CN110443045A - A kind of fuzz testing case generation method based on machine learning method - Google Patents
A kind of fuzz testing case generation method based on machine learning method Download PDFInfo
- Publication number
- CN110443045A CN110443045A CN201910742264.7A CN201910742264A CN110443045A CN 110443045 A CN110443045 A CN 110443045A CN 201910742264 A CN201910742264 A CN 201910742264A CN 110443045 A CN110443045 A CN 110443045A
- Authority
- CN
- China
- Prior art keywords
- case
- stain
- fuzz testing
- machine learning
- test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present invention relates to a kind of fuzz testing case generation method based on machine learning method, is related to information security field.The present invention is to test case redundancy issue optimization design existing for current fuzz testing technology, in terms of the fuzz testing use-case generation towards source files of program, by before the generation of fuzz testing use-case, stain variable and problem function in marker recognition program object, in conjunction with to the generation of existing seed use-case, screening technique, the validity of fuzzy test case can be promoted, the redundancy of fuzz testing use-case set is reduced.Wherein, in Test cases technology link, in conjunction with machine learning, analysis machine learning is used for the feasibility that test case is simplified, and the Test cases technology optimisation technique thinking of machine learning is obtained, using the model and algorithm of machine learning, improve the Test cases technology link in fuzz testing process, the formation efficiency of test case is promoted, the de-redundancy that test case combines is realized, reaches the target for improving fuzz testing process intelligence degree.
Description
Technical field
The present invention relates to field of information security technology, and in particular to a kind of fuzz testing use-case based on machine learning method
Generation method.
Background technique
According to the security breaches data statistics that national information Security Vulnerability Database (CNNVD) is announced, what China announced for 2018
Security breaches quantity is 23029, and compared with security breaches sum 18586 in 2017, annual growth is about 23.9%.With
The trend that security breaches quantity in 2017 is increased sharply is compared, security breaches quantity slowdown in growth in 2018.However, this is not intended to
Security breaches prevention work have been achieved for pleasurable achievement because the main reason for causing this phenomenon is to leak safely
Hole statistics and announcement are relatively previous more decentralized, and include and announce through official a large amount of security breaches.In addition, safety
Loophole is gradually considered as important strategic resource, to limit quantity and the time of security breaches announcement.Network security is ground
A core content in studying carefully is exactly the relevant research of security breaches.The presence of security breaches allows malicious attacker real
Now to the unauthorized access of resource in cyberspace, or even destroy.In current network ecosystem, since security breaches cause
Harm coverage it is more and more wider, caused result is increasingly severe, and numerous research institutions and personnel detect security breaches
Technology has carried out in-depth study work.
As the effective means that can be detected with security breaches, fuzz testing technology all has important peace to research and production
Full protection meaning.Since ease for use is high, cost is relatively low and detection effect advantages, the fuzz testing technology such as preferably have become at present
One of common Security Vulnerability Detection of industry, for targets such as network protocol, portal website, key message systems,
Numerous researchs and application are carried out.But there are still following main problems for current fuzz testing technology:
(1) from the point of view of targeted target zone, the target object type coverage area of fuzz testing technology is to be improved.
For example, being directed to the fuzzy device of source code program file, the source code program category of language number supported always is restriction, and it is wide
One of the factor of general application.In addition, being directed to different types of software program, often there is the wave of detection level in the same fuzzy device
It is dynamic.
(2) Test cases technology link always is a vital step during fuzz testing, test case
Validity whether directly affect last test result accurate.Current mainstream fuzz testing technology is in Test cases technology rank
Section use-case redundancy is more serious, high expensive, and easily there is the problems such as cost is uncontrollable.
(3) in terms of the type covering of security breaches, fuzz testing technology is still to be improved.Although current fuzz testing
Technology can effectively find certain form of security breaches, but helpless to some specific security breaches.
Summary of the invention
(1) technical problems to be solved
The technical problem to be solved by the present invention is how to realize a kind of new fuzz testing case generation method, Lifting Modules
The validity of test case is pasted, the redundancy of fuzz testing use-case set is reduced.
(2) technical solution
The fuzz testing that in order to solve the above-mentioned technical problems, the present invention provides a kind of based on machine learning method is used
Example generation method, including code pretreatment link and fuzz testing use-case generate link;
The code pretreatment link is using code detection technology, stain labelling technique and uneasy total function label skill
Art is pre-processed and is analyzed to software program to be measured, and identifying suspicious sentence, stain variable and uneasy total function, these are doubtful
Fragility code;
The fuzz testing use-case generate link be using in machine learning decision-tree model and Random Forest model seek
Seed use-case set is found out, generates large batch of test case using the mode of variation, and use the classification fallout predictor after training
Remove test case extra under similar security breaches.
Preferably, wherein the code pretreatment link includes code detection step, stain markers step and dangerous letter
Number markers steps, the code detection step be carry out logic error and type expression detection, stain markers step be into
The inspection and mark of line program variable, uneasy total function markers step be authentication code detecting step, stain markers step this two
The doubtful problem function that a step is omitted.
Preferably, the code detection step passes through static sentence labelling technique, only carries out to software program to be measured suspicious
Sentence marking operation.
Preferably, the stain markers step passes through static stain labelling technique, to the software of code detection step output
Program carries out stain label, according to the data entry format of software under testing program and the security breaches feature to be detected when label,
It makes marks to the suspicious variable in mistrustful input data and program.
Preferably, the uneasy total function markers step is identified and is marked in the software program of stain markers step output
Existing uneasiness total function, is identified the function for being likely to occur dangerous method of calling.
Preferably, the execution sequence of these three steps is marked to replace with code detection, stain label and uneasy total function
Parallel processing, and three results carry out duplicate removal processing to treated.
Preferably, the fuzz testing use-case generates the generation mode step and mould that link specifically includes determining seed use-case
Paste Test cases technology step;
Wherein, the generation mode step of the determining seed use-case be according to code pretreatment mark the problem of sentence,
The generation mode of stain variable, uneasy these suspect codes of total function construction test case;
The fuzz testing use-case generation step is the generation mode according to seed use-case, to the value type of wherein field
It is combined, generates the initial test case that a batch is used for fuzz testing, the initial test case is denoted as initial sets;So
Afterwards, the initial test case in the initial sets is input in software under testing program, dynamic observes implementation effect, records
The case where triggering security breaches, and determine whether the generation mode of seed use-case is rationally accurate according to triggering effect, when needed
Carry out the adjustment of generation mode;Using the decision-tree model and Random Forest model structural classification fallout predictor in machine learning, and
Use-case adjusted is generated into mode and carries out classification learning as classification foundation, then to the test case in the initial sets,
It trains and meets the classification fallout predictor that default accuracy rate requires;Then, mode is generated according to modified use-case, generates more batches
Test case as classification fallout predictor test data set;Then, using the classification fallout predictor constructed to the test
Data acquisition system carries out sort operation, the identical test case data of removal security breaches triggering effect.
Preferably, in the generation mode step of the determining seed use-case, the generation shape format of seed use-case is determined such as
Under:
<vars,exps,ops,func,judge_num,var_num,func_num,env,conf>
Wherein, vars pointer is directed toward stain variable array, is used to store stain variable, array length is marked according to stain
Depending on the stain variable number of Shi Jilu;Exps pointer is directed toward expression formula type array, is used to store the number of types of suspicious sentence
It is determined according to, the sentence number recorded when array length is according to code detection;Ops pointer is directed toward operator type array, is used to
Store operator type present in suspicious sentence;Func pointer is directed toward dangerous library function array;Judge_num refers to be measured
Decision statement number present in software program, the decision statement number only record the number of decision statement, and record is not sentenced
Determine the Problem Representation between branch;Var_num refers to the stain variable quantity in software under testing program;Func_num refer to
Survey the quantity of marked uneasy total function out in software program;Env pointer is directed toward context information field;Conf pointer is directed toward
Configuration information field.
When preferably, using the decision-tree model and Random Forest model structural classification fallout predictor in machine learning, use
The method for increasing characteristic of division and adjusting parameter handles poor fitting problem.
It is also right when preferably, using the decision-tree model and Random Forest model structural classification fallout predictor in machine learning
Characteristic of division number is limited, while spread training data acquisition system as far as possible is to reduce the probability of over-fitting.
(3) beneficial effect
The present invention to test case redundancy issue existing for current mainstream fuzz testing technology carry out optimization design, towards
The fuzz testing use-case of source files of program generates aspect, by before the generation of fuzz testing use-case, marker recognition program object
In stain variable and problem function, in conjunction with to existing seed use-case generate, screening etc. technologies, fuzzy test case can be promoted
Validity, reduce fuzz testing use-case set redundancy.Wherein, in Test cases technology link, present invention combination machine
Study, analysis machine learning are used for the feasibility that test case is simplified, obtain the Test cases technology optimisation technique of machine learning
Thinking improves the Test cases technology link in fuzz testing process using the model and algorithm of machine learning, promotes test and uses
The formation efficiency of example realizes the de-redundancy that test case combines, reaches the target for improving fuzz testing process intelligence degree.
Detailed description of the invention
Fig. 1 is that the present invention is based on the fuzz testing use-case Method And Principle block diagrams of machine learning;
Fig. 2 is code detection flow chart in method of the invention;
Fig. 3 is that stain marks flow chart in method of the invention;
Fig. 4 is that uneasy total function marks flow chart in method of the invention.
Specific embodiment
To keep the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to of the invention
Specific embodiment is described in further detail.
For three kinds of typical problems existing for current mainstream fuzz testing technology, the present invention is to current mainstream fuzz testing skill
Test case redundancy issue existing for art carries out optimization design, in terms of the fuzz testing use-case generation towards source files of program,
By before the generation of fuzz testing use-case, stain variable and problem function in marker recognition program object, in conjunction with to existing
Seed use-case generate, the technologies such as screening, can promote the validity of fuzzy test case, reduce the superfluous of fuzz testing use-case set
Remaining.
Test cases technology link is the core link of fuzz testing method, and the validity of test case directly affects fuzzy
The accuracy of test result.Since traditional fuzz testing technology is in the Test cases technology stage, using in the defeated of program to be measured
Enter random value in space, causes test case set lower to the coverage rate of program, final test result is difficult to enable always
People is satisfied.Present invention combination machine learning, analysis machine learning are used for the feasibility that test case is simplified, obtain machine learning
Test cases technology optimisation technique thinking, using the model and algorithm of machine learning, the test improved in fuzz testing process is used
Example generates link, promotes the formation efficiency of test case, realizes the de-redundancy that test case combines, reaches and improve fuzz testing stream
The target of journey intelligence degree.
Fuzz testing case generation method functional block diagram based on machine learning is as shown in Figure 1, this method includes that code is pre-
Processing links, fuzz testing use-case generate link.
It is all right to some extent for the optimisation technique of fuzz testing at present in order to improve the validity of fuzz testing use-case
Software under testing program has carried out program analysis.The present invention continues the technology path of intelligent fuzzy test, in order to generate effective mould
Test case is pasted, needs to carry out code pretreatment to software program to be measured.Code pretreatment link of the invention uses code
Detection technique, stain labelling technique and uneasy total function labelling technique, are pre-processed and are analyzed to software program to be measured, identified
The doubtful fragility code such as suspicious sentence, stain variable and uneasy total function out, and without excessively deep theory of program point
Analysis.Wherein, code detection technology is used for the detection of logic error and type expression, and stain labelling technique lays particular emphasis on program variable
Inspection and mark, without safe function labelling technique be used for identify first two means omission doubtful problem function.Pass through this
The pretreatment to three variable, sentence and function levels in software program to be measured is realized in the combined use of three kinds of technologies.Specifically
Including following three step:
(1) code detection
The code detection technology that the present invention takes, by static sentence labelling technique, only carrying out to software program to be measured can
Sentence marking operation is doubted, and the theory of program excessively deep without route inspection, semantic analysis etc. is analyzed.Detailed process
As shown in Figure 2.
