基于汤普森采样的模糊测试用例变异方法

Fuzzing is one of the representative vulnerability detection technologies,which generates a set of inputs to test program,so as to find errors and identify security vulnerabilities during execution. Analyzing AFL (American fuzzy lop),a mainstream open-source fuzzer,and improving the selection method of mutation operators in the process of input mutation,this paper proposed TPSFuzzer,an automatically mutation approach of fuzzing based on Thompson sampling to support the fuzzing for binary program. The approach was designed to transform the selection of mutation operators in fuzzing into the problem of multi-armed bandit,and employ Thompson sampling optimization method to adaptively learn the probability distribution of mutation operators. Meanwhile,the proposed approach was arranged to utilize Intel processor trace mechanism to accurately collect path information and assist the selection of mutation operation,so that AFL could effectively discover more hard-to-trigger vulnerabilities. Compared with PTFuzzer,the experimental results on the LAVA data set and two real-world binaries show that TPSFuzzer can produce higher code coverage and achieve better fuzzing efficiency.