CN110443045A - A kind of fuzz testing case generation method based on machine learning method - Google Patents

A kind of fuzz testing case generation method based on machine learning method Download PDF

Info

Publication number
CN110443045A
CN110443045A CN201910742264.7A CN201910742264A CN110443045A CN 110443045 A CN110443045 A CN 110443045A CN 201910742264 A CN201910742264 A CN 201910742264A CN 110443045 A CN110443045 A CN 110443045A
Authority
CN
China
Prior art keywords
case
stain
fuzz testing
machine learning
test
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910742264.7A
Other languages
Chinese (zh)
Other versions
CN110443045B (en
Inventor
赵磊
贾琼
常承伟
刘滋润
杨枭
张宏星
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201910742264.7A priority Critical patent/CN110443045B/en
Publication of CN110443045A publication Critical patent/CN110443045A/en
Application granted granted Critical
Publication of CN110443045B publication Critical patent/CN110443045B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present invention relates to a kind of fuzz testing case generation method based on machine learning method, is related to information security field.The present invention is to test case redundancy issue optimization design existing for current fuzz testing technology, in terms of the fuzz testing use-case generation towards source files of program, by before the generation of fuzz testing use-case, stain variable and problem function in marker recognition program object, in conjunction with to the generation of existing seed use-case, screening technique, the validity of fuzzy test case can be promoted, the redundancy of fuzz testing use-case set is reduced.Wherein, in Test cases technology link, in conjunction with machine learning, analysis machine learning is used for the feasibility that test case is simplified, and the Test cases technology optimisation technique thinking of machine learning is obtained, using the model and algorithm of machine learning, improve the Test cases technology link in fuzz testing process, the formation efficiency of test case is promoted, the de-redundancy that test case combines is realized, reaches the target for improving fuzz testing process intelligence degree.