(2) stain marks
The present invention passes through static stain labelling technique, when the software program exported to code detection carries out stain label,
According to the data entry format of software under testing program and the security breaches feature to be detected, to mistrustful input data and program
In suspicious variable make marks, subsequent combination uneasiness total function labelling technique is able to detect the dangerous side using stain data
Formula, without disclosing the position where code fragility, detailed process such as Fig. 3 institute by the communication process for tracking stain data
Show.
(3) uneasy total function label
The present invention is identified and is marked in the software program that stain label exports by using uneasy total function labelling technique
Existing uneasiness total function, is identified the function for being likely to occur dangerous method of calling.Detailed process is as shown in Figure 4.
The above code detection, stain label and uneasy three steps of total function label can also be with parallel processings, but after handling
Three results also need to carry out duplicate removal processing.
Fuzz testing use-case generates link: in order to complete simplifying for test case quantity under the premise of guaranteeing coverage rate,
The present invention using in machine learning decision-tree model and Random Forest model search out good seed use-case set, use change
Different mode generates large batch of test case, and test extra under similar security breaches is removed using the classifier after training
Use-case.Specifically include following two steps:
(1) the generation mode of seed use-case is determined
The suspect codes structures such as the problem of present invention is marked according to code pretreatment sentence, stain variable, uneasy total function
Make the generation mode of test case.For software program to be measured, recorded by the label and information of code pretreatment stage, it can
Sentence, stain variable, the position of uneasy total function and mutual relationship is doubted to be extracted.These data are for giving birth to
At the generation mode of seed use-case, such as stain variable field, uneasy total function field, suspicious statement field, operator are provided
Type field, type expression field determine that numbers of branches field, step generate the reference frame of mode.So determining seed
The generation shape format of use-case is as follows:
<vars,exps,ops,func,judge_num,var_num,func_num,env,conf>
Wherein, vars pointer is directed toward stain variable array, is used to store stain variable, array length is marked according to stain
Depending on the stain variable number of Shi Jilu;Exps pointer is directed toward expression formula type array, is used to store the number of types of suspicious sentence
It is determined according to, the sentence number recorded when array length is according to code detection;Ops pointer is directed toward operator type array, is used to
Store operator type present in suspicious sentence;Func pointer is directed toward dangerous library function array;Judge_num refers to be measured
Decision statement number present in software program (only records the number of decision statement, record does not determine the nesting level between branch
Secondary structure);Var_num refers to the stain variable quantity in software under testing program;Func_num refers in software under testing program
The quantity of the uneasy total function marked;Env pointer is directed toward context information field;Conf pointer is directed toward configuration information field.
(2) fuzz testing use-case generates
According to the generation mode of seed use-case, the value type of wherein field is combined, generates a batch for obscuring
The initial test case is denoted as initial sets by the initial test case of test;It then, will be initial in the initial sets
The case where test case is input in software under testing program, and dynamic observes implementation effect, records triggering security breaches, and according to
It triggers effect and determines whether the generation mode of seed use-case is rationally accurate, carries out the adjustment of generation mode when needed;Use machine
Device study in decision Tree algorithms and random forests algorithm structural classification fallout predictor, and using use-case adjusted generate mode as
Classification foundation, then classification learning is carried out to the test case in the initial sets, it is trained with this and meets accuracy rate requirement
Classification fallout predictor;Then, mode is generated according to modified use-case, generates the test case of more batches as classification fallout predictor
Test data set;Then, sort operation, removal peace are carried out to the test data set using the classification fallout predictor constructed
Full loophole triggers the identical test case data of effect, and the target of Optimizing Test Case set is realized with this.
