnerabilies, and fuzzing is one of the most widely used. Existing fuzzing methods have some defects in protocols vulnerabilities discovery such as can not evaluate the fulfillment degree of fuzzing、low hit of test case and automated protocol dissection, resulted in ineffectiveness in fuzzing and harder to find more bugs.To improve the traditional fuzzing on test case generation and automated protocol dissection, by the idea of evolutionary test, using GA to search for the test case which learn the protocol more in the generation process of fuzz data, this paper proposes a evolutionary fuzzing to achieve the purpose of automated protocol fuzzing. According to the character of network access data, this paper designed and implemented the GA for the evolutionary fuzzing, including the encode mode, population initialization, fitness function, crossover and mutation, and discuss the question evolving on functions hit or basic blocks hit would be better, finally applies the fuzzing heuristics. By using IDA and PaiMei, on the basis of GPF, combining with the evolutionary fuzzing to complete the fuzzer.This fuzzer is used to do three experiments of discovering software vulnerabilities on Gold FTP server. Comparative study on the fitness of pool and session and crash tool, analysis various factors that may influence the experimental results.The results of experiments show that the evolutionary fuzzing can provide helps on automating protocol dissection through improving code coverage.Consider the difference between code coverage and path coverage, it also needs to analysis path coverage to cover all attack surface for evolutionary fuzzing.