A program path sensitive grey box testing method and device

Abstract

The invention belongs to the technical field of software testing. The invention particularly relates to a program path sensitive grey box testing method and device. The method comprises the steps thatin the offline training stage, vulnerability mode learning is conducted on a sample data set through a deep neural network, a classifier of a program execution path is obtained, and a sample data setpackage comprises vulnerability program path sample data and vulnerability-free program path sample data; and in an online test stage, the classifier is integrated into a fuzzy test tool to guide a seed file to perform a selection test, seed input triggering a vulnerability path is preferentially selected to perform the test, endowing the test with a plurality of variation energies to execute corresponding variation times, and performing cyclic execution until interruption. The method fills up the blank of vulnerability path sample influence analysis, does not depend on a complex dynamic analysis technology, does not bring about a large overhead problem, can be effectively combined with other grey box test technologies, improves vulnerability discovery efficiency, can be directly suitablefor a binary program, does not depend on a source code, and is high in applicability.

Description

technical field [0001] The invention belongs to the technical field of software testing, and in particular relates to a program path-sensitive gray box testing method and device. Background technique [0002] Fuzzing is an automated software testing technology, a testing method that provides maliciously constructed data as input to the test program and monitors whether the program is abnormal. Because of its simplicity and high efficiency, it has been applied to software development and testing by major software manufacturers to ensure the quality of their key products and a large number of security holes have been found. Coverage-based gray-box testing has become one of the most popular and effective fuzzing techniques due to its fast and expansive advantages. It uses the idea of ​​genetic algorithm to track the path coverage information of the program during the testing process. If the seed input triggers a new path branch, it will be added to the seed queue to participat...

AI Technical Summary

Problems solved by technology

However, these methods generally focus on the coverage of the program, and do not pay attention to the distribution of bug codes, that is, they care about covering as many paths as possible, rather than which paths are more likely to have vulnerabilities

In fact, studies have shown that 80% of the bugs in the program are located in 20% of the code. This method of treating all inputs equally and sequentially selecting inputs from the seed queue for mutation does not take into account the triggering of different seed inputs. The probability of loopholes in the path is different, resulting in a waste of a lot of resources to test some meaningless paths and insufficient testing of vulnerable paths or codes, thereby reducing the efficiency of vulnerability discovery

Images