Meanwhile the extensive limitation in order to solve the problems, such as decision tree learning model and random forest learning model in this step,
Present invention employs certain methods to be limited and avoided with over-fitting situation to poor fitting.In general, in machine learning
Poor fitting problem refer to that learning model can not obtain in the training process of the training dataset in test data set and make us
Satisfied accuracy rate, it is also bad in the performance that test data set is closed;And overfitting problem refers to learning model in training data
Can be obtained on collection it is preferable as a result, even 100% accuracy rate, but model verifying link has been arrived, but in test data
Collection, which closes, can not obtain satisfactory result.In order to solve owing for Random Forest model and decision-tree model to a certain extent
Fitting and overfitting problem handle poor fitting problem using the method for increasing characteristic of division and adjusting parameter;By to a certain degree
The upper complexity for reducing model, and characteristic of division number is limited, while spread training data acquisition system as far as possible, it reduced quasi-
The probability of conjunction.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations
Also it should be regarded as protection scope of the present invention.
Claims (10)
1. a kind of fuzz testing case generation method based on machine learning method, which is characterized in that pre-process ring including code
Section and fuzz testing use-case generate link;
The code pretreatment link is to use code detection technology, stain labelling technique and uneasy total function labelling technique, right
Software under testing program is pre-processed and is analyzed, and suspicious sentence, stain variable and uneasy these doubtful fragilities of total function are identified
Property code;
The fuzz testing use-case generate link be using in machine learning decision-tree model and Random Forest model search out
Seed use-case set is generated large batch of test case using the mode of variation, and is removed using the classification fallout predictor after training
Extra test case under similar security breaches.
2. the method as described in claim 1, which is characterized in that wherein, the code pretreatment link includes code detection step
Suddenly, stain markers step and uneasy total function markers step, the code detection step are to carry out logic error and expression formula class
The detection of type, stain markers step are to carry out the inspection and mark of program variable, and uneasy total function markers step is authentication code
The doubtful problem function that detecting step, the two steps of stain markers step are omitted.
3. method according to claim 2, which is characterized in that the code detection step passes through static sentence labelling technique,
Suspicious sentence marking operation is only carried out to software program to be measured.
4. method as claimed in claim 3, which is characterized in that the stain markers step passes through static stain labelling technique,
Stain label is carried out to the software program of code detection step output, according to the data entry format of software under testing program when label
With the security breaches feature to be detected, make marks to the suspicious variable in mistrustful input data and program.
5. method as claimed in claim 4, which is characterized in that the uneasiness total function markers step identifies and marks stain
Uneasiness total function present in the software program of markers step output, marks the function for being likely to occur dangerous method of calling
Know.
6. method as claimed in claim 5, which is characterized in that code detection, stain label and uneasy total function are marked this
The execution sequence of three steps replaces with parallel processing, and three results carry out duplicate removal processing to treated.
7. method as claimed in claim 6, which is characterized in that the fuzz testing use-case generates link and specifically includes determining kind
The generation mode step and fuzz testing use-case generation step of sub- use-case;
Wherein, the generation mode step of the determining seed use-case is sentence, stain the problem of being marked according to code pretreatment
The generation mode of variable, uneasy these suspect codes of total function construction test case;
The fuzz testing use-case generation step is the generation mode according to seed use-case, is carried out to the value type of wherein field
Combination generates the initial test case that a batch is used for fuzz testing, the initial test case is denoted as initial sets;Then,
Initial test case in the initial sets is input in software under testing program, dynamic observes implementation effect, records touching
The case where sending out security breaches, and determine whether the generation mode of seed use-case rationally accurate according to triggering effect, when needed into
The adjustment of row generation mode;Using the decision-tree model and Random Forest model structural classification fallout predictor in machine learning, and will
Use-case adjusted generates mode as classification foundation, then carries out classification learning, instruction to the test case in the initial sets
It practises and meets the classification fallout predictor that default accuracy rate requires;Then, mode is generated according to modified use-case, generates more batches
Test data set of the test case as classification fallout predictor;Then, using the classification fallout predictor constructed to the test number
Sort operation, the identical test case data of removal security breaches triggering effect are carried out according to set.
