Software Vulnerability Detection Based on Code Coverage and Test Cost

In order to solve the problems of traditional Fuzzing technique for software vulnerability detection, a novel method based on code coverage and test cost is proposed. Firstly, static analysis is applied to calculate the code coverage information, including basic block coverage and new block coverage. In addition, test path diversity information is introduced to elevate path coverage, which is achieved based on the sequence alignment algorithm. Secondly, test cost is analyzed respectively from running time and loop structure. The loop structure is simplified using finite expansion manner. Thirdly, the genetic algorithm fitness function is constructed based on the code coverage and test cost to guide the test case generation. Experiments on realistic binary software show that the method could obtain higher vulnerability detection accuracy and efficiency than the traditional Fuzzing technique.