Intelligent fuzzy testing method and system based on vulnerability learning

A fuzzing and vulnerability technology, which is applied in the field of intelligent fuzzing testing methods and systems based on vulnerability learning, can solve the problems that fuzzing tools are difficult to achieve coverage, and achieve the effect of efficient mining.

Active Publication Date: 2018-10-12
ZHEJIANG UNIV
View PDF4 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Current fuzz testing tools are mainly coverage-oriented, hoping to test all parts of the program as much as possible. This method treats all parts of the program as equal, and it is difficult for current fuzz testing tools to achieve high coverage , so fuzz testing tools need to pay more attention to the parts that are more likely to have vulnerabilities, so as to improve the efficiency of fuzz testing for mining vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intelligent fuzzy testing method and system based on vulnerability learning
  • Intelligent fuzzy testing method and system based on vulnerability learning
  • Intelligent fuzzy testing method and system based on vulnerability learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be noted that the following embodiments are intended to facilitate the understanding of the present invention, but do not limit it in any way.

[0057] Such as figure 1 As shown, the intelligent fuzz testing system based on vulnerability learning of the present invention includes a data preprocessing module, a neural network-based vulnerability prediction module and a vulnerability-oriented fuzz testing module, and the core lies in the vulnerability prediction module and the fuzz testing module.

[0058] The vulnerability prediction module in the present invention mainly focuses on binary programs, because the source code of the tested program cannot be obtained in many cases. Due to differences in source code implementation methods, compilation environments, optimization options, and other factors, codes similar to unsafe operations hav...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intelligent fuzzy testing method and system based on vulnerability learning. The intelligent fuzzy testing system comprises a data preprocessing module, a bug prediction module and a bug-oriented fuzzy testing module, wherein the data preprocessing module is used for performing reverse analysis on a to-be-tested binary program to obtain a control flow chart of the to-be-tested binary program and performing feature extraction on each basic block in the control flow chart to obtain a feature vector of each basic block; the bug prediction module is used for predicting the probability of bugs exiting in each function in the program according to the control flow chart of the to-be-tested binary program; and the bug-oriented fuzzy testing module is used for testing theto-be-tested binary program and calculating input fitness scores by combining a certain input execution path, the probability of bugs existing in a function in the execution path and an execution result; input of a high-fitness score is used as a seed to perform heritable variation to generate next-generation input, and the to-be-tested binary program is tested cyclically till testing is over. Through the intelligent fuzzy testing system, the bugs in the binary program can be mined more efficiently.

Description

technical field [0001] The invention relates to the application field of fuzz testing, in particular to an intelligent fuzz testing method and system based on vulnerability learning. Background technique [0002] Fuzz testing is a software testing technique that detects whether there are loopholes in the program by inputting a large number of unexpected inputs into the program under test and monitoring whether there are exceptions during program execution, such as crashes, assertions, etc. Compared with other vulnerability mining methods, fuzz testing has the characteristics of simplicity, low false positive rate, and good scalability, and is widely used in the actual field of vulnerability mining. According to the known information of the application under test, fuzz testing tools can be divided into white box, black box and gray box fuzz testing. White-box fuzzing is mainly for applications with known source code; black-box fuzzing is mainly for binary applications; gray-...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F11/36G06N3/04G06N3/08
CPCG06F11/3684G06F11/3688G06F21/577G06N3/08G06F2221/033G06N3/043G06N3/045
Inventor 纪守领李宇薇陈建海吕晨阳
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap