XSS fuzzy test case generation method based on time convolutional network

Abstract

The invention provides an XSS fuzzy test case generation method based on a time convolution network. At present, a key load dictionary is mostly used as a data set, and use cases are generated by building a character-level language model. However, due to the fact that the number of use cases in a key load dictionary is limited at present, the generation efficiency and quality are affected. According to the method, a JS event function insertion position is taken as a basis, and the use case is subjected to structure division. And on the basis, mutating the content of each part of the use case according to a division result by referring to an XSS bypassing method so as to realize data enhancement. Secondly, the words and the characters in the use case are jointly coded, so that the original word semantics cannot be damaged while the character variability is kept; and finally, building a case generation model through the TCN, and generating an XSS vulnerability test case meeting requirements by learning case characteristics. According to the method, the generation efficiency and quality of the XSS vulnerability fuzzy test case are improved.

Description

technical field [0001] The present invention proposes a method for generating XSS vulnerability test cases based on time convolution network, which is mainly divided into a data preprocessing stage and a use case generation model building stage. In the present invention, firstly, the structure division rule is proposed according to the insertion position of the key load event function, and the data enhancement based on the mutation operation is carried out by referring to methods such as case bypass in the XSS bypass method according to the division result, which improves to a certain extent The pertinence and diversity of test case datasets lay the foundation for subsequent generation work. Secondly, in the stage of building the use case generation model, based on the various types of data in the division results, the words and characters in the XSS key load are extracted for joint encoding, which ensures the availability of test cases while ensuring character variability. T...

AI Technical Summary

Problems solved by technology

Among them, the generation of test cases is an indispensable part of fuzz testing, but there are still the following problems: 1) At present, the test cases of most fuzz testing tools are constructed based on templates or relying on key load dictionaries , resulting in a limited number of generated use cases and a single type, lacking in comprehensiveness

2) Most of the current methods for generating test cases based on deep learning use recurrent neural networks, which may lead to gradient explosion or gradient disappearance.

3) In addition, in the use case generation, the simple method of building a character-level language model destroys the original semantic structure of the use case to a certain extent, resulting in blindness and poor pertinence in use case generation. there are certain problems

Conversely, without generating predictions through a character-level language model, the generated test case results will have poor variability for individual characters

Images