Software security vulnerability detection method and system for deep learning gradient guidance variation

A technology for software security and vulnerability detection, which is applied in neural learning methods, software testing/debugging, computer security devices, etc., can solve problems such as mutation, and achieve the effects of fine segmentation granularity, improved discovery efficiency, and high vulnerability efficiency

Active Publication Date: 2020-12-11
CHECC DATA CO LTD +1
View PDF9 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The present invention provides a method and system for detecting software security vulnerabilities guided by deep learning gradients to solve the bottleneck problem in the existing software security vulnerability mining technology

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software security vulnerability detection method and system for deep learning gradient guidance variation
  • Software security vulnerability detection method and system for deep learning gradient guidance variation
  • Software security vulnerability detection method and system for deep learning gradient guidance variation

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0063] see Figure 1 to Figure 3 , this embodiment provides a method for detecting software security vulnerabilities using deep learning gradient-guided mutation, the method may be implemented by an electronic device, and the electronic device may be a terminal or a server. This method is a mutation-based grey-box fuzzing method, which uses program smoothing technology to calculate gradient information, and program smoothing uses deep neural network to achieve; where, program smoothing technology refers to a given program input, and the output of the program is continuous . The input of this method is the vectorized seed file, and the output is the branch information of all seeds, indicating the probability of the seed passing through each branch. The execution process includes the following steps:

[0064] S101, acquire test cases, and preprocess the acquired test cases, obtain the size of the largest test case in the test cases and the execution path of each test case in th...

no. 2 example

[0101] This embodiment provides a software security vulnerability detection system with deep learning gradient guidance mutation, the software security vulnerability detection system includes a server and a client: wherein,

[0102] Described server is used for obtaining test case, and the test case that obtains is preprocessed, obtains the size of maximum test case in test case and the execution path of each test case in the program under test; Establishes deep neural network model, described The deep neural network model comprises an input layer, an output layer and a plurality of hidden layers between the input layer and the output layer; wherein, the input dimension of the input layer is the size of the maximum test case, and the output layer's The number of output neurons is the total number of the execution path; the test case is vectorized, and the test case is used to train the deep neural network model after vectorization; gradient calculation is performed based on the...

no. 3 example

[0106] This embodiment provides an electronic device, which includes a processor and a memory; at least one instruction is stored in the memory, and the instruction is loaded and executed by the processor, so as to implement the method of the first embodiment.

[0107] The electronic device may have relatively large differences due to different configurations or performances, and may include one or more processors (central processing units, CPU) and one or more memories, wherein at least one instruction is stored in the memory, so The above instructions are loaded by the processor and perform the following steps:

[0108] S101, acquire test cases, and preprocess the acquired test cases, obtain the size of the largest test case in the test cases and the execution path of each test case in the program under test;

[0109] S102, establish a deep neural network model, the deep neural network model includes an input layer, an output layer and a plurality of hidden layers between th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a software security vulnerability detection method and system for deep learning gradient guidance variation, and the method comprises the steps: obtaining test cases, carryingout the preprocessing, and obtaining the size of a maximum test case and an execution path of each test case in a tested program; establishing a deep neural network model, wherein the input dimensionof the input layer is the size of the maximum test case, and the number of output neurons of the output layer is the total number of execution paths; vectorizing the test cases, and training a deep neural network model by using the test cases; performing gradient calculation based on the trained deep neural network model to generate gradient information; and performing variation and fuzzy test onthe test case based on the gradient information to generate a test result. According to the method, a gradient guidance variation technology is adopted, gradient information is generated in combination with deep learning assistance, and the bottleneck problem in software security vulnerability mining can be effectively solved.

Description

technical field [0001] The invention relates to the technical field of software security loophole detection, in particular to a software security loophole detection method and system for mutation guided by deep learning gradients. Background technique [0002] Fuzzing has become a de facto standard technique for finding software vulnerabilities. However, even current state-of-the-art fuzzers are not very effective at finding hard-to-trigger software bugs. Currently, the existing methods are as follows: [0003] In 2020, Li Minglei of the National University of Defense Technology, through static analysis of the program under test, constructs the function call graph and control flow chart of the program under test, calculates the basic block distances and inserts them into the program under test. During fuzz testing, track and calculate the distance from each test case to the specified target through instrumentation. Based on this distance, the fuzzer computes the seed ener...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F21/57G06N3/08G06N3/04
CPCG06F11/3684G06F21/577G06N3/08G06N3/045
Inventor 陈红松杜彦瑶
Owner CHECC DATA CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap