Method, device and system for fuzzing test

A technology of fuzz testing and test cases, which is applied in the field of software security testing, can solve problems such as failure to find faults, a large number of test cases, fuzz testing can not be guided by available information, etc., and achieve the effect of improving effectiveness

Active Publication Date: 2013-06-05
SIEMENS AG
View PDF6 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At this point, mutation-based fuzzing cannot discover all possible failure scenarios since it cannot be guided by available information such as file formats or protocols
Although the generation-based construction method is based on the file format or protocol to generate test cases, its randomization of the input often makes the number of test cases too large, and it is easy to generate some similar or equivalent test cases, making it difficult to be fast and efficient lead to errors in the target under test

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for fuzzing test
  • Method, device and system for fuzzing test
  • Method, device and system for fuzzing test

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] Considering the defects of the existing mutation-based and generation-based fuzzing methods, a fuzzing method with a feedback mechanism is proposed in an embodiment of the present invention. The so-called feedback mechanism means that in the process of fuzz testing, subsequent test cases are selectively obtained after analyzing the test effect of previous test cases. Due to the introduction of the above-mentioned feedback mechanism, more test cases that are more likely to cause the failure of the target to be tested can be selected in the process of generating subsequent test cases. The advantage of this is that the effectiveness and pertinence of test cases can be improved, so that the fuzzing process is more efficient.

[0024] figure 1 The fuzz testing method according to one embodiment of the present invention is exemplarily shown. exist figure 1 In the example shown, the target to be tested is, for example, a protocol implementation body, which can be specifical...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and a device for a fuzzing test. The method comprises the following steps: inputting multiple test cases to a to-be-tested object; obtaining a response message which is relevant to the to-be-tested object for each test case; classifying the multiple test cases according to the obtained response message; analyzing common characteristics of one or multiple test cases in each classification; and generating one or multiple new test cases on the basis of the common characteristics, wherein one or multiple new test cases include the common characteristics. According to the method and the device for the fuzzing test, test cases which are enough to cause a failure can be effectively generated. In addition, preferably, by means of the method for the fuzzing test, informing of a file layout or a file protocol is not required.

Description

technical field [0001] The invention relates to the field of software safety testing, in particular to a fuzzing testing method, device and system. Background technique [0002] Fuzz testing is a widely used software testing technique to discover hidden dangers in software. In short, fuzz testing is to send a large number of invalid or wrong inputs to the target to be tested (for example, the server on which the relevant software is running), causing the target to be tested to run in an unexpected way, thereby discovering the fault. For example, fuzz testing can cause memory conflicts, program crashes, or resource exhaustion of the target under test by sending invalid input to the target under test. These conditions are likely to lead to a Denial of Service (DoS: Denial of Service) situation on the target under test, or even provide the possibility for an attacker to run arbitrary code in the target's environment. Therefore, fuzz testing has become an important means of so...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
Inventor 隋爱芬唐文郭代飞
Owner SIEMENS AG
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap