Vulnerability type guiding fuzzy testing method and system based on byte sensitive energy distribution

A technology of fuzzing and energy distribution, applied in software testing/debugging, platform integrity maintenance, etc., can solve problems such as customized energy distribution algorithm, and achieve the effect of improving mining efficiency, low computational cost, and low instrumentation cost

Pending Publication Date: 2022-07-15
尚蝉(浙江)科技有限公司
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The survey shows that the vast majority of existing fuzz testing tools do not customize different energy allocatio

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability type guiding fuzzy testing method and system based on byte sensitive energy distribution
  • Vulnerability type guiding fuzzy testing method and system based on byte sensitive energy distribution
  • Vulnerability type guiding fuzzy testing method and system based on byte sensitive energy distribution

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be noted that the following embodiments are intended to facilitate the understanding of the present invention, but do not have any limiting effect on it.

[0052] According to different vulnerability types, the present invention constructs a sample queue dedicated to the vulnerability type, and designs a byte-accurate energy distribution method matching the vulnerability characteristics, thereby realizing faster and more efficient vulnerability exploration on each vulnerability type. with digging. For the sake of brevity, the basic idea of ​​the present invention is described by taking the buffer overflow vulnerability as an example: figure 1 As shown, the static analysis module can select any specified static analysis tool for analyzing buffer overflow vulnerabilities, and the analysis result obtained is a series of line number position...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a vulnerability type guiding fuzz testing method and system based on byte sensitive energy distribution, and belongs to the technical field of software fuzz testing. The test method comprises the following steps: marking line number information of different types of vulnerabilities through a static analysis tool; compiling an instrumentation program to realize statistics of different types of vulnerability feature information during operation; constructing and maintaining seed queues of a plurality of specific vulnerability types based on the vulnerability types, and customizing different energy distribution modes for each seed queue according to the vulnerability types; energy distribution is further refined to a byte level, and weights are distributed for variation byte positions according to potential performance scores of seeds on specific types of vulnerabilities before and after variation. By means of the byte-level energy distribution algorithm matched with the vulnerability characteristics, the vulnerability mining efficiency of the fuzzy test tool on different types of vulnerabilities is greatly improved.

Description

technical field [0001] The invention relates to the technical field of software fuzzing testing, in particular to a vulnerability type-oriented fuzzing testing method and system based on byte-sensitive energy allocation. Background technique [0002] With the vigorous development of Internet technology, computer software is widely used in daily life, enterprise production, business operations and government management. However, while Internet technology greatly promotes economic and social development, it also brings considerable risks and challenges. Relatively prominent problems are manifested in the increasing number of high-risk zero-day vulnerabilities and advanced sustainable threat attacks, the vulnerability threat situation facing information systems is more severe, and the awareness of computer system security protection is still relatively weak. Software security has become a surging undercurrent behind the vigorous development of the Internet. How to quickly and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36G06F21/57
CPCG06F11/3684G06F11/3688G06F21/577
Inventor 纪守领张凌铭张旭鸿陈建海
Owner 尚蝉(浙江)科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap