Greybox fuzzing has made impressive progress in recent years, evolving from heuristics-based random mutation to approaches for solving individual branch constraints. However, they have difficulty path constraints that involve deeply nested conditional statements, which are common image and video decoders, network packet analyzers, checksum tools. We propose an approach addressing this problem. First, we identify all the control flow-dependent statements of target statement. Next, select...

Taint analysis assists fuzzers in solving complex fuzzing constraints by inferring the influencing input bytes. Execution paths real-world programs often reach loops, where these loops can be visited and recorded multiple times. Conventional taint techniques experience difficulties when distinguishing between occurrences of same constraint. In this paper, we propose PATA, a fuzzer that implements path-aware analysis, i.e. one distinguishes variable based on execution path information. PATA...

Modern operating system kernels are too complex to be free of bugs. Fuzzing is a promising approach for vulnerability detection and has been applied kernel testing. However, existing work does not consider the influence relations between calls when generating mutating inputs, resulting in difficulties trying reach into kernel's deeper logic effectively.

eBPF is an inspiring technique in Linux that allows user space processes to extend the kernel by dynamically injecting programs. However, it poses security issues, since untrusted code now executed space. utilizes a verifier validate safety of provided programs, thus its correctness paramount importance as attackers may exploit vulnerabilities within inject malicious Bug-finding tools like fuzzers currently can detect memory bugs system calls, but they experience difficulties finding...

Modern file systems have become increasingly feature-rich and highly complex, making crash consistency difficult to perform correctly. Thoroughly testing for bugs, however, is achieve good results due insufficient state exploration, a lack of guidance test case generation, missing support modern system features. In this paper, we present new approach towards consistency: systematic persistent exploration. contrast previous efforts, our design addresses these shortcomings through the property...

The Youjiang Basin in China is the world’s second-largest concentrated area of Carlin-type Au deposits after Nevada, USA, boasting cumulative reserves nearing 1000 t. This study examined recently unearthed Lintan deposit within Basin. Factor analysis and association rule algorithms were used to identify exploration vectors indicators essential for navigating this promising geological territory. In mining area, strata encompass Triassic Bianyang, Niluo, Xuman formations comprised clastic...

A new method, using a combination of 4D-molecular similarity measures and cluster analysis to construct optimum QSAR models, is applied data set 150 chemically diverse compounds build blood-brain barrier (BBB) penetration models. The complete divided into subsets based on analysis. in each subset are further training test set. Predictive QASAR models constructed for the corresponding sets. These best predict which assigned same subset, measures, from derived. results suggest that specific...

Fuzzing is a technique widely used in vulnerability detection. The process usually involves writing effective fuzz driver programs, which, when done manually, can be extremely labor intensive. Previous attempts at automation leave much to desired, either degree of or quality output. In this paper, we propose IntelliGen, framework that constructs valid drivers automatically. First, IntelliGen determines set entry functions and evaluates their respective chance exhibiting vulnerability. Then,...

Three and four state categorical quantitative structure–activity relationship (QSAR) models for skin sensitization have been constructed using data from the murine Local Lymph Node Assay studies. These are same we previously used to build two-state (sensitizer, nonsensitizer) QSAR (Li et al., 2007, Chem. Res. Toxicol. 20, 114–128). 4D-fingerprint descriptors derived 4D-molecular similarity paradigm generate these models. A training set of 196 a test 22 structurally diverse compounds were in...

A training set of 55 antifungal P450 analogue inhibitors was used to construct receptor-independent four-dimensional quantitative structure−activity relationship (RI 4D-QSAR) models. Ten different alignments were build the models, and one alignment yields a significantly better model than other alignments. Two methodologies measure similarity best 4D-QSAR models each alignment. One method compares residual fit between pairs using cross-correlation coefficient their residuals as measure. The...

Embedded operating systems (Embedded OSs) are extensively deployed in many mission-critical industrial scenarios. Any defects within these may result unacceptable losses. Therefore, it is imperative to develop tools detect bugs OSs, thus minimizing potential impacts on infrastructures. Coverage-guided fuzzing a vulnerability detection technique that has found numerous real-world vulnerabilities both application programs as well kernels. However, state-of-the-art kernel fuzzers, e.g.,...

A methodology termed membrane-interaction QSAR (MI-QSAR) analysis has been used to develop models predict drug permeability coefficients across cornea and its component layers (epithelium, stroma, endothelium). From a training set of 25 structurally diverse drugs, significant are constructed compared for the cornea, epithelium, stroma plus endothelium. Cornea is found depend on measured distribution coefficient drug, cohesive energy total potential drug-membrane "complex," three other...

Greybox fuzzing has made impressive progress in recent years, evolving from heuristics-based random mutation to approaches for solving individual path constraints. However, they have difficulty constraints that involve deeply nested conditional statements, which are common image and video decoders, network packet analyzers, checksum tools. We propose an approach addressing this problem. First, we identify all the control flow-dependent statements of target statement. Next, select data...

Kernel fuzzing is an effective technique in operating system vulnerability detection. Fuzzers such as Syzkaller and Moonshine frequently pass highly structured data between fuzzer processes guest virtual machines manager the host to synchronize fuzzing-relevant information. Since machines’ system’s memory spaces are mutually isolated, fuzzers conduct synchronization operations using mechanisms Remote Procedure Calls over TCP/IP networks, incurring significant overheads that negatively impact...

Following decades of exploration Carlin-type gold deposits in the Yunnan, Guizhou, and Guangxi provinces China (known as Dian–Qian–Gui Golden Triangle), surface mines are almost exhausted undiscovered orebodies deeply buried; thus, surficial geochemical information associated with concealed is poor. In this study, we compared methods extracting weak based on soil geochemistry tectono-geochemistry, then applied tectono-geochemical method to Huijiabao Nibao ore fields evaluate its validity...

Fuzzing is increasingly used in industrial settings for vulnerability detection due to its scalability and effectiveness. Libraries require driver programs feed the fuzzer-generated inputs into library-provided interfaces. Writing such drivers manually tedious error-prone, thus greatly hindering widespread use of fuzzing practical situations. Previous attempts at automatic synthesis perform static analysis on libraries their consumers. However, a lack dynamic object usage information renders...

Greybox fuzzing has received much attention from developers and researchers due to its success in discovering bugs within many programs. However, randomized algorithms have limited fuzzers' effectiveness. First, branch coverage feedback that is based on random edge ID can lead collision. Besides, state-of-the-art fuzzers heavily rely methods reach new coverage. Finally, some only employ heuristics-based bug exploitation methods, which are not effective triggering those require non-trivial...