Abstract:
An algorithm of automatic abnormal input data construction is put forward. Based on the result of software binary patch comparison and target function call graph, a fitness function is designed which is used to evaluate all of the individuals in the same population and find and pass excellent individuals down to next generation. Experimental result shows that the algorithm can generate the data that gets or nearly gets to the point of the software vulnerability, and simplify the process that reverse analyzer constructs abnormal software input data.
Key words:
software binary patch comparison,
function call graph,
genetic algorithm,
fitness function
摘要: 提出一种畸形输入数据自动构造算法。基于软件二进制补丁比对结果及目标函数调用图,设计适应值函数,对同一种群中所有个体进行评估,寻找优秀个体并遗传到子代中。实验结果表明,该算法能够生成到达或接近到达软件脆弱点的输入数据,简化逆向分析人员构造软件畸形数据的过程。
关键词:
软件二进制补丁比对,
函数调用图,
遗传算法,
适应值函数
CLC Number:
CHEN E-Nan, DIAO Rong-Cai, LIN Hua, WANG Xiao-Qin, ZHANG Xin-Yu, LIU Zhen-Hua, LI Feng-Fei. Automatic Abnormal Input Data Construction in Software Fuzzy Test[J]. Computer Engineering, 2010, 36(17): 23-24,27.
沈亚楠, 赵荣彩, 任华, 王小芹, 张新宇, 刘振华, 李鹏飞. 软件模糊测试中畸形输入数据的自动构造[J]. 计算机工程, 2010, 36(17): 23-24,27.