A Fuzzing Framework Based on Symbolic Execution and Combinatorial Testing

In order to simulate the attacks at multi input points for the fuzzing, in this paper, we present a white-box combinatorial fuzzing framework based on symbolic execution and combinatorial testing. According to the attack attributes plug-in gained by means of static analysis in advance, our fuzzing framework exploits symbolic execution to collect constraint conditions of attack points where the program may contain an error and to identify the input vector that influence attack points and the constraint interval of every input in input vector, uses constraint solving or interval computation to identify the feasibility of attack points, applies combinatorial coverage strategies to searching interval combination of input vector for the feasible attack points, chooses corresponding strategies of test case generation to generate test case from the interval combination of input vector, and finally injects the combinatorial test case vector to find security vulnerabilities in programs according to the attack strategies in the attack attributes plug-in. Our experimental results indicate that our fuzzing framework can not only effectively expose errors located deep within large applications, but also can avoid the combination explosion to a certain extent.