Description

A kind of fuzz testing case generation method based on machine learning method
Technical field
The present invention relates to field of information security technology, and in particular to a kind of fuzz testing use-case based on machine learning method Generation method.
Background technique
According to the security breaches data statistics that national information Security Vulnerability Database (CNNVD) is announced, what China announced for 2018 Security breaches quantity is 23029, and compared with security breaches sum 18586 in 2017, annual growth is about 23.9%.With The trend that security breaches quantity in 2017 is increased sharply is compared, security breaches quantity slowdown in growth in 2018.However, this is not intended to Security breaches prevention work have been achieved for pleasurable achievement because the main reason for causing this phenomenon is to leak safely Hole statistics and announcement are relatively previous more decentralized, and include and announce through official a large amount of security breaches.In addition, safety Loophole is gradually considered as important strategic resource, to limit quantity and the time of security breaches announcement.Network security is ground A core content in studying carefully is exactly the relevant research of security breaches.The presence of security breaches allows malicious attacker real Now to the unauthorized access of resource in cyberspace, or even destroy.In current network ecosystem, since security breaches cause Harm coverage it is more and more wider, caused result is increasingly severe, and numerous research institutions and personnel detect security breaches Technology has carried out in-depth study work.
As the effective means that can be detected with security breaches, fuzz testing technology all has important peace to research and production Full protection meaning.Since ease for use is high, cost is relatively low and detection effect advantages, the fuzz testing technology such as preferably have become at present One of common Security Vulnerability Detection of industry, for targets such as network protocol, portal website, key message systems, Numerous researchs and application are carried out.But there are still following main problems for current fuzz testing technology:
(1) from the point of view of targeted target zone, the target object type coverage area of fuzz testing technology is to be improved. For example, being directed to the fuzzy device of source code program file, the source code program category of language number supported always is restriction, and it is wide One of the factor of general application.In addition, being directed to different types of software program, often there is the wave of detection level in the same fuzzy device It is dynamic.
(2) Test cases technology link always is a vital step during fuzz testing, test case Validity whether directly affect last test result accurate.Current mainstream fuzz testing technology is in Test cases technology rank Section use-case redundancy is more serious, high expensive, and easily there is the problems such as cost is uncontrollable.
(3) in terms of the type covering of security breaches, fuzz testing technology is still to be improved.Although current fuzz testing Technology can effectively find certain form of security breaches, but helpless to some specific security breaches.
Summary of the invention
(1) technical problems to be solved
The technical problem to be solved by the present invention is how to realize a kind of new fuzz testing case generation method, Lifting Modules The validity of test case is pasted, the redundancy of fuzz testing use-case set is reduced.
(2) technical solution
The fuzz testing that in order to solve the above-mentioned technical problems, the present invention provides a kind of based on machine learning method is used Example generation method, including code pretreatment link and fuzz testing use-case generate link;
The code pretreatment link is using code detection technology, stain labelling technique and uneasy total function label skill Art is pre-processed and is analyzed to software program to be measured, and identifying suspicious sentence, stain variable and uneasy total function, these are doubtful Fragility code;
The fuzz testing use-case generate link be using in machine learning decision-tree model and Random Forest model seek Seed use-case set is found out, generates large batch of test case using the mode of variation, and use the classification fallout predictor after training Remove test case extra under similar security breaches.
Preferably, wherein the code pretreatment link includes code detection step, stain markers step and dangerous letter Number markers steps, the code detection step be carry out logic error and type expression detection, stain markers step be into The inspection and mark of line program variable, uneasy total function markers step be authentication code detecting step, stain markers step this two The doubtful problem function that a step is omitted.
Preferably, the code detection step passes through static sentence labelling technique, only carries out to software program to be measured suspicious Sentence marking operation.
Preferably, the stain markers step passes through static stain labelling technique, to the software of code detection step output Program carries out stain label, according to the data entry format of software under testing program and the security breaches feature to be detected when label, It makes marks to the suspicious variable in mistrustful input data and program.
Preferably, the uneasy total function markers step is identified and is marked in the software program of stain markers step output Existing uneasiness total function, is identified the function for being likely to occur dangerous method of calling.
Preferably, the execution sequence of these three steps is marked to replace with code detection, stain label and uneasy total function Parallel processing, and three results carry out duplicate removal processing to treated.
Preferably, the fuzz testing use-case generates the generation mode step and mould that link specifically includes determining seed use-case Paste Test cases technology step;
Wherein, the generation mode step of the determining seed use-case be according to code pretreatment mark the problem of sentence, The generation mode of stain variable, uneasy these suspect codes of total function construction test case;
