Software Security Vulnerability Detection Method and System Based on Deep Learning Gradient Guided Mutation

A vulnerability detection and software security technology, applied in neural learning methods, software testing/debugging, error detection/correction, etc., can solve problems such as mutation
CN112069061BActive Publication Date: 2021-08-20CHECC DATA CO LTD +1
4 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHECC DATA CO LTD
Publication Date
2021-08-20

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a method and system for detecting software security loopholes guided by deep learning gradient variation. The method includes: obtaining test cases and performing preprocessing to obtain the size of the largest test case and the execution of each test case in the program under test. Path; establish a deep neural network model; wherein, the input dimension of the input layer is the size of the largest test case, and the number of output neurons in the output layer is the total number of execution paths; the test case is vectorized, and then the deep neural network is trained using the test case Model; Gradient calculation based on the trained deep neural network model to generate gradient information; Based on the gradient information, test cases are mutated and fuzzy tested to generate test results. The invention adopts the gradient-guided mutation technology, combined with deep learning to assist in the generation of gradient information, and can effectively solve the bottleneck problem in the mining of software security loopholes.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of software security loophole detection, in particular to a software security loophole detection method and system for mutation guided by deep learning gradients. Background technique

[0002] Fuzzing has become a de facto standard technique for finding software vulnerabilities. However, even current state-of-the-art fuzzers are not very effective at finding hard-to-trigger software bugs. Currently, the existing methods are as follows:

[0003] In 2020, Li Minglei of the National University of Defense Technology, through static analysis of the program under test, constructs the function call graph and control flow chart of the program under test, calculates the basic block distances and inserts them into the program under test. During fuzz testing, track and calculate the distance from each test case to the specified target through instrumentation. Based on this distance, the fuzzer computes the seed ener...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More