The Research on Efficient Web Fuzzing Technology Based on Graph Isomorphic Network
Existing Web fuzzing methods mainly include dictionary-based black-box testing methods and borrow gray-box testing methods from binary fuzzing.These methods have the disadvantages of high randomness and low efficiency.In response to the above issues,the article proposed an efficient Web fuzzing method based on graph isomorphism network.Firstly,leveraging the powerful capabilities of graph isomorphism network in graph representation and structure learning,the semantic and structural features of vulnerabilities were learnt on the control flow graph of the code,and the probabilities of basic block vulnerabilities were predicted.Then,based on the vulnerability prediction results,a Web application fuzzing guidance strategy with dual guidance of vulnerability probability that consider both vulnerability probability and coverage.It prioritized the exploration of program locations with higher vulnerability possibilities without compromising coverage,effectively addressing the issues of high randomness and low efficiency in existing Web application fuzzing tools.Finally,based on the above methods,a prototype system was implemented and experimentally evaluated.The experimental results show that the efficiency of the system has increased by 40%,and the coverage has expanded by 5%.
万方数据
维普
