编码(集合论)
源代码
代码覆盖率
二进制数
静态程序分析
可执行文件
无效代码
代码生成
污点检查
作者
Juhwan Kim,Joobeom Yun
出处
期刊:Computer and Communications Security
日期:2019-11-06
卷期号:: 2637-2639
被引量:3
标识
DOI:10.1145/3319535.3363275
摘要
Hybrid fuzzers combine both fuzzing and concolic execution with the wish that the fuzzer will quickly explore input spaces and the concolic execution will solve the complex path conditions. However, existing hybrid fuzzers such as Driller cannot be effectively directed, for instance, towards unsafe system calls or suspicious locations, or towards functions in the call stack of a reported vulnerability that we wish to reproduce. In this poster, we propose DrillerGO, a directed hybrid fuzzing system, to mitigate this problem. It mainly consists of a static analysis and a dynamic analysis module. In the static analysis, it searches suspicious API call strings in the recovered control flow graph (CFG). After targeting some suspicious API call lines, it runs the concolic execution along with path guiding. The path guiding is helped by backward pathfinding, which is a novel technique to find paths backward from the target to the start of main(). Also, we will show that DrillerGo can find the crashes faster than Driller through experimental results.
科研通智能强力驱动
Strongly Powered by AbleSci AI