8. the method for claim 7, which is characterized in that in the generation mode step of the determining seed use-case, determine
The generation shape format of seed use-case is as follows:
<vars,exps,ops,func,judge_num,var_num,func_num,env,conf>
Wherein, vars pointer is directed toward stain variable array, is used to store stain variable, remembers when array length is marked according to stain
Depending on the stain variable number of record;Exps pointer is directed toward expression formula type array, is used to store the categorical data of suspicious sentence,
The sentence number that records when array length is according to code detection determines;Ops pointer is directed toward operator type array, for depositing
Put operator type present in suspicious sentence;Func pointer is directed toward dangerous library function array;Judge_num refers to be measured soft
Decision statement number present in part program, the decision statement number only record the number of decision statement, and record does not determine
Problem Representation between branch;Var_num refers to the stain variable quantity in software under testing program;Func_num refers to be measured
The quantity of marked uneasy total function out in software program;Env pointer is directed toward context information field;Conf pointer, direction are matched
Set information field.
9. the method for claim 7, which is characterized in that use the decision-tree model and random forest mould in machine learning
When type structural classification fallout predictor, poor fitting problem is handled using the method for increasing characteristic of division and adjusting parameter.
10. the method for claim 7, which is characterized in that use the decision-tree model and random forest in machine learning
When Construction of A Model classification fallout predictor, also characteristic of division number is limited, while spread training data acquisition system as far as possible is to reduce
The probability of over-fitting.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910742264.7A CN110443045B (en) | 2019-08-13 | 2019-08-13 | Fuzzy test case generation method based on machine learning method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910742264.7A CN110443045B (en) | 2019-08-13 | 2019-08-13 | Fuzzy test case generation method based on machine learning method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110443045A true CN110443045A (en) | 2019-11-12 |
CN110443045B CN110443045B (en) | 2020-12-15 |
Family
ID=68434770
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910742264.7A Active CN110443045B (en) | 2019-08-13 | 2019-08-13 | Fuzzy test case generation method based on machine learning method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110443045B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110708344A (en) * | 2019-11-22 | 2020-01-17 | 中电科仪器仪表有限公司 | Vulnerability detection method and system based on fuzzy technology |
CN111767546A (en) * | 2020-06-17 | 2020-10-13 | 北京理工大学 | Deep learning-based input structure inference method and device |
CN112559377A (en) * | 2020-12-25 | 2021-03-26 | 上海高顿教育科技有限公司 | Method and device for generating first test case |
CN112733146A (en) * | 2020-12-31 | 2021-04-30 | 平安医疗健康管理股份有限公司 | Penetration testing method, device and equipment based on machine learning and storage medium |
CN112948255A (en) * | 2021-03-23 | 2021-06-11 | 北京鸿腾智能科技有限公司 | Distributed kernel fuzzing test system and method |
CN113297060A (en) * | 2020-05-11 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Data testing method and device |
CN113742204A (en) * | 2020-05-27 | 2021-12-03 | 南京大学 | Deep learning operator testing tool based on fuzzy test |
CN114117454A (en) * | 2021-12-10 | 2022-03-01 | 中国电子科技集团公司第十五研究所 | Seed optimization method based on vulnerability prediction model |