The fuzz testing use-case generation step is the generation mode according to seed use-case, to the value type of wherein field It is combined, generates the initial test case that a batch is used for fuzz testing, the initial test case is denoted as initial sets;So Afterwards, the initial test case in the initial sets is input in software under testing program, dynamic observes implementation effect, records The case where triggering security breaches, and determine whether the generation mode of seed use-case is rationally accurate according to triggering effect, when needed Carry out the adjustment of generation mode;Using the decision-tree model and Random Forest model structural classification fallout predictor in machine learning, and Use-case adjusted is generated into mode and carries out classification learning as classification foundation, then to the test case in the initial sets, It trains and meets the classification fallout predictor that default accuracy rate requires;Then, mode is generated according to modified use-case, generates more batches Test case as classification fallout predictor test data set;Then, using the classification fallout predictor constructed to the test Data acquisition system carries out sort operation, the identical test case data of removal security breaches triggering effect.
Preferably, in the generation mode step of the determining seed use-case, the generation shape format of seed use-case is determined such as Under:
<vars,exps,ops,func,judge_num,var_num,func_num,env,conf>
Wherein, vars pointer is directed toward stain variable array, is used to store stain variable, array length is marked according to stain Depending on the stain variable number of Shi Jilu;Exps pointer is directed toward expression formula type array, is used to store the number of types of suspicious sentence It is determined according to, the sentence number recorded when array length is according to code detection;Ops pointer is directed toward operator type array, is used to Store operator type present in suspicious sentence;Func pointer is directed toward dangerous library function array;Judge_num refers to be measured Decision statement number present in software program, the decision statement number only record the number of decision statement, and record is not sentenced Determine the Problem Representation between branch;Var_num refers to the stain variable quantity in software under testing program;Func_num refer to Survey the quantity of marked uneasy total function out in software program;Env pointer is directed toward context information field;Conf pointer is directed toward Configuration information field.
When preferably, using the decision-tree model and Random Forest model structural classification fallout predictor in machine learning, use The method for increasing characteristic of division and adjusting parameter handles poor fitting problem.
It is also right when preferably, using the decision-tree model and Random Forest model structural classification fallout predictor in machine learning Characteristic of division number is limited, while spread training data acquisition system as far as possible is to reduce the probability of over-fitting.
(3) beneficial effect
The present invention to test case redundancy issue existing for current mainstream fuzz testing technology carry out optimization design, towards The fuzz testing use-case of source files of program generates aspect, by before the generation of fuzz testing use-case, marker recognition program object In stain variable and problem function, in conjunction with to existing seed use-case generate, screening etc. technologies, fuzzy test case can be promoted Validity, reduce fuzz testing use-case set redundancy.Wherein, in Test cases technology link, present invention combination machine Study, analysis machine learning are used for the feasibility that test case is simplified, obtain the Test cases technology optimisation technique of machine learning Thinking improves the Test cases technology link in fuzz testing process using the model and algorithm of machine learning, promotes test and uses The formation efficiency of example realizes the de-redundancy that test case combines, reaches the target for improving fuzz testing process intelligence degree.
Detailed description of the invention
Fig. 1 is that the present invention is based on the fuzz testing use-case Method And Principle block diagrams of machine learning;
Fig. 2 is code detection flow chart in method of the invention;
Fig. 3 is that stain marks flow chart in method of the invention;
Fig. 4 is that uneasy total function marks flow chart in method of the invention.
Specific embodiment
To keep the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to of the invention Specific embodiment is described in further detail.
For three kinds of typical problems existing for current mainstream fuzz testing technology, the present invention is to current mainstream fuzz testing skill Test case redundancy issue existing for art carries out optimization design, in terms of the fuzz testing use-case generation towards source files of program, By before the generation of fuzz testing use-case, stain variable and problem function in marker recognition program object, in conjunction with to existing Seed use-case generate, the technologies such as screening, can promote the validity of fuzzy test case, reduce the superfluous of fuzz testing use-case set Remaining.
Test cases technology link is the core link of fuzz testing method, and the validity of test case directly affects fuzzy The accuracy of test result.Since traditional fuzz testing technology is in the Test cases technology stage, using in the defeated of program to be measured Enter random value in space, causes test case set lower to the coverage rate of program, final test result is difficult to enable always People is satisfied.Present invention combination machine learning, analysis machine learning are used for the feasibility that test case is simplified, obtain machine learning Test cases technology optimisation technique thinking, using the model and algorithm of machine learning, the test improved in fuzz testing process is used Example generates link, promotes the formation efficiency of test case, realizes the de-redundancy that test case combines, reaches and improve fuzz testing stream The target of journey intelligence degree.
Fuzz testing case generation method functional block diagram based on machine learning is as shown in Figure 1, this method includes that code is pre- Processing links, fuzz testing use-case generate link.
It is all right to some extent for the optimisation technique of fuzz testing at present in order to improve the validity of fuzz testing use-case Software under testing program has carried out program analysis.The present invention continues the technology path of intelligent fuzzy test, in order to generate effective mould Test case is pasted, needs to carry out code pretreatment to software program to be measured.Code pretreatment link of the invention uses code Detection technique, stain labelling technique and uneasy total function labelling technique, are pre-processed and are analyzed to software program to be measured, identified The doubtful fragility code such as suspicious sentence, stain variable and uneasy total function out, and without excessively deep theory of program point Analysis.Wherein, code detection technology is used for the detection of logic error and type expression, and stain labelling technique lays particular emphasis on program variable Inspection and mark, without safe function labelling technique be used for identify first two means omission doubtful problem function.Pass through this The pretreatment to three variable, sentence and function levels in software program to be measured is realized in the combined use of three kinds of technologies.Specifically Including following three step:
