Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Software vulnerability analysis method of variant multi-dimensional input based on Fuzzing technology

An analysis method and vulnerability technology, applied in the field of software vulnerability analysis, can solve problems such as combinatorial explosion

Inactive Publication Date: 2012-02-08
中国人民解放军总参谋部第五十四研究所
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The current knowledge-based Fuzzing technology can only implement one-dimensional mutation operation, that is, it can only implement mutation operation on a single input element at a time, that is, it can only implement mutation operation on a single input element at a time and then generate test cases, because if multi-dimensional Mutation operation will bring about the problem of combinatorial explosion; however, there are indeed software vulnerabilities in real software that require multi-dimensional mutation to be triggered
Therefore, the current knowledge-based Fuzzing technology has software vulnerabilities that cannot be analyzed by multi-dimensional mutation technology.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software vulnerability analysis method of variant multi-dimensional input based on Fuzzing technology
  • Software vulnerability analysis method of variant multi-dimensional input based on Fuzzing technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The present invention will be described in detail below in conjunction with the accompanying drawings and embodiments.

[0023] The software vulnerability analysis method based on fuzzing technology with variable multi-dimensional input is realized through the following main modules: scheduling engine, XFuzzing tool module, program analyzer module (Program Analyzer), data mapping module (Data Mapper) and GAMutator operator. The overall frame diagram of the software vulnerability analysis method based on fuzzing technology and variable multi-dimensional input is as follows figure 1 As shown, the program analysis module, data mapping module, GAMutator, and program monitoring module all communicate through the database, and there is a one-to-many relationship between the engine and the agent, so that the Fuzzing test can be performed on the target program concurrently, thereby improving the accuracy of the Fuzzing test. efficiency.

[0024] The scheduling engine is respon...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a software vulnerability analysis method of variant multi-dimensional input based on a Fuzzing technology, which belongs to the field of software testing. The method comprises the following steps of: firstly determining the position of an unsafe function, then establishing the influence relation between an input element and the unsafe function, and finally varying the software vulnerability in the triggering program of the corresponding input element. The invention can be used for analyzing the software vulnerability unanalyzed by the current Fuzzing technology withoutcausing combinatorial explosion.

Description

technical field [0001] The invention relates to a method for analyzing software vulnerability, in particular to a method for analyzing software vulnerability based on fuzzing technology and variable multi-dimensional input. Background technique [0002] Fuzzing technology from 1989 to early 2002 is essentially a random testing technology. Most of the test data is deformed data generated randomly. It is difficult for random testing technology to deeply test software, and there is no high code coverage, so many software vulnerabilities will be missed. . In order to improve the ability of software vulnerability analysis, Fuzzing test presents two different development directions: Fuzzing technology based on knowledge and Fuzzing technology based on software testing technology. In 2002, it was proposed for the first time to incorporate file format knowledge and protocol knowledge into the construction of fuzzing technology test cases, which greatly improved the effectiveness of...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
Inventor 郭世泽孙乐昌肖奇学吴志勇牛伟戴卫国陈衍玲陈果于璐王啸天沈玮甄涛
Owner 中国人民解放军总参谋部第五十四研究所
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com