Vulnerability detection method based on deep reinforcement learning and program path instrumentation

A technology of reinforcement learning and vulnerability detection, applied in the field of information security, it can solve the problem of attackers accessing and modifying computers without permission, and achieves obvious effects, high orientation and efficiency.

Active Publication Date: 2019-07-12
SHANGHAI JIAO TONG UNIV +1
View PDF6 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] A vulnerability is a defect in the specific implementation of hardware, software, protocol, or system security policy that allows an attacker to access and modify the computer without permission.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection method based on deep reinforcement learning and program path instrumentation
  • Vulnerability detection method based on deep reinforcement learning and program path instrumentation
  • Vulnerability detection method based on deep reinforcement learning and program path instrumentation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The vulnerability code targeted by this embodiment can be a cross-platform language, and the main applicable language is C / C++. Such as figure 1 As shown, it is a vulnerability detection system based on deep reinforcement learning (DQN) and program path instrumentation involved in this embodiment, including: a preprocessing module, a mutation module, a reward module and a training module, wherein: the preprocessing module is based on fuzzy The test seeds generate a set of features, and the features are mutated through the neural network to obtain mutation actions. The mutation module generates new seeds according to the action mutation seeds. The reward module combines the control flow graph of the program to be tested, the program execution path and the target node to calculate the reward value. The training module trains the Deep Q-Learning (DQN) model according to the reward value fed back by the reward module.

[0030] The vulnerability code base is the buffer over...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a vulnerability detection method combining deep reinforcement learning and a program path instrumentation technology. The method includes: obtaining a path corresponding to input from a control flow diagram of a to-be-tested program in an instrumentation mode; calculating and obtaining a reward value according to the path and a target node in the control flow graph, using the reward value to train a neural network of deep reinforcement learning so as to select a variation action; and performing variation on the input of the to-be-tested program according to the variation action to obtain an updated input and an updated path thereof, calculating an updated reward value, training the neural network again and performing input variation processing, and performing circulating until the to-be-tested program is collapsed to obtain a corresponding input vulnerability. According to the method, the accuracy is higher, the input corresponding to the path where the vulnerability is located can be obtained more efficiently, and compared with a traditional fuzzy test, the method is higher in detection speed and has a certain code coverage amount.

Description

technical field [0001] The present invention relates to a technology in the field of information security, in particular to a vulnerability detection method based on deep reinforcement learning (DQN) and program path instrumentation. Background technique [0002] Vulnerabilities are flaws in hardware, software, protocol implementation or system security policies that allow attackers to access and modify computers without permission. Existing vulnerability analysis technologies mainly include manual detection, Fuzz technology, patch comparison, static analysis and dynamic analysis. Contents of the invention [0003] Aiming at the limitations and deficiencies of the existing vulnerability analysis technology, the present invention proposes a vulnerability detection method based on deep reinforcement learning and program path instrumentation, uses the natural language processing (NLP) method to use the vector extracted from the sample as a feature, and uses the program to exe...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06N3/04G06N3/08H04L29/06
CPCG06F21/577G06N3/049G06N3/08H04L63/1433
Inventor 易平江智昊肖天毛伟俊黄浩铭杨涛
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products