(1) code detection
The code detection technology that the present invention takes, by static sentence labelling technique, only carrying out to software program to be measured can Sentence marking operation is doubted, and the theory of program excessively deep without route inspection, semantic analysis etc. is analyzed.Detailed process As shown in Figure 2.
(2) stain marks
The present invention passes through static stain labelling technique, when the software program exported to code detection carries out stain label, According to the data entry format of software under testing program and the security breaches feature to be detected, to mistrustful input data and program In suspicious variable make marks, subsequent combination uneasiness total function labelling technique is able to detect the dangerous side using stain data Formula, without disclosing the position where code fragility, detailed process such as Fig. 3 institute by the communication process for tracking stain data Show.
(3) uneasy total function label
The present invention is identified and is marked in the software program that stain label exports by using uneasy total function labelling technique Existing uneasiness total function, is identified the function for being likely to occur dangerous method of calling.Detailed process is as shown in Figure 4.
The above code detection, stain label and uneasy three steps of total function label can also be with parallel processings, but after handling Three results also need to carry out duplicate removal processing.
Fuzz testing use-case generates link: in order to complete simplifying for test case quantity under the premise of guaranteeing coverage rate, The present invention using in machine learning decision-tree model and Random Forest model search out good seed use-case set, use change Different mode generates large batch of test case, and test extra under similar security breaches is removed using the classifier after training Use-case.Specifically include following two steps:
(1) the generation mode of seed use-case is determined
The suspect codes structures such as the problem of present invention is marked according to code pretreatment sentence, stain variable, uneasy total function Make the generation mode of test case.For software program to be measured, recorded by the label and information of code pretreatment stage, it can Sentence, stain variable, the position of uneasy total function and mutual relationship is doubted to be extracted.These data are for giving birth to At the generation mode of seed use-case, such as stain variable field, uneasy total function field, suspicious statement field, operator are provided Type field, type expression field determine that numbers of branches field, step generate the reference frame of mode.So determining seed The generation shape format of use-case is as follows:
<vars,exps,ops,func,judge_num,var_num,func_num,env,conf>
Wherein, vars pointer is directed toward stain variable array, is used to store stain variable, array length is marked according to stain Depending on the stain variable number of Shi Jilu;Exps pointer is directed toward expression formula type array, is used to store the number of types of suspicious sentence It is determined according to, the sentence number recorded when array length is according to code detection;Ops pointer is directed toward operator type array, is used to Store operator type present in suspicious sentence;Func pointer is directed toward dangerous library function array;Judge_num refers to be measured Decision statement number present in software program (only records the number of decision statement, record does not determine the nesting level between branch Secondary structure);Var_num refers to the stain variable quantity in software under testing program;Func_num refers in software under testing program The quantity of the uneasy total function marked;Env pointer is directed toward context information field;Conf pointer is directed toward configuration information field.
(2) fuzz testing use-case generates
According to the generation mode of seed use-case, the value type of wherein field is combined, generates a batch for obscuring The initial test case is denoted as initial sets by the initial test case of test;It then, will be initial in the initial sets The case where test case is input in software under testing program, and dynamic observes implementation effect, records triggering security breaches, and according to It triggers effect and determines whether the generation mode of seed use-case is rationally accurate, carries out the adjustment of generation mode when needed;Use machine Device study in decision Tree algorithms and random forests algorithm structural classification fallout predictor, and using use-case adjusted generate mode as Classification foundation, then classification learning is carried out to the test case in the initial sets, it is trained with this and meets accuracy rate requirement Classification fallout predictor;Then, mode is generated according to modified use-case, generates the test case of more batches as classification fallout predictor Test data set;Then, sort operation, removal peace are carried out to the test data set using the classification fallout predictor constructed Full loophole triggers the identical test case data of effect, and the target of Optimizing Test Case set is realized with this.
Meanwhile the extensive limitation in order to solve the problems, such as decision tree learning model and random forest learning model in this step, Present invention employs certain methods to be limited and avoided with over-fitting situation to poor fitting.In general, in machine learning Poor fitting problem refer to that learning model can not obtain in the training process of the training dataset in test data set and make us Satisfied accuracy rate, it is also bad in the performance that test data set is closed;And overfitting problem refers to learning model in training data Can be obtained on collection it is preferable as a result, even 100% accuracy rate, but model verifying link has been arrived, but in test data Collection, which closes, can not obtain satisfactory result.In order to solve owing for Random Forest model and decision-tree model to a certain extent Fitting and overfitting problem handle poor fitting problem using the method for increasing characteristic of division and adjusting parameter;By to a certain degree The upper complexity for reducing model, and characteristic of division number is limited, while spread training data acquisition system as far as possible, it reduced quasi- The probability of conjunction.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations Also it should be regarded as protection scope of the present invention.

