Supercharge Your Innovation With Domain-Expert AI Agents!

Fuzzy testing method and device for automatically mining vulnerabilities

A technology of fuzz testing and vulnerability, which is applied in the field of application security and can solve the problems of low automation of fuzz testing and inability to fuzz the same target file.

Pending Publication Date: 2022-01-04
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As a result, the degree of automation of this type of fuzzing test is too low, and it is not possible to perform fuzzing tests on the same target file for a long time.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fuzzy testing method and device for automatically mining vulnerabilities
  • Fuzzy testing method and device for automatically mining vulnerabilities
  • Fuzzy testing method and device for automatically mining vulnerabilities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] Please see figure 1 , figure 1 The embodiment of the present application provides a schematic flowchart of a fuzzing method for automatic vulnerability mining. Among them, the fuzzing method for automatic vulnerability mining includes:

[0051] S101. Obtain an original object and version update information of the original object.

[0052] In this embodiment, the original object can be any program with file and protocol analysis, including open-source and closed-source programs.

[0053] S102. The original object is updated according to the version update information to obtain the test object.

[0054] In this embodiment, the method can monitor the software release information of the original object. If a new version of the software is released, the original object is updated to the latest version to obtain the above-mentioned test object.

[0055] S103. Perform information analysis on the test object to obtain an information analysis result.

[0056] In this embod...

Embodiment 2

[0066] Please see figure 2 , figure 2 It is a schematic flow chart of a fuzzing method for automatically mining vulnerabilities provided by the embodiment of the present application. Such as figure 2 As shown, among them, the fuzzing method for automatic mining of vulnerabilities includes:

[0067] S201. Obtain an original object and version update information of the original object.

[0068] In this embodiment, the method may periodically scan the publishing website of the test object. If it is found that there is a new version of the test object, it will automatically download the latest version and iterate the current test version. If it finds that the test object has new vulnerabilities or defect submission information, it will automatically download the corresponding abnormal sample and add it to the test sample set.

[0069] In this embodiment, the method can also implement manual monitoring as a supplement to automatic monitoring. Once a new situation that canno...

Embodiment 3

[0109] Please see image 3 , image 3 It is a schematic structural diagram of a fuzz testing device for automatic vulnerability mining provided by the embodiment of the present application. Such as image 3 As shown, the fuzz testing device for automatic vulnerability mining includes:

[0110] An acquisition unit 310, configured to acquire the original object and version update information of the original object;

[0111] An update unit 320, configured to update the original object according to the version update information to obtain the test object;

[0112]An analysis unit 330, configured to perform information analysis on the test object to obtain an information analysis result;

[0113] A construction unit 340, configured to construct a test sample set according to information analysis results;

[0114] The testing unit 350 is configured to use the test sample set to perform a fuzz test on the test object to obtain a fuzz test result.

[0115] In the embodiment of t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a fuzz testing method and device for automatically mining vulnerabilities, and relates to the field of application security, the fuzz testing method for automatically mining vulnerabilities comprises the following steps of: acquiring an original object and version updating information of the original object; updating the original object according to the version updating information to obtain a test object; performing information analysis on the test object to obtain an information analysis result; constructing a test sample set according to an information analysis result; and performing fuzzy testing on the test object by using the test sample set to obtain a fuzzy testing result. Therefore, by implementing the implementation mode, the automation degree of the fuzzy test can be improved, so that the long-term fuzzy test on the same target file is realized, and the persistence degree of the test is further improved.

Description

technical field [0001] The present application relates to the field of application security, in particular, to a fuzzing method and device for automatic vulnerability mining. Background technique [0002] At present, more and more system software has been developed, which is convenient for users to use directly. However, during the development of these system software, there is usually a process of fuzz testing. Specifically, fuzz testing is a method to discover software vulnerabilities by providing unexpected inputs to the target system and monitoring abnormal results. It can be seen that the use of fuzz testing can improve the stability of system software to a certain extent. [0003] However, in practice, it is found that in the process of fuzz testing, technicians usually determine the file format of the target file, input the file format to collect the test file, and then use the test file to test the target file. It can be seen that this process is inseparable from ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/36
CPCG06F11/3684G06F11/3688G06F11/3692
Inventor 姜辉汤国祥
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com