Seed optimization method based on vulnerability prediction model

A predictive model and optimization method technology, applied in the field of network security, to achieve the effect of improving effectiveness and easy to find vulnerabilities

Inactive Publication Date: 2022-03-01
NO 15 INST OF CHINA ELECTRONICS TECH GRP +2
View PDF3 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the problem of a large number of invalid use cases designed in the existing fuzzing testing methods in the field of vulnerability mining, resulting in a large number of redundant calculations, the present invention discloses a fuzzer improvement scheme oriented by the vulnerability prediction results, and the supporting basis The vulnerability prediction results filter the seeds in the seed pool, guide the direction of fuzz test case generation through seed optimization, improve the effectiveness of test cases, and reduce redundant calculation and resource consumption of fuzz tests

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Seed optimization method based on vulnerability prediction model
  • Seed optimization method based on vulnerability prediction model
  • Seed optimization method based on vulnerability prediction model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] In order to better understand the contents of the present invention, an example is given here. figure 1 It is the implementation flowchart of the method of the present invention; figure 2 It is an example diagram of fitness calculation in the present invention.

[0020] The present invention is aimed at the shortcomings of a large number of redundant calculations in Libfuzzer and AFL, and proposes a set of fuzzing technology solutions based on the vulnerability prediction model. It is a tool to test the vulnerability probability of functions in the target code, guide the direction of fuzz test seed optimization based on the vulnerability probability, and design more test cases for functions with higher vulnerability probability to trigger more vulnerabilities.

[0021] Fuzz testing is a cyclic process. For the part of test case generation, the fuzz testing tool will maintain a seed input pool to save the input that is more likely to cause a crash.

[0022] The invent...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a seed optimization method based on a vulnerability prediction model, and the method comprises the steps: building the vulnerability prediction model, enabling the vulnerability prediction model to be used for predicting the vulnerability of a function in a target program, achieving the seed optimization through the screening of seeds, and tracking the execution information of the target program through a dynamic binary detection method, and calculating a static vulnerability score SVS according to the vulnerability probability obtained by the vulnerability prediction model, and storing the test case with the score higher than a certain threshold in a seed input pool. The test cases are selected by using a seed selection strategy and stored in a seed input pool, and executed test cases capable of causing collapse are also stored in the seed input pool. Next generation inputs of the seed input pool are generated by mutating the inputs in the seed input pool. According to the method, the vulnerability prediction probability of the basic block of the target program is fully considered, effective variation aiming at the target program is favorably realized, the effectiveness of the test case is improved, and vulnerabilities are more easily mined.

Description

technical field [0001] The invention relates to the field of network security, in particular to a seed optimization method based on a vulnerability prediction model. Background technique [0002] In the field of vulnerability mining in computer technology, fuzz testing undoubtedly occupies a pivotal position. As a commonly used vulnerability mining method, fuzz testing has the advantages of high accuracy, convenient operation, and strong scalability, but it also faces the following problems: Commonly used fuzz testing tools or frameworks place the functions of the test targets in the same position , the same amount of test cases are designed for all functions of the test target, resulting in a large number of invalid use cases, which increases redundant calculations and resource consumption in the fuzzing process; mutation-based fuzzers are difficult to generate without guidance A valid test case that can cause a crash can also cause a large amount of invalid calculation an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57G06F11/36
CPCG06F21/577G06F11/3684G06F11/3688G06F11/3692
Inventor 杨天长张先国任传伦徐军化尹誉衡唐然
Owner NO 15 INST OF CHINA ELECTRONICS TECH GRP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap