Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

A sample format protection method and device for gray-box fuzz testing

A technology of fuzz testing and formatting, which is applied in computer security devices, software testing/debugging, error detection/correction, etc., and can solve problems such as low efficiency of fuzz testing

Active Publication Date: 2021-03-19
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of this, the embodiment of the present invention discloses a sample format protection method and device for gray-box fuzz testing, which ensures that the format of the corpus in the corpus is correct, and prevents the erroneous test corpus from being recycled, resulting in The problem of low test efficiency in fuzz testing

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A sample format protection method and device for gray-box fuzz testing
  • A sample format protection method and device for gray-box fuzz testing
  • A sample format protection method and device for gray-box fuzz testing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] refer to figure 1 , which shows a schematic flow chart of a sample format protection method for gray box fuzz testing provided by an embodiment of the present invention. In this embodiment, the method includes:

[0061] S101: Obtain test corpus from the corpus;

[0062] In this embodiment, the corpus contains a plurality of corpora. When fuzz testing needs to be performed, it is necessary to select the test samples required for fuzz testing from the corpus. In order to improve the efficiency of fuzz testing, it is possible to ensure that the selected test samples are in the correct format The test corpus, and the test corpus can cover all the EDGE of the preset program. The specific selection method will be introduced in detail below, and will not be repeated here.

[0063] It should be noted that the program is randomly inserted into blocks, the program is divided into blocks of different sizes, and the jump of the program between blocks is called EDGE.

[0064] S102...

Embodiment 2

[0117] refer to figure 2 , which shows a flow chart of a process for obtaining test corpus from a corpus provided by an embodiment of the present invention. In this embodiment, the method includes:

[0118] S201: Create a temporary work set;

[0119] In this embodiment, after the steps S201-S206 are executed, the test corpus stored in the temporary working set completely covers all EDGE of the program. After creating a temporary working set, the initial temporary working set is an empty set.

[0120] S202: Randomly select a target EDGE from the EDGEs of the program, where the target EDGE is the EDGE of the program not covered by the test corpus in the temporary working set;

[0121] In this embodiment, in order to ensure that the corpus stored in the temporary working set can completely cover all EDGEs of the program, the target EDGE selected each time is the EDGE not covered by the test corpus in the temporary working set.

[0122] S203: Select the corpus with the least c...

Embodiment 3

[0130] refer to image 3 , which shows a schematic flowchart of a method for mutating the test corpus provided by an embodiment of the present invention. In this embodiment, the method includes:

[0131] S301: Read the variation position of the test corpus;

[0132] S302: Determine whether the mutated position is included in the preset position set;

[0133] S303: If the preset position set includes the mutated position, prevent the current mutated position from being mutated.

[0134] In this embodiment, in the process of mutating the corpus, the corresponding position of the initial corpus will be mutated according to the variation method. If the test corpus obtained after a certain position is mutated is a wrongly formatted corpus, it means that the position is not correct. Mutation should be carried out. In order to ensure the correctness of the mutation process, that is, to ensure the correctness of the format of the test corpus obtained after the mutation, when it is d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a sample format protection method and device for a gray box fuzzy test. The sample format protection method comprises the steps of training a machine learning model to enable the model to recognize the correctness of the format of a testing corpus; when the fuzzy test is conducted on a program, obtaining an initial corpus from a corpus set and mutating the initial corpus toobtain the testing corpus; using the testing corpus to conduct the fuzzy test on the program, and in the process of the fuzzy test, determining whether the format of the testing corpus is correct ornot through the model. When the format of the testing corpus is correct and the testing corpus covers a program code uncovered by an existing testing corpus, the testing corpus is added into the corpus set, and the process is repeated. In this way, the corpuses, with the correct format, determined in each fuzzy test is added into the corpus set, the correctness of the formats of the corpuses in the corpus set is guaranteed to the greatest extent, and the efficiency of the fuzzy test is improved. Moreover, through a position set, the mutation of the initial corpus is guided, an invalid mutationoperation is avoided, and the testing efficiency is further improved.

Description

technical field [0001] The invention relates to the field of software testing, in particular to a sample format protection method and device for gray box fuzz testing. Background technique [0002] Gray box fuzzing is considered to be the most advanced technique in the field of vulnerability mining. Gray-box fuzz testing aims to improve the code coverage rate. It records the program execution path through lightweight instrumentation, uses genetic algorithms to guide the generation of test cases in fuzz testing, and mutates the initial corpus in a guided manner to make the program fast. Reaching certain hard-to-cover code paths. Compared with other fuzzing methods, gray-box fuzzing has higher efficiency and better practicability. AFL, a representative tool of gray-box fuzz testing, has discovered hundreds of high-value vulnerabilities through fuzz testing technology. [0003] However, because the gray box fuzzing test does not need to provide format information, the test c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57G06F11/36
CPCG06F11/3676G06F21/577G06F2221/033
Inventor 朱俊虎赵世斌周天阳林宏阳李睿彭建山许航
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com