wen Proj THUDBFuzz Paper Reading: A Review of Machine Learning Applications in Fuzzing
![Proj THUDBFuzz Paper Reading: A Review of Machine Learning Applications in Fuzzing
[编程语言教程]](https://www.zixueka.com/wp-content/uploads/2024/01/1706708288-9069ff9115c82a1.jpg)
2 Overview of Fuzzing
Generation-based fuzzer
Peach, Sulley
Evolutionary Fuzzers
honggfuzz, AFL, libFuzzer
Mutation-based fuzzers
- where to mutate
- what new value to use for the mutation
常用变异方法: 随机生成,specific bit flips, integer increments, integer bound analysis, substitution
Symbolic Execution
- Driller
- SAGE
需要平衡符号执行的代价,The computational costs and path explosion remain significant hurdles.
Input test scheduling
FuzzSim: 能够通过多次迭代使用输入的性能信息快速比较选择输入的策略
SEC Consult通过人工分析忽略输入空间的一部分
Interesting Program State
- Valgrind等可以在程序没有崩溃的时候检测到memory corruption
- Heelan等使用fuzzing来确定潜在的memory allocators
The definition of what an interesting program state should be remains a research challenge
Evaluate Inputs
libFuzzer使用data coverage,如果一个输入引起新数据值出现在之前已经比较过的comparison中,也会有很高的打分
3. Applications of Machine Learning to Fuzzing
AFL就使用了genetic Algorithm来做input generation;
已有不少研究用来减少符号执行中constraint equation 处理的时间,crash triage(确定一大堆有趣的程序状态中和bug相关的), root cause categoritzation
Generate Inputs
Proj THUDBFuzz Paper Reading: A Review of Machine Learning Applications in Fuzzing
原文地址:https://www.cnblogs.com/xuesu/p/14509932.html
hmoban主题是根据ripro二开的主题,极致后台体验,无插件,集成会员系统
自学咖网 » Proj THUDBFuzz Paper Reading: A Review of Machine Learning Applications in Fuzzing
自学咖网 » Proj THUDBFuzz Paper Reading: A Review of Machine Learning Applications in Fuzzing
