Browser Fuzzing Technique Based on Pattern-Generation

doi:10.13328/j.cnki.jos.005501

微信服务号

微信订阅号

2025-4-21- 15

Home > Archive>Volume 29, Issue 5, 2018 >1275-1287. DOI:10.13328/j.cnki.jos.005501

PDF HTML XML Export Cite reminder

Browser Fuzzing Technique Based on Pattern-Generation
DOI:
                        10.13328/j.cnki.jos.005501
                    
Author:
                        HUO WeiHUO Wei
Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100195, China;Key Laboratory of Network Assessment Technology(Institute of Information Engineering, The Chinese Academy of Science), The Chinese Academy of Sciences, Beijing 100195, China;Beijing Key Laboratory of Network Security and Protection Technology(Institute of Information Engineering, The Chinese Academy of Sciences), Beijing 100195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
DAI GeDAI Ge
Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100195, China;Key Laboratory of Network Assessment Technology(Institute of Information Engineering, The Chinese Academy of Science), The Chinese Academy of Sciences, Beijing 100195, China;Beijing Key Laboratory of Network Security and Protection Technology(Institute of Information Engineering, The Chinese Academy of Sciences), Beijing 100195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
SHI JiSHI Ji
Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100195, China;Key Laboratory of Network Assessment Technology(Institute of Information Engineering, The Chinese Academy of Science), The Chinese Academy of Sciences, Beijing 100195, China;Beijing Key Laboratory of Network Security and Protection Technology(Institute of Information Engineering, The Chinese Academy of Sciences), Beijing 100195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
GONG Xiao-RuiGONG Xiao-Rui
Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100195, China;Key Laboratory of Network Assessment Technology(Institute of Information Engineering, The Chinese Academy of Science), The Chinese Academy of Sciences, Beijing 100195, China;Beijing Key Laboratory of Network Security and Protection Technology(Institute of Information Engineering, The Chinese Academy of Sciences), Beijing 100195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
JIA Xiao-QiJIA Xiao-Qi
Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100195, China;Key Laboratory of Network Assessment Technology(Institute of Information Engineering, The Chinese Academy of Science), The Chinese Academy of Sciences, Beijing 100195, China;Beijing Key Laboratory of Network Security and Protection Technology(Institute of Information Engineering, The Chinese Academy of Sciences), Beijing 100195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
SONG Zhen-YuSONG Zhen-Yu
Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100195, China;Key Laboratory of Network Assessment Technology(Institute of Information Engineering, The Chinese Academy of Science), The Chinese Academy of Sciences, Beijing 100195, China;Beijing Key Laboratory of Network Security and Protection Technology(Institute of Information Engineering, The Chinese Academy of Sciences), Beijing 100195, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
LIU Bao-XuLIU Bao-Xu
Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100195, China;Key Laboratory of Network Assessment Technology(Institute of Information Engineering, The Chinese Academy of Science), The Chinese Academy of Sciences, Beijing 100195, China;Beijing Key Laboratory of Network Security and Protection Technology(Institute of Information Engineering, The Chinese Academy of Sciences), Beijing 100195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
ZOU WeiZOU Wei
Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100195, China;Key Laboratory of Network Assessment Technology(Institute of Information Engineering, The Chinese Academy of Science), The Chinese Academy of Sciences, Beijing 100195, China;Beijing Key Laboratory of Network Security and Protection Technology(Institute of Information Engineering, The Chinese Academy of Sciences), Beijing 100195, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site

                    
Affiliation:
Clc Number:
Fund Project:Program of Key Laboratory of Network Assessment Technology, the Chinese Academy of Sciences; Program of Beijing Key Laboratory of Network Security and Protection Technology; Foundation of Key Laboratory of Network Assessment Technology, the Chinese Academy of Sciences (CXJJ-17S049); National Key Research and Development Program of China (2016QY0714 05)

Article

Figures

Metrics

Reference

Related [20]

Cited by

Materials

Comments

Abstract:

Fuzzing is widely used for browser vulnerability mining,and one of the key factors determining its effectiveness is the test pattern written by the tester.Considering that the test pattern is written with high cost and short survival time,in this article,an automatic construction of fuzzy tester based on pattern-generation is presented.By analyzing the known vulnerability samples and extracting the test pattern automatically,the traditional mutation strategy is then applied to each module in the pattern to complete the automatic generation of the abnormal samples.Experimental results show that in average it takes only 11.168 seconds to finish the automatic construction of 1 089 different fuzzy testers based on 1 089 known vulnerabilities for five browsers,which has much lower time-consumption than that required by testers themselves.Applying on IE 10,IE11 and Firefox 54.0 Web browser with randomly selected 10 fuzzy testers,the new method discovered a total of 57 different bugs,including a high-risk unknown vulnerability.This demonstrates that this method has better capability at finding the unknown vulnerability.

Key words:fuzzing;vulnerability mining;browser;pattern

Get Citation

霍玮,戴戈,史记,龚晓锐,贾晓启,宋振宇,刘宝旭,邹维.基于模式生成的浏览器模糊测试技术.软件学报,2018,29(5):1275-1287

Copy

Article Metrics

Abstract:
PDF:
HTML:
Cited by:

History

Received:July 01,2017
Revised:August 29,2017
Adopted:November 21,2017
Online: January 09,2018
Published:

You are the first2036676Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address：4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code：100190
Phone：010-62562563 Fax：010-62562533 Email：jos@iscas.ac.cn
Technical Support：Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063

微信服务号

微信订阅号

Get Citation

Share

微信扫一扫：分享

Article Metrics

History