Claims (10)

1. a kind of fuzz testing case generation method based on machine learning method, which is characterized in that pre-process ring including code Section and fuzz testing use-case generate link;
The code pretreatment link is to use code detection technology, stain labelling technique and uneasy total function labelling technique, right Software under testing program is pre-processed and is analyzed, and suspicious sentence, stain variable and uneasy these doubtful fragilities of total function are identified Property code;
The fuzz testing use-case generate link be using in machine learning decision-tree model and Random Forest model search out Seed use-case set is generated large batch of test case using the mode of variation, and is removed using the classification fallout predictor after training Extra test case under similar security breaches.
2. the method as described in claim 1, which is characterized in that wherein, the code pretreatment link includes code detection step Suddenly, stain markers step and uneasy total function markers step, the code detection step are to carry out logic error and expression formula class The detection of type, stain markers step are to carry out the inspection and mark of program variable, and uneasy total function markers step is authentication code The doubtful problem function that detecting step, the two steps of stain markers step are omitted.
3. method according to claim 2, which is characterized in that the code detection step passes through static sentence labelling technique, Suspicious sentence marking operation is only carried out to software program to be measured.
4. method as claimed in claim 3, which is characterized in that the stain markers step passes through static stain labelling technique, Stain label is carried out to the software program of code detection step output, according to the data entry format of software under testing program when label With the security breaches feature to be detected, make marks to the suspicious variable in mistrustful input data and program.
5. method as claimed in claim 4, which is characterized in that the uneasiness total function markers step identifies and marks stain Uneasiness total function present in the software program of markers step output, marks the function for being likely to occur dangerous method of calling Know.
6. method as claimed in claim 5, which is characterized in that code detection, stain label and uneasy total function are marked this The execution sequence of three steps replaces with parallel processing, and three results carry out duplicate removal processing to treated.
7. method as claimed in claim 6, which is characterized in that the fuzz testing use-case generates link and specifically includes determining kind The generation mode step and fuzz testing use-case generation step of sub- use-case;
Wherein, the generation mode step of the determining seed use-case is sentence, stain the problem of being marked according to code pretreatment The generation mode of variable, uneasy these suspect codes of total function construction test case;
The fuzz testing use-case generation step is the generation mode according to seed use-case, is carried out to the value type of wherein field Combination generates the initial test case that a batch is used for fuzz testing, the initial test case is denoted as initial sets;Then, Initial test case in the initial sets is input in software under testing program, dynamic observes implementation effect, records touching The case where sending out security breaches, and determine whether the generation mode of seed use-case rationally accurate according to triggering effect, when needed into The adjustment of row generation mode;Using the decision-tree model and Random Forest model structural classification fallout predictor in machine learning, and will Use-case adjusted generates mode as classification foundation, then carries out classification learning, instruction to the test case in the initial sets It practises and meets the classification fallout predictor that default accuracy rate requires;Then, mode is generated according to modified use-case, generates more batches Test data set of the test case as classification fallout predictor;Then, using the classification fallout predictor constructed to the test number Sort operation, the identical test case data of removal security breaches triggering effect are carried out according to set.
8. the method for claim 7, which is characterized in that in the generation mode step of the determining seed use-case, determine The generation shape format of seed use-case is as follows:
<vars,exps,ops,func,judge_num,var_num,func_num,env,conf>
Wherein, vars pointer is directed toward stain variable array, is used to store stain variable, remembers when array length is marked according to stain Depending on the stain variable number of record;Exps pointer is directed toward expression formula type array, is used to store the categorical data of suspicious sentence, The sentence number that records when array length is according to code detection determines;Ops pointer is directed toward operator type array, for depositing Put operator type present in suspicious sentence;Func pointer is directed toward dangerous library function array;Judge_num refers to be measured soft Decision statement number present in part program, the decision statement number only record the number of decision statement, and record does not determine Problem Representation between branch;Var_num refers to the stain variable quantity in software under testing program;Func_num refers to be measured The quantity of marked uneasy total function out in software program;Env pointer is directed toward context information field;Conf pointer, direction are matched Set information field.
9. the method for claim 7, which is characterized in that use the decision-tree model and random forest mould in machine learning When type structural classification fallout predictor, poor fitting problem is handled using the method for increasing characteristic of division and adjusting parameter.
10. the method for claim 7, which is characterized in that use the decision-tree model and random forest in machine learning When Construction of A Model classification fallout predictor, also characteristic of division number is limited, while spread training data acquisition system as far as possible is to reduce The probability of over-fitting.
CN201910742264.7A 2019-08-13 2019-08-13 Fuzzy test case generation method based on machine learning method Active CN110443045B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910742264.7A CN110443045B (en) 2019-08-13 2019-08-13 Fuzzy test case generation method based on machine learning method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910742264.7A CN110443045B (en) 2019-08-13 2019-08-13 Fuzzy test case generation method based on machine learning method

Publications (2)

Publication Number Publication Date
CN110443045A true CN110443045A (en) 2019-11-12
CN110443045B CN110443045B (en) 2020-12-15

Family

ID=68434770

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910742264.7A Active CN110443045B (en) 2019-08-13 2019-08-13 Fuzzy test case generation method based on machine learning method

Country Status (1)

Country Link
CN (1) CN110443045B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110708344A (en) * 2019-11-22 2020-01-17 中电科仪器仪表有限公司 Vulnerability detection method and system based on fuzzy technology
CN111767546A (en) * 2020-06-17 2020-10-13 北京理工大学 Deep learning-based input structure inference method and device
CN112559377A (en) * 2020-12-25 2021-03-26 上海高顿教育科技有限公司 Method and device for generating first test case
CN112733146A (en) * 2020-12-31 2021-04-30 平安医疗健康管理股份有限公司 Penetration testing method, device and equipment based on machine learning and storage medium
CN112948255A (en) * 2021-03-23 2021-06-11 北京鸿腾智能科技有限公司 Distributed kernel fuzzing test system and method
CN113297060A (en) * 2020-05-11 2021-08-24 阿里巴巴集团控股有限公司 Data testing method and device
CN113742204A (en) * 2020-05-27 2021-12-03 南京大学 Deep learning operator testing tool based on fuzzy test
CN114117454A (en) * 2021-12-10 2022-03-01 中国电子科技集团公司第十五研究所 Seed optimization method based on vulnerability prediction model
CN117435178A (en) * 2023-12-20 2024-01-23 厦门东软汉和信息科技有限公司 Code generation system, method, device and storage medium
CN117555814A (en) * 2024-01-11 2024-02-13 三六零数字安全科技集团有限公司 Software testing method and device, storage medium and terminal

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140090071A1 (en) * 2012-09-21 2014-03-27 University Of Limerick Systems and Methods for Runtime Adaptive Security to Protect Variable Assets
CN104573524A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Fuzz testing method based on static detection
US20170177765A1 (en) * 2015-12-16 2017-06-22 International Business Machines Corporation Test case generation
CN107832228A (en) * 2017-11-29 2018-03-23 北京锐安科技有限公司 A kind of test case reduction method, device, equipment and storage medium
CN107957944A (en) * 2017-11-24 2018-04-24 浙江大学 The automatic example generation method of user oriented data cover rate
CN108647520A (en) * 2018-05-15 2018-10-12 浙江大学 A kind of intelligent fuzzy test method and system based on fragile inquiry learning
CN109597767A (en) * 2018-12-19 2019-04-09 中国人民解放军国防科技大学 Genetic variation-based fuzzy test case generation method and system
CN109739755A (en) * 2018-12-27 2019-05-10 北京理工大学 A kind of fuzz testing system executed based on program trace and mixing

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140090071A1 (en) * 2012-09-21 2014-03-27 University Of Limerick Systems and Methods for Runtime Adaptive Security to Protect Variable Assets
CN104573524A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Fuzz testing method based on static detection
US20170177765A1 (en) * 2015-12-16 2017-06-22 International Business Machines Corporation Test case generation
CN107957944A (en) * 2017-11-24 2018-04-24 浙江大学 The automatic example generation method of user oriented data cover rate
CN107832228A (en) * 2017-11-29 2018-03-23 北京锐安科技有限公司 A kind of test case reduction method, device, equipment and storage medium
CN108647520A (en) * 2018-05-15 2018-10-12 浙江大学 A kind of intelligent fuzzy test method and system based on fragile inquiry learning
CN109597767A (en) * 2018-12-19 2019-04-09 中国人民解放军国防科技大学 Genetic variation-based fuzzy test case generation method and system
CN109739755A (en) * 2018-12-27 2019-05-10 北京理工大学 A kind of fuzz testing system executed based on program trace and mixing

