|
|
计算机应用研究 2009
New method of software vulnerability detection based on fuzzing
|
Abstract:
The techniques of buffer overflow vulnerabilities detection was single and limited to manual analysis, binary-patch comparison, fuzzing and so on. These techniques of vulnerabilities detection were either too dependent on manual analysis or too blind, leading up to the low efficiency of vulnerabilities detection. Introduced a new method of buffer overflow vulnerabilities detection, which was based on fuzzing, data-flow dynamic analysis and automated exception analysis. Overcame the disadvantages of old techniques, this new method effectively improves the detection of potential unknown security vulnerabilities (0day) in software. Besides, this method is more automated and performs better in finding new security vulnerabilities.
