Method for generating test cases for fuzz tool aiming at com component derivative function parameter space and binary data

A technology for generating test cases and exporting functions, applied in the field of network security, can solve problems such as low accuracy, low effective coverage, and low test case efficiency, and achieve the effect of improving efficiency and accuracy and reducing false positive rate.

Inactive Publication Date: 2012-08-01
BEIHANG UNIV
View PDF2 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The technical problem to be solved by the present invention is: solving the characteristics of low efficiency and low accuracy of generating test cases in the existing fuzz for com components

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for generating test cases for fuzz tool aiming at com component derivative function parameter space and binary data
  • Method for generating test cases for fuzz tool aiming at com component derivative function parameter space and binary data
  • Method for generating test cases for fuzz tool aiming at com component derivative function parameter space and binary data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] Below the present invention is further described as follows:

[0036] Vulnerabilities announced in recent years show that although there are many types of com component vulnerabilities, the main form is to use the part that is not rigorous and non-standard when writing the program to input abnormal data, so that the EIP reads into the illegal address, so as to obtain the control of the program .

[0037] The traditional fuzz technology for com components analyzes the parameter data type of each exported function, and conducts equidistant test case coverage such as shaping for the testable data class. If the set interval is 1000, the generated test case is 0. 1000, 2000, 3000, 4000..., 32-bit machine plastic needs 4294968 sets of data, this kind of generation method not only cannot cover the situation where the length of abnormal data is greater than the length of the original data type, which causes illegal coverage of the next item in the running stack, but also 1000 ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for generating test cases for a fuzz tool aiming at com component derivative function parameter space and binary data. The method mainly comprises the following steps: 1, extracting com components; 2, analyzing the com components; 3, constructing the test cases; 4, tracking exception of the test cases; and 5, recording test results. Different from a method in the traditional fuzz technology that a great amount of equidistant test cases is constructed by mainly aiming at type characteristics of data, the method provided by the invention aims at the size of a space occupied by each type of data and the characteristics of binary data, and improves the effective coverage of the test cases while decreasing the number of the test cases, so as to improve the efficiency and the accuracy rate in black-box testing of the com components; and an exception tracking program is improved and the false alarm rate is reduced according to a new method for generating cases, and the testing necessity of the com components is analyzed, so that fuzz aiming at the com components can be more efficient and easier to use.

Description

technical field [0001] The present invention is applicable to the field of network security, and its function is to discover and test the loopholes of COM components. Its core is a new method for generating test cases for black-box testing of COM components, and specifically relates to a method for exporting function parameter spaces and methods for COM components. Test case generation method for binary data fuzz tool. Background technique [0002] The network security problem has always been one of the most important computer problems nowadays, and the security problem of the axtiveX control is one of the most important network security problems. Websites such as online banking and online shopping all use axtiveX controls in large quantities. Com technology is the foundation of axtiveX technology. Once there is a loophole in the com component, it will pose a huge threat to network security. To avoid these hidden dangers, on the one hand, it is necessary to avoid leaving lo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36
Inventor 贾春鹏张炯
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap