Detection and Information Extraction of Similar Basic Blocks Used for Directed Greybox Fuzzing

摘要

Directed gray-box fuzzing generates input samples with the objective of reaching a given set of target program locations efficiently so that improves the fuzzy efficiency and reduces the time cost. This Scheme can find well the vulnerabilities hided in update patch so that relies heavily on feature extraction of target blocks. Whether there are other basic blocks with similar features in the target program to speed up the efficiency of vulnerability fuzzing becomes the starting point of this paper. Our main work focuses on the static analysis of the target program to find feature similar blocks. We proposed a similarity feature discovery model of blocks by designing basic feature description vector of block. Standard feature extraction of malicious basic block from lava dataset by which we can quickly fuzz these basic blocks with similar characteristics and possibly potential threats in the target program. Through experiments, we find other basic blocks similar to malicious basic blocks and add them into dataset so that speed up the effectiveness of vulnerability fuzzing in directed gray-box fuzzing mode.