CN117435178A (en) * | 2023-12-20 | 2024-01-23 | 厦门东软汉和信息科技有限公司 | Code generation system, method, device and storage medium |
CN117555814A (en) * | 2024-01-11 | 2024-02-13 | 三六零数字安全科技集团有限公司 | Software testing method and device, storage medium and terminal |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140090071A1 (en) * | 2012-09-21 | 2014-03-27 | University Of Limerick | Systems and Methods for Runtime Adaptive Security to Protect Variable Assets |
CN104573524A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Fuzz testing method based on static detection |
US20170177765A1 (en) * | 2015-12-16 | 2017-06-22 | International Business Machines Corporation | Test case generation |
CN107832228A (en) * | 2017-11-29 | 2018-03-23 | 北京锐安科技有限公司 | A kind of test case reduction method, device, equipment and storage medium |
CN107957944A (en) * | 2017-11-24 | 2018-04-24 | 浙江大学 | The automatic example generation method of user oriented data cover rate |
CN108647520A (en) * | 2018-05-15 | 2018-10-12 | 浙江大学 | A kind of intelligent fuzzy test method and system based on fragile inquiry learning |
CN109597767A (en) * | 2018-12-19 | 2019-04-09 | 中国人民解放军国防科技大学 | Genetic variation-based fuzzy test case generation method and system |
CN109739755A (en) * | 2018-12-27 | 2019-05-10 | 北京理工大学 | A kind of fuzz testing system executed based on program trace and mixing |
-
2019
- 2019-08-13 CN CN201910742264.7A patent/CN110443045B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140090071A1 (en) * | 2012-09-21 | 2014-03-27 | University Of Limerick | Systems and Methods for Runtime Adaptive Security to Protect Variable Assets |
CN104573524A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Fuzz testing method based on static detection |
US20170177765A1 (en) * | 2015-12-16 | 2017-06-22 | International Business Machines Corporation | Test case generation |
CN107957944A (en) * | 2017-11-24 | 2018-04-24 | 浙江大学 | The automatic example generation method of user oriented data cover rate |
CN107832228A (en) * | 2017-11-29 | 2018-03-23 | 北京锐安科技有限公司 | A kind of test case reduction method, device, equipment and storage medium |
CN108647520A (en) * | 2018-05-15 | 2018-10-12 | 浙江大学 | A kind of intelligent fuzzy test method and system based on fragile inquiry learning |
CN109597767A (en) * | 2018-12-19 | 2019-04-09 | 中国人民解放军国防科技大学 | Genetic variation-based fuzzy test case generation method and system |
CN109739755A (en) * | 2018-12-27 | 2019-05-10 | 北京理工大学 | A kind of fuzz testing system executed based on program trace and mixing |
Non-Patent Citations (4)
Title |
---|
LINING XU 等: "New Challenge of Protecting Privacy due to Stained Recognition", 《2016 IEEE 40TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC)》 * |
PONCE,P 等: "Deep learning for automatic usability evaluations based on images: A case study of the usability heuristics of thermostats", 《ENERGY AND BUILDINGS》 * |
周鹏 等: "一种评估漏洞扫描工具效果的测试集生成方法", 《科技视界》 * |
唐奔宵 等: "基于差分隐私的Android物理传感器侧信道防御方法", 《物联网安全专题》 * |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110708344A (en) * | 2019-11-22 | 2020-01-17 | 中电科仪器仪表有限公司 | Vulnerability detection method and system based on fuzzy technology |
CN110708344B (en) * | 2019-11-22 | 2022-03-04 | 中电科思仪科技股份有限公司 | Vulnerability detection method and system based on fuzzy technology |
CN113297060A (en) * | 2020-05-11 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Data testing method and device |
CN113742204A (en) * | 2020-05-27 | 2021-12-03 | 南京大学 | Deep learning operator testing tool based on fuzzy test |
CN113742204B (en) * | 2020-05-27 | 2023-12-12 | 南京大学 | Deep learning operator testing method based on fuzzy test |
CN111767546B (en) * | 2020-06-17 | 2022-09-16 | 北京理工大学 | Deep learning-based input structure inference method and device |
CN111767546A (en) * | 2020-06-17 | 2020-10-13 | 北京理工大学 | Deep learning-based input structure inference method and device |
