Method and system for fuzz testing

A technology of fuzz testing and test cases, applied in the field of fuzz testing, can solve problems such as fuzz testing is too simple, cannot input space heuristic detection, genetic algorithm fitness calculation, etc., and achieve the effect of improving security

Active Publication Date: 2010-10-13
SIEMENS CHINA
View PDF1 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The main problem with fuzz testing is that it can only find very simple bugs most of the time
However, for most cases, it is not feasible to construct an accurate control flow diagram based on software, and without a control flow diagram, it is impossible to use code coverage to calculate the fitness of the genetic algorithm
[0009] It can be seen from the above th

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for fuzz testing
  • Method and system for fuzz testing
  • Method and system for fuzz testing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0072] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings and examples.

[0073] The main idea of ​​the present invention is: use genetic algorithm as the guide of fuzzy test to carry out input space detection, introduce self-evolution mechanism for fuzzy test, so that fuzzy test can perform more intelligent detection in input space, and adopt more heuristic way to find out the security flaws of the software program under test. The fuzz test provided by the present invention is a fully automatic black-box test without knowing any source code information of the software program under test.

[0074] Genetic Algorithm is a computational model that simulates Darwin's genetic selection and natural elimination process of biological evolution, and is a method of searching for the optimal solution by simulating the natural evolution ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for fuzz testing, which comprises the following steps that: first, selecting a group of initial test cases as a first-generation group, and the first-generation group serves as a current group; then adopting the test cases in the current group to test a tested software program, eliminate the test cases according to the obtained test results, and generate a next-generation group according to the test cases which are not eliminated in the current group; at this time, if the end conditions are satisfied, ending the test; and if the end conditions are not satisfied, the obtained next-generation group serves as the current group to continue the test in a circulating way until the end conditions are satisfied. The invention also discloses a system for fuzz testing. The invention can improve the security of the tested software program.

Description

technical field [0001] The invention relates to the technical field of software testing, in particular to a method and system for performing fuzz testing. Background technique [0002] The security testing of software (including: application programs, protocols, etc.) is actually a detection in the software input space. The input space of software consists of all possible inputs of the software, or a combination of all possible inputs. Hereinafter, each possible input of the software is referred to as an input point. Exhaustive enumeration is the most direct method to verify the correctness of software behavior. However, exhaustive enumeration is not feasible for most cases, because the input space of software programs is usually very large. Compared with the exhaustive method, fuzz testing (Fuzz Testing) is a more feasible black-box testing method. [0003] Fuzz testing is a software testing technique, which constructs some random or semi-random data (called fuzz) as the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36
Inventor 唐文
Owner SIEMENS CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap