Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Fuzz testing method based on static detection

A technology of fuzzing and static detection, applied in the field of network security, can solve the problems of high false positive rate, spending a lot of time, and long fuzzing test time, so as to eliminate false positives and improve efficiency.

Inactive Publication Date: 2015-04-29
706 INST SECOND RES INST OF CHINAAEROSPACE SCI & IND
View PDF2 Cites 45 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Static detection results based on pure source code have the disadvantage of high false positive rate, and can only detect vulnerabilities of known vulnerability models. After the detection is completed, experienced personnel need to spend a lot of time analyzing the detection results
[0005] Fuzz testing needs to use random or artificial methods to construct test cases (a specific series of operation behaviors and input values ​​​​for testing). When an exception occurs, testers need to analyze the data packets that caused the exception to find software vulnerabilities. The test exists that the test time is too long, the test is not targeted, and the test efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fuzz testing method based on static detection
  • Fuzz testing method based on static detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0018] A fuzz testing method based on static detection, process figure 2 shown, including the following steps:

[0019] Step 1, source code analysis.

[0020] Step 1.1, modeling the source code of the target software.

[0021] For non-script software systems, first use the corresponding compiler to convert the source code into an abstract syntax tree, and then model the software on the basis of the abstract syntax tree; for script software systems, such as: PHP software, etc., directly Perform software modeling.

[0022] Step 1.2, perform static security analysis on the source code.

[0023] According to the software code security rule set, use the data flow analysis engine, semantic analysis engine, program structure analysis engine, control flow analysis engine and configuration analysis engine to conduct security analysis on the softwar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of network security, and relates to a fuzz testing method based on static detection. The method comprises source code static analysis and executable code fuzz testing. According to the method, firstly, target software is subjected to static analysis through source code static analysis related software, and fuzz testing is carried out to obtain a static analysis result, then, code segments considered to have problems through the static analysis are subjected to pile inserting marking, and finally, testing cases are subjected to variation on the basis of the pile inserting marking, so that the testing cases can cover all code segments with problems. The fuzz testing method has the advantages that the advantages of the static detection and the fuzz testing are combined, the static detection is verified through the fuzz testing, and the false alarm condition of the static detection is excluded; on the other hand, the fuzz testing is guided by the static detection result, so that random testing cases used by the fuzz testing have a higher pertinence, and the fuzz testing efficiency is improved. The defects of high false alarm rate, low detection efficiency and the like of the traditional method adopting the random testing cases for testing are overcome.

Description

technical field [0001] The invention belongs to the technical field of network security, and relates to a method for analyzing and testing software security, in particular to a fuzzy testing method based on static detection, which combines the advantages of static detection and fuzzy testing to analyze the security of software. Background technique [0002] With the rapid development of information technology, a large number of software appear in the industrial, commercial, military and people's daily lives. Software security has become a major issue affecting the national economy and people's livelihood. It is a huge security risk, opening the door for malicious intrusion by attackers, and becoming the entrance and way for malicious codes such as Trojan horses and viruses to spread wantonly. With the development of attack methods, software security issues have become increasingly prominent. In order to discover the security problems of software as early as possible, softwa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
CPCG06F21/577G06F21/562
Inventor 常承伟吴明杰王泽玉温泉施学成王斌陈志浩
Owner 706 INST SECOND RES INST OF CHINAAEROSPACE SCI & IND
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com