Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

XSS fuzzy test case generation method based on time convolutional network

A convolutional network, time technology, applied in biological neural network models, neural learning methods, software testing/debugging, etc., can solve problems such as single type, poor variability of single characters, limited number of use cases, etc., to solve gradient explosion or gradient The effect of disappearing, good pertinence, and improving generation efficiency

Pending Publication Date: 2022-04-08
BEIJING UNIV OF TECH
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Among them, the generation of test cases is an indispensable part of fuzz testing, but there are still the following problems: 1) At present, the test cases of most fuzz testing tools are constructed based on templates or relying on key load dictionaries , resulting in a limited number of generated use cases and a single type, lacking in comprehensiveness
2) Most of the current methods for generating test cases based on deep learning use recurrent neural networks, which may lead to gradient explosion or gradient disappearance.
3) In addition, in the use case generation, the simple method of building a character-level language model destroys the original semantic structure of the use case to a certain extent, resulting in blindness and poor pertinence in use case generation. there are certain problems
Conversely, without generating predictions through a character-level language model, the generated test case results will have poor variability for individual characters

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • XSS fuzzy test case generation method based on time convolutional network
  • XSS fuzzy test case generation method based on time convolutional network
  • XSS fuzzy test case generation method based on time convolutional network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0082] The training data of the present invention is made up of some attack sentences of the XSS Filter Evasion Cheat Sheet in OWASP and some key load dictionaries open source on the Internet. Among them, 95% of the samples have been proved to be effective in practical applications, so XSS vulnerabilities can be discovered.

[0083] The present invention adopts following technical scheme and implementation steps:

[0084] 1. Data preprocessing stage: determine the input and output variables of the temporal convolution network language generation model: take the XSS vulnerability test case as the research object, carry out structural division and mutation operation on the key load part in the XSS vulnerability test case, and obtain the mutation respectively After the labels, attributes and event functions, the expanded key load data set PM=(pm 1 ,pm 2 ,...,pm z ) as the input for the next stage;

[0085] The basic form of the key payload Payload in an XSS test case can be e...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an XSS fuzzy test case generation method based on a time convolution network. At present, a key load dictionary is mostly used as a data set, and use cases are generated by building a character-level language model. However, due to the fact that the number of use cases in a key load dictionary is limited at present, the generation efficiency and quality are affected. According to the method, a JS event function insertion position is taken as a basis, and the use case is subjected to structure division. And on the basis, mutating the content of each part of the use case according to a division result by referring to an XSS bypassing method so as to realize data enhancement. Secondly, the words and the characters in the use case are jointly coded, so that the original word semantics cannot be damaged while the character variability is kept; and finally, building a case generation model through the TCN, and generating an XSS vulnerability test case meeting requirements by learning case characteristics. According to the method, the generation efficiency and quality of the XSS vulnerability fuzzy test case are improved.

Description

technical field [0001] The present invention proposes a method for generating XSS vulnerability test cases based on time convolution network, which is mainly divided into a data preprocessing stage and a use case generation model building stage. In the present invention, firstly, the structure division rule is proposed according to the insertion position of the key load event function, and the data enhancement based on the mutation operation is carried out by referring to methods such as case bypass in the XSS bypass method according to the division result, which improves to a certain extent The pertinence and diversity of test case datasets lay the foundation for subsequent generation work. Secondly, in the stage of building the use case generation model, based on the various types of data in the division results, the words and characters in the XSS key load are extracted for joint encoding, which ensures the availability of test cases while ensuring character variability. T...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36G06F9/455G06N3/04G06N3/08
Inventor 姜楠关云方
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com