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
LINING XU 等: "New Challenge of Protecting Privacy due to Stained Recognition", 《2016 IEEE 40TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC)》 *
PONCE,P 等: "Deep learning for automatic usability evaluations based on images: A case study of the usability heuristics of thermostats", 《ENERGY AND BUILDINGS》 *
周鹏 等: "一种评估漏洞扫描工具效果的测试集生成方法", 《科技视界》 *
唐奔宵 等: "基于差分隐私的Android物理传感器侧信道防御方法", 《物联网安全专题》 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110708344A (en) * 2019-11-22 2020-01-17 中电科仪器仪表有限公司 Vulnerability detection method and system based on fuzzy technology
CN110708344B (en) * 2019-11-22 2022-03-04 中电科思仪科技股份有限公司 Vulnerability detection method and system based on fuzzy technology
CN113297060A (en) * 2020-05-11 2021-08-24 阿里巴巴集团控股有限公司 Data testing method and device
CN113742204A (en) * 2020-05-27 2021-12-03 南京大学 Deep learning operator testing tool based on fuzzy test
CN113742204B (en) * 2020-05-27 2023-12-12 南京大学 Deep learning operator testing method based on fuzzy test
CN111767546B (en) * 2020-06-17 2022-09-16 北京理工大学 Deep learning-based input structure inference method and device
CN111767546A (en) * 2020-06-17 2020-10-13 北京理工大学 Deep learning-based input structure inference method and device
CN112559377A (en) * 2020-12-25 2021-03-26 上海高顿教育科技有限公司 Method and device for generating first test case
CN112733146A (en) * 2020-12-31 2021-04-30 平安医疗健康管理股份有限公司 Penetration testing method, device and equipment based on machine learning and storage medium
CN112948255A (en) * 2021-03-23 2021-06-11 北京鸿腾智能科技有限公司 Distributed kernel fuzzing test system and method
CN112948255B (en) * 2021-03-23 2024-05-14 三六零数字安全科技集团有限公司 Distributed kernel fuzzy test system and method
CN114117454A (en) * 2021-12-10 2022-03-01 中国电子科技集团公司第十五研究所 Seed optimization method based on vulnerability prediction model
CN117435178A (en) * 2023-12-20 2024-01-23 厦门东软汉和信息科技有限公司 Code generation system, method, device and storage medium
CN117435178B (en) * 2023-12-20 2024-03-15 厦门东软汉和信息科技有限公司 Code generation system, method, device and storage medium
CN117555814A (en) * 2024-01-11 2024-02-13 三六零数字安全科技集团有限公司 Software testing method and device, storage medium and terminal
CN117555814B (en) * 2024-01-11 2024-05-10 三六零数字安全科技集团有限公司 Software testing method and device, storage medium and terminal

Also Published As

Publication number Publication date
CN110443045B (en) 2020-12-15

Similar Documents

Publication Publication Date Title
CN110443045A (en) A kind of fuzz testing case generation method based on machine learning method
CN107360152A (en) A kind of Web based on semantic analysis threatens sensory perceptual system
Liu et al. Locate-Then-Detect: Real-time Web Attack Detection via Attention-based Deep Neural Networks.
CN114172701A (en) Knowledge graph-based APT attack detection method and device
Sarwar et al. Design of an advance intrusion detection system for IoT networks
CN110191096A (en) A kind of term vector homepage invasion detection method based on semantic analysis
CN117081858B (en) Intrusion behavior detection method, system, equipment and medium based on multi-decision tree
CN108959368A (en) A kind of information monitoring method, storage medium and server
Thamaraiselvi et al. Attack and anomaly detection in iot networks using machine learning
CN112333128B (en) Web attack behavior detection system based on self-encoder
Ashlam et al. A novel approach exploiting machine learning to detect SQLi attacks
CN106874762A (en) Android malicious code detecting method based on API dependence graphs
Samaan et al. Feature-based real-time distributed denial of service detection in SDN using machine learning and Spark
CN112257076B (en) Vulnerability detection method based on random detection algorithm and information aggregation
Alkawaz et al. Identification and analysis of phishing website based on machine learning methods
CN110334510A (en) A kind of malicious file detection technique based on random forests algorithm
CN111431883B (en) Web attack detection method and device based on access parameters
Gaur et al. HCTDDA: Hybrid Classification Technique for Detection of DDoS Attacks
CN116796323A (en) Intelligent contract reentry attack detection method, system and terminal equipment
CN107682302A (en) Cross-site scripting attack detection method and device
Nguyen et al. Lightgbm-based ransomware detection using api call sequences
Elhag et al. Toward an improved security performance of industrial internet of things systems
Wang et al. TransIDS: A Transformer-based approach for intrusion detection in Internet of Things using Label Smoothing
KR20220009098A (en) A Study on Malware Detection System Using Static Analysis and Stacking
Chauhan et al. Design of intrusion detection system based on logical analysis of data (LAD) using information gain ratio

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant