Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Vulnerability detection system aiming at binary executable files and combining fuzz testing with symbolic execution

A technology for symbolic execution and vulnerability detection, applied in the field of vulnerability detection systems, can solve problems such as low detection efficiency and insufficient detection depth, and achieve the effects of accelerating running speed, improving detection efficiency, and improving crashes

Active Publication Date: 2018-05-18
HARBIN INST OF TECH
View PDF2 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The detection method in the prior art has the problems of insufficient detection depth and low detection efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection system aiming at binary executable files and combining fuzz testing with symbolic execution
  • Vulnerability detection system aiming at binary executable files and combining fuzz testing with symbolic execution
  • Vulnerability detection system aiming at binary executable files and combining fuzz testing with symbolic execution

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0080] combine Figure 1 to Figure 6 , this embodiment describes the implementation of the vulnerability detection system that combines fuzzing and symbolic execution of binary executable files as follows:

[0081] 1. Optimal design of the fuzzer module

[0082] The optimized fuzzer module has the following characteristics:

[0083] 1) It can automatically generate custom input data and monitor the abnormality of the program;

[0084] 2) Regardless of whether there is source code or no source code, the system can monitor the abnormal situation of the software, and find as many defects as possible that cause the system to crash;

[0085] 3) The crash of the program can be located and recorded in time.

[0086] According to the optimization goal of the fuzzer, that is, the independence and scalability between modules, the optimized fuzzer mainly includes five modules: data generation, data input execution, vulnerability generation monitoring, false positive automatic analysis...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a vulnerability detection system aiming at binary executable files and combining fuzz testing with symbolic execution, belongs to computer vulnerability detection software development technology and aims to increase detection depth and improve detection efficiency in binary file vulnerability detection scenes. The vulnerability detection system comprises a fuzzifier modulethrough optimization design, a symbolic execution module through optimization design and a fuzzifier skip symbol scheduling execution module, and a cache explorer and a task cooperation module are introduced. Advantages of fuzz testing and symbolic execution are combined for vulnerability detection of binary execution files. Evaluation experiments are conducted on the system, an application program provided by a qualification test of DARPA network challenge is adopted as a dataset, and contrast experiments are set on three objects including single fuzz testing, single symbolic execution and avulnerability mining system realized by the system. The system has remarkable effect, exploration of binary program compartment is accelerated, and running speed of the vulnerability mining system isincreased greatly.

Description

technical field [0001] The invention relates to a loophole detection system combining fuzzy testing and symbolic execution, which belongs to computer loophole detection software development technology. Background technique [0002] With the rapid development of computer science and Internet technology, software security issues emerge in an endless stream, and software security has always attracted much attention. In the field of software security testing, fuzz testing and symbolic execution are two widely used testing methods. [0003] Fuzzing was originally introduced as one of several tools for testing programs on UNIX systems. It has been widely used for black-box testing, but lacks guidance, generates new inputs based on random mutation of previous inputs, and cannot control which path in the application is directed. Dynamic symbolic execution, on the other hand, interprets applications, simulates user input using symbolic variables, tracks constraints resulting from c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06F11/36
CPCG06F11/3688G06F21/577G06F2221/033
Inventor 张伟哲方滨兴余翔湛何慧刘亚维张宇刘川意王焕然宋博宇
Owner HARBIN INST OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com