{"title":"Deepbug:深度漏洞注入","authors":"Wanli Shi, Guomiao Zhou, Zehui Wu, Huiyong Zhang","doi":"10.1145/3501409.3501538","DOIUrl":null,"url":null,"abstract":"There has been a lot of research devoted to finding real-world software bugs, but these studies have lacked some standard test sets as test subjects, especially in the area of synthetic bugs. Although studies such as LAVA and Apocalypse have now suggested ways to inject bugs into real software, these injected bugs are either a single type or the injection points are easily accessed by bug exploiters. In this paper, we propose a bug injection system Deepbug that combines path extraction and taint analysis, through which more hidden bugs can be injected into real software. In our experiments, using Deepbug to inject bugs into four existing open-source software, through fuzz testing of defective software, we found that only a small number of these injected bugs were found by fuzzing tools.","PeriodicalId":191106,"journal":{"name":"Proceedings of the 2021 5th International Conference on Electronic Information Technology and Computer Engineering","volume":"82 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Deepbug: Bug Injection in Depth\",\"authors\":\"Wanli Shi, Guomiao Zhou, Zehui Wu, Huiyong Zhang\",\"doi\":\"10.1145/3501409.3501538\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"There has been a lot of research devoted to finding real-world software bugs, but these studies have lacked some standard test sets as test subjects, especially in the area of synthetic bugs. Although studies such as LAVA and Apocalypse have now suggested ways to inject bugs into real software, these injected bugs are either a single type or the injection points are easily accessed by bug exploiters. In this paper, we propose a bug injection system Deepbug that combines path extraction and taint analysis, through which more hidden bugs can be injected into real software. In our experiments, using Deepbug to inject bugs into four existing open-source software, through fuzz testing of defective software, we found that only a small number of these injected bugs were found by fuzzing tools.\",\"PeriodicalId\":191106,\"journal\":{\"name\":\"Proceedings of the 2021 5th International Conference on Electronic Information Technology and Computer Engineering\",\"volume\":\"82 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2021 5th International Conference on Electronic Information Technology and Computer Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3501409.3501538\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2021 5th International Conference on Electronic Information Technology and Computer Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3501409.3501538","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
There has been a lot of research devoted to finding real-world software bugs, but these studies have lacked some standard test sets as test subjects, especially in the area of synthetic bugs. Although studies such as LAVA and Apocalypse have now suggested ways to inject bugs into real software, these injected bugs are either a single type or the injection points are easily accessed by bug exploiters. In this paper, we propose a bug injection system Deepbug that combines path extraction and taint analysis, through which more hidden bugs can be injected into real software. In our experiments, using Deepbug to inject bugs into four existing open-source software, through fuzz testing of defective software, we found that only a small number of these injected bugs were found by fuzzing tools.