Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A loophole mining method and device

A vulnerability mining and algorithm technology, applied in the computer field, can solve the problem of low efficiency of vulnerability mining fuzz testing, and achieve the effect of efficient automatic fuzz testing, saving time consumption, and reducing blindness.

Pending Publication Date: 2018-12-18
TENCENT TECH (SHENZHEN) CO LTD
View PDF4 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Embodiments of the present invention provide a vulnerability mining method and device to solve the problem of low efficiency of fuzz testing for vulnerability mining in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A loophole mining method and device
  • A loophole mining method and device
  • A loophole mining method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The following will clearly and completely describe the technical solutions in the embodiments of the present invention in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0039] In order to facilitate the understanding of the embodiments of the present invention, several concepts are briefly introduced below:

[0040] Dynamic Binary Instrumentation (DBI): It is a technology that implements dynamic analysis of binary programs by injecting probe codes. These instrumentation codes will be executed as normal instructions. Common frameworks include PIN, Valgrind, Dynamo RIO et al.

[0041] DynamoRIO: It is a program...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the computer technical field, in particular to a loophole mining method and device. When running an object program, the object function determined in the object program is staked and the determined test sample is mutated. The mutated test sample is input to the objective function, if an exception occurs when the objective function processes the mutated test sample, the mutated test samples are stored and a vulnerability report is generated; if no exception occurs when the objective function processes the mutated test sample, the code path which is executed by the target function when the mutated test sample is recorded as input, is recorded, so that based on the code path, the mutated test sample is mutated again; when the test sample after mutation is used as input again, the objective function executes different code paths, so that the stake insertion is more pertinent, the loop test in memory is realized, the time is saved, and the mutation strategy can be continuously adjusted, more code paths are covered, the blindness is reduced, and the vulnerability mining efficiency is improved.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular to a method and device for mining vulnerabilities. Background technique [0002] At present, due to the emphasis on security issues, security testing is usually carried out before software is released, and through vulnerability mining, vulnerabilities can be found as early as possible and repaired. Vulnerability mining usually uses fuzz testing, which is a method to discover software vulnerabilities by providing unexpected inputs to the target system and monitoring abnormal results. [0003] In the prior art, the fuzzing test based on the file format in the fuzzing test method usually fills the file with random values, but this method is relatively blind and lacks pertinence to the variation of the test sample, and may be in the same code path If it is executed multiple times, the code coverage rate is low, the efficiency of fuzz testing is relatively low, and it is also ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
CPCG06F11/3612G06F11/3684G06F11/3688
Inventor 蒋洪伟
Owner TENCENT TECH (SHENZHEN) CO LTD
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com