CN112559377A (en) * | 2020-12-25 | 2021-03-26 | 上海高顿教育科技有限公司 | Method and device for generating first test case |
CN112733146A (en) * | 2020-12-31 | 2021-04-30 | 平安医疗健康管理股份有限公司 | Penetration testing method, device and equipment based on machine learning and storage medium |
CN112948255A (en) * | 2021-03-23 | 2021-06-11 | 北京鸿腾智能科技有限公司 | Distributed kernel fuzzing test system and method |
CN112948255B (en) * | 2021-03-23 | 2024-05-14 | 三六零数字安全科技集团有限公司 | Distributed kernel fuzzy test system and method |
CN114117454A (en) * | 2021-12-10 | 2022-03-01 | 中国电子科技集团公司第十五研究所 | Seed optimization method based on vulnerability prediction model |
CN117435178A (en) * | 2023-12-20 | 2024-01-23 | 厦门东软汉和信息科技有限公司 | Code generation system, method, device and storage medium |
CN117435178B (en) * | 2023-12-20 | 2024-03-15 | 厦门东软汉和信息科技有限公司 | Code generation system, method, device and storage medium |
CN117555814A (en) * | 2024-01-11 | 2024-02-13 | 三六零数字安全科技集团有限公司 | Software testing method and device, storage medium and terminal |
CN117555814B (en) * | 2024-01-11 | 2024-05-10 | 三六零数字安全科技集团有限公司 | Software testing method and device, storage medium and terminal |
Also Published As
Publication number | Publication date |
---|---|
CN110443045B (en) | 2020-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110443045A (en) | A kind of fuzz testing case generation method based on machine learning method | |
CN107360152A (en) | A kind of Web based on semantic analysis threatens sensory perceptual system | |
Liu et al. | Locate-Then-Detect: Real-time Web Attack Detection via Attention-based Deep Neural Networks. | |
CN114172701A (en) | Knowledge graph-based APT attack detection method and device | |
Sarwar et al. | Design of an advance intrusion detection system for IoT networks | |
CN110191096A (en) | A kind of term vector homepage invasion detection method based on semantic analysis | |
CN117081858B (en) | Intrusion behavior detection method, system, equipment and medium based on multi-decision tree | |
CN108959368A (en) | A kind of information monitoring method, storage medium and server | |
Thamaraiselvi et al. | Attack and anomaly detection in iot networks using machine learning | |
CN112333128B (en) | Web attack behavior detection system based on self-encoder | |
Ashlam et al. | A novel approach exploiting machine learning to detect SQLi attacks | |
CN106874762A (en) | Android malicious code detecting method based on API dependence graphs | |
Samaan et al. | Feature-based real-time distributed denial of service detection in SDN using machine learning and Spark | |
CN112257076B (en) | Vulnerability detection method based on random detection algorithm and information aggregation | |
Alkawaz et al. | Identification and analysis of phishing website based on machine learning methods | |
CN110334510A (en) | A kind of malicious file detection technique based on random forests algorithm | |
CN111431883B (en) | Web attack detection method and device based on access parameters | |
Gaur et al. | HCTDDA: Hybrid Classification Technique for Detection of DDoS Attacks | |
CN116796323A (en) | Intelligent contract reentry attack detection method, system and terminal equipment | |
CN107682302A (en) | Cross-site scripting attack detection method and device | |
Nguyen et al. | Lightgbm-based ransomware detection using api call sequences | |
Elhag et al. | Toward an improved security performance of industrial internet of things systems | |
Wang et al. | TransIDS: A Transformer-based approach for intrusion detection in Internet of Things using Label Smoothing | |
KR20220009098A (en) | A Study on Malware Detection System Using Static Analysis and Stacking | |
Chauhan et al. | Design of intrusion detection system based on logical analysis of data (LAD) using information gain ratio |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |