CN109379329A - Network security protocol fuzz testing method and system based on LSTM - Google Patents

Network security protocol fuzz testing method and system based on LSTM Download PDF

Info

Publication number
CN109379329A
CN109379329A CN201811033742.9A CN201811033742A CN109379329A CN 109379329 A CN109379329 A CN 109379329A CN 201811033742 A CN201811033742 A CN 201811033742A CN 109379329 A CN109379329 A CN 109379329A
Authority
CN
China
Prior art keywords
fuzz testing
security protocol
network security
lstm
test case
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811033742.9A
Other languages
Chinese (zh)
Other versions
CN109379329B (en
Inventor
顾纯祥
申莹珠
陈熹
石雅男
李光松
郑永辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University of PLA Strategic Support Force
Original Assignee
Information Engineering University of PLA Strategic Support Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Engineering University of PLA Strategic Support Force filed Critical Information Engineering University of PLA Strategic Support Force
Priority to CN201811033742.9A priority Critical patent/CN109379329B/en
Publication of CN109379329A publication Critical patent/CN109379329A/en
Application granted granted Critical
Publication of CN109379329B publication Critical patent/CN109379329B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/12Computing arrangements based on biological models using genetic models
    • G06N3/126Evolutionary algorithms, e.g. genetic algorithms or genetic programming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Biophysics (AREA)
  • Computing Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Evolutionary Computation (AREA)
  • Molecular Biology (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Computational Linguistics (AREA)
  • Biomedical Technology (AREA)
  • Artificial Intelligence (AREA)
  • Genetics & Genomics (AREA)
  • Physiology (AREA)
  • Computer And Data Communications (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present invention provides a kind of network security protocol fuzz testing method and system based on LSTM.This method comprises: step 1, using initial test case collection carrying out initial fuzz testing to target network security protocol;Step 2 carries out vulnerability analysis to the target network security protocol according to the new execution route generated during fuzz testing, and using the new execution route as initial seed file set;Step 3, using the initial seed file set as training data, be trained to obtain LSTM model using deep neural network learner;Step 4 generates new test use cases using the LSTM model to target network security protocol progress fuzz testing.The system includes: the first fuzz testing module, vulnerability analysis module, LSTM model generation module and the second fuzz testing module.The present invention passes through the generating algorithm of training LSTM neural network model optimal inspection use-case, improves the code coverage of test case.

Description

Network security protocol fuzz testing method and system based on LSTM
Technical field
The present invention relates to technical field of network information safety, more particularly to the network security protocol fuzz testing based on LSTM Method and system.
Background technique
With the continuous propulsion of information revolution, network is at indispensable a part in for people's lives.Sensitive information exists Safe transmission issue concerns on network personal, enterprise or even country development.Security protocol based on cryptographic algorithm Information protection service is provided for user in internet, is an important content of information security field.But at the same time, network Security incident is broken out again and again, and growth trend is presented in cyberspace vulnerability quantity, and the network information security faces huge test.Therefore, Safety evaluation is carried out to network security protocol to have important practical significance.
For vulnerability analysis technology both at home and abroad there are many research, fuzz testing technology has become most popular at present Black box dynamic analysis technology, can to unknown system carry out it is simple and effective, automation, large-scale bug excavation.Fuzz testing Technology, exactly by providing unexpected input to target application and monitoring the exception in output find can not in target application The method of the code execution path or loophole of prediction.Compared to other vulnerability analysis methods, fuzz testing technical idea is simple Intuitively, it is easily achieved and is had partial automation characteristic, open source software or agreement can not only be tested, and be also suitable In binary program, application range is wider.
The basic framework of traditional fuzzy test method mainly includes test case constructor, fuzz testing engine, mesh to be measured Beacon course sequence and abnormal monitoring device.The test case that fuzz testing engine is generated based on certain algorithms selection test case constructor As input performance objective program.The entire treatment process of abnormal monitoring device monitoring objective program finds and positions target appearance Abnormal conditions, record saves exception and relevant information, analyzes so as to subsequent tender spots.
But at present to fuzz testing technology having some limitations property used in network protocol bug excavation.Due to network Agreement generally all can design data validation checking, such as checking algorithm, Encryption Algorithm etc., nowadays newly-designed network protocol is more It is generally to begin to use multistage verification or dynamic encryption algorithm.When target protocol is carried out using existing fuzz testing method When test, these checking algorithms or Encryption Algorithm can make the mass data packet in target protocol and be dropped because of invalid, lead Cause existing fuzz testing tool very narrow to the test coverage of target protocol, efficiency is lower.Therefore, occur some fuzzy Test method solves the problems, such as this by reappearing checking algorithm or the Encryption Algorithm of target protocol, but operating process is complicated and right The reproduction difficulty of complicated checking algorithm or Encryption Algorithm is then bigger.
Summary of the invention
To solve the above-mentioned problems in the prior art, the present invention provides a kind of network security protocol mould based on LSTM Paste test method and system.
On the one hand, the present invention provides a kind of network security protocol fuzz testing method based on LSTM, this method include with Lower step:
Step 1 carries out fuzz testing to target network security protocol using initial test case collection;
Step 2 carries out fragility to the target network security protocol according to the new execution route generated during fuzz testing Analysis, and using the new execution route as initial seed file set;
Step 3, using the initial seed file set as training data, be trained to obtain using deep neural network learner LSTM model;
Step 4 is generated new test use cases using the LSTM model and carries out fuzzy survey to the target network security protocol Examination.
Further, this method further include:
Obtain the realization source code of target network security protocol;
Processing is carried out to the realization source code using default generating algorithm and generates initial test case collection.
Further, after the realization source code for obtaining target network security protocol further include: carried out to the realization source code slotting Pile beacon note;Correspondingly,
Processing is carried out to the realization source code using default generating algorithm and generates initial test case collection specifically:
Processing is carried out to the realization source code after pitching pile using default generating algorithm and generates initial test case collection.
Further, the default generating algorithm is genetic algorithm or random variation algorithm.
On the other hand, the present invention provides a kind of network security protocol fuzz testing system based on LSTM, which includes:
First fuzz testing module, for carrying out fuzz testing to target network security protocol using initial test case collection;
Vulnerability analysis module, for being assisted safely according to the new execution route generated during fuzz testing to the target network View carries out vulnerability analysis, and using the new execution route as initial seed file set;
LSTM model generation module, for utilizing deep neural network using the initial seed file set as training data Device is practised to be trained to obtain LSTM model;
Second fuzz testing module, for generating new test use cases to the target network safety using the LSTM model Agreement carries out fuzz testing.
Further, the system further include:
Source code obtains module, for obtaining the realization source code of target network security protocol;
Initial test case generation module generates initial survey for carrying out processing to the realization source code using default generating algorithm Try set of uses case.
Further, the system further include: pitching pile mark module, for carrying out pitching pile label to the realization source code;Phase Ying Di,
The initial test case generation module is specifically used for:
Processing is carried out to the realization source code after pitching pile using default generating algorithm and generates initial test case collection.
Further, the default generating algorithm is genetic algorithm or random variation algorithm.
Beneficial effects of the present invention:
Network security protocol fuzz testing method and system provided by the invention based on LSTM use initial test case first Collect (can be previously obtained by traditional generating algorithm) and initial fuzz testing is carried out to target network security protocol, constantly excavation target The new execution route of network security protocol, is then continuously added deep neural network for new execution route as initial seed file The tranining database of learner, training obtain LSTM model and generate more suitable targets network security protocol using the LSTM model New test case, and then using new test case carry out fuzz testing.In this way, since new test case is according to LSTM mould What type generated, and the LSTM model is then the new execution road that target network security protocol constantly generates during fuzz testing Diameter training obtains, this indicates that new test case can cover the code of the target network security protocol of the overwhelming majority, i.e., The present invention obtains the generation of LSTM model and then optimal inspection use-case using the intelligent feature training of deep neural network model Algorithm improves the code coverage of test case.
Also, the present invention by further use pitching pile mode to target network security protocol carry out pitching pile label so that Initial test case collection has certain guiding performance, and efficiently solving leads to mass data quilt because of checking algorithm or cryptographic algorithm The problem of discarding, further improves the code coverage of test case, improves fuzz testing efficiency.
Detailed description of the invention
Fig. 1 is that the process of the network security protocol fuzz testing method provided in an embodiment of the present invention based on LSTM is illustrated Figure;
Fig. 2 is the process signal for the network security protocol fuzz testing method based on LSTM that further embodiment of this invention provides Figure;
Fig. 3 is the structural schematic diagram of the network security protocol fuzz testing system provided in an embodiment of the present invention based on LSTM;
Fig. 4 is the structural representation for the network security protocol fuzz testing system based on LSTM that further embodiment of this invention provides Figure;
Fig. 5 is the schematic diagram of first validity test use-case of OpenSSH provided in an embodiment of the present invention;
Fig. 6 is 10 minutes " initial seed file set " schematic diagrames generated of test provided in an embodiment of the present invention;
Fig. 7 be it is provided in an embodiment of the present invention test 9 hours 30 it is mitogenetic at " initial seed file set " schematic diagram;
Fig. 8 is the comparing result schematic diagram of 303 provided in an embodiment of the present invention " initial seed file " tests about 30 minutes;
Fig. 9 is the comparing result schematic diagram of 500 provided in an embodiment of the present invention " initial seed file " tests about 5 hours.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached in the embodiment of the present invention Figure, technical solution in the embodiment of the present invention are explicitly described, it is clear that described embodiment is a part of the invention Embodiment, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making wound Every other embodiment obtained under the premise of the property made labour, shall fall within the protection scope of the present invention.
Fig. 1 is that the process of the network security protocol fuzz testing method provided in an embodiment of the present invention based on LSTM is illustrated Figure.As shown in Figure 1, method includes the following steps:
S101, fuzz testing is carried out to target network security protocol using initial test case collection;
S102, fragility is carried out to the target network security protocol according to the new execution route generated during fuzz testing Property analysis, and using the new execution route as initial seed file set;
Specifically, the fuzz testing process in this step includes the mould in the fuzz testing process and step S104 in step S101 Paste test process.Vulnerability analysis refers to judges target network security protocol with the presence or absence of possible fragility using new execution route Point.
S103, using the initial seed file set as training data, be trained using deep neural network learner Obtain LSTM model;
S104, new test use cases are generated using the LSTM model target network security protocol is obscured Test.
As can be seen from the above-described embodiment, the network security protocol fuzzy control provided in an embodiment of the present invention based on LSTM Method first carries out just initial test case collection to target network security protocol on the basis of traditional fuzzy test method Beginning fuzz testing constantly excavates the new execution route of target network security protocol, then using new execution route as initial seed File is continuously added the tranining database of deep neural network learner, and training obtains the new of more suitable targets network security protocol Then test case carries out fuzz testing again to target network security protocol using new test case, and by fuzz testing mistake Tranining database is added as initial seed file in the new execution route generated in journey, forms the fuzz testing stream of a circulation Journey.In this way, generated due to new test case according to new execution route, and new execution route is pacified according to target network Full agreement obtains, this indicates that new test case can cover the code of the target network security protocol of the overwhelming majority, i.e., originally Inventive embodiments obtain LSTM model and then optimal inspection use-case using the intelligent feature training of deep neural network model Generating algorithm improves the code coverage of test case.
Fig. 2 is that the process for the network security protocol fuzz testing method based on LSTM that further embodiment of this invention provides is shown It is intended to.As shown in Fig. 2, this method comprises:
S201, the realization source code for obtaining target network security protocol;
S202, processing generation initial test case collection is carried out to the realization source code using default generating algorithm;
S203, fuzz testing is carried out to the target network security protocol using initial test case collection;
S204, fragility point is carried out to the target network security protocol according to the new execution route generated during fuzz testing Analysis, and using the new execution route as initial seed file set;
S205, using the initial seed file set as training data, be trained to obtain using deep neural network learner LSTM model;
S206, new test use cases are generated using the LSTM model fuzzy survey is carried out to the target network security protocol Examination.
As can be seen from the above-described embodiment, the generation of initial test case collection can be with the realization source of target network security protocol Code is reference, then using default generating algorithm, such as genetic algorithm or random variation algorithm, at the realization source code Reason generates initial test case collection.It will thus be seen that the present invention is when carrying out fuzz testing, by traditional test use-case generating algorithm It is combined with the exclusive LSTM model generation algorithm of the present invention, improves the code coverage of test case, and improve fuzzy survey Try efficiency.
On the basis of the above embodiments, after the realization source code for obtaining target network security protocol further include: to institute It states and realizes that source code carries out pitching pile label;Correspondingly,
Processing is carried out to the realization source code using default generating algorithm and generates initial test case collection specifically:
Processing is carried out to the realization source code after pitching pile using default generating algorithm and generates initial test case collection.
Specifically, the embodiment of the present invention is difficult to break through data validation, rule hardly possible for traditional fuzzy test method To formulate, be difficult to generate the difficulty of high quality test case, use pitching pile mode to realization source to when realizing that source code is compiled Code is marked, and is then handled the realization source code after pitching pile using traditional Test cases generation algorithm so as to produce The raw initial test case for having more guiding performance, and the LSTM neural network model for combining the present invention exclusive advanced optimizes test The generating algorithm of use-case improves code coverage.
Fig. 3 is the structural representation of the network security protocol fuzz testing system provided in an embodiment of the present invention based on LSTM Figure.As shown in figure 3, the system includes: the first fuzz testing module 301, vulnerability analysis module 302, LSTM model generation mould Block 303 and the second fuzz testing module 304.Wherein:
First fuzz testing module 301 is used to carry out fuzzy survey to target network security protocol using initial test case collection Examination;Vulnerability analysis module 302 is according to the new execution route generated during fuzz testing to the target network security protocol Vulnerability analysis is carried out, and using the new execution route as initial seed file set;LSTM model generation module 303 be used for The initial seed file set is trained to obtain LSTM model using deep neural network learner as training data;The Two fuzz testing modules 304 are used to generate new test use cases to the target network security protocol using the LSTM model Carry out fuzz testing.
" the first fuzz testing module " and " the second fuzz testing module " in this implementation is obscured merely to distinguishing Test test use cases used are different, and should not be construed as the restriction to the embodiment of the present invention.
On the basis of the above embodiments, system further include: source code obtains module and initial test case generation module. Wherein, source code obtains the realization source code that module is used to obtain target network security protocol;Initial test case generation module is used for Processing is carried out to the realization source code using default generating algorithm (such as genetic algorithm or random variation algorithm) and generates initial survey Try set of uses case.
On the basis of the above embodiments, system further include: pitching pile mark module.The pitching pile mark module for pair The realization source code carries out pitching pile label;Correspondingly,
The initial test case generation module is specifically used for: the default generating algorithm of use (such as genetic algorithm or random variation Algorithm) processing generation initial test case collection is carried out to the realization source code after pitching pile.
It should be noted that the network security protocol fuzz testing system provided in an embodiment of the present invention based on LSTM be for Realize the above method, function specifically refers to above method embodiment, details are not described herein again.
Fig. 4 is that the structure for the network security protocol fuzz testing system based on LSTM that further embodiment of this invention provides is shown It is intended to.As shown in figure 4, the network security protocol fuzz testing system framework based on LSTM specifically includes that targeted security agreement, depth Spend neural network learning device, fuzz testing device and vulnerability analysis four module.
Targeted security agreement is to need to carry out the goal systems of fuzz testing.The mould of pitching pile mode when the present invention combines compiling Paste measuring technology needs the realization source code of known target security protocol to need if the binary system of only targeted security agreement is realized QUME is wanted to support, testing efficiency can decrease.
Deep neural network learner is the emphasis module that the present invention designs, and is used for improving to test in fuzz testing The generating algorithm of example.The test use cases that the module generates when target network security protocol is carried out initial fuzz testing are as instruction Practice data, trains on the server, learns effective LSTM neural network model out, help improves original Test cases technology effect Rate.The time response for constantly discovering " execution route " in fuzz testing according to training data, uses LSTM neural network mould Type is learnt and is tested.
Fuzz testing device is made of test case generator and fuzz testing engine two parts.Test case generator is in original On the basis of beginning Test cases generation algorithm, it is added to the method that LSTM model generates.Original Test cases generation algorithm is main It is the product that the comprehensive traditional means of AFL-fuzz frame obtain including traditional certain methods, such as genetic algorithm.Such as random variation Algorithm, random variation algorithm are in Linux system, based on generating new survey after/dev/urandom random variation random bytes The method of example on probation.The method that LSTM model generates is then based on deep neural network learner instruction in design framework of the present invention Practice, the LSTM model that study obtains automatically generates.
The method that fuzz testing device carries out pitching pile to target source code in initial compilation, can effectively break through protocol realization system The many conditions limitation of system when being executed, it can be found that the indiscoverable more deeper execution roads of traditional fuzzy test Diameter.
Vulnerability analysis module is mainly to be assisted safely according to the execution route generated during fuzz testing to target network View carries out vulnerability analysis, judges whether there is possible tender spots.It on the other hand, can be fuzzy according to pitching pile mode when compiling The characteristic of measuring technology, it may be found that the training data that " the initial seed file " of execution route learns as neural network model, To continue more efficient fuzz testing after improving method for generating test case.
Below fuzz testing method proposed by the invention will be verified in network protocol vulnerability analysis by experiment simulation Effect in research.
The open source that the embodiment of the present invention chooses SSH realizes that OpenSSH is test target agreement, is based on AFL-fuzz frame, In conjunction with LSTM neural network model, verify proposition based on the fuzz testing method of LSTM model refinement in network protocol fragility Effect in analysis and research.Concrete thought is as follows:
Using the server end demons sshd of OpenSSH as target, by the way that OpenSSH finger daemon is operated in Inetd mode monitors web socket, and the interaction data for obtaining ssh and sshd program in OpenSSH is reset.If can success Connection is logged in, carries out fuzz testing using AFL-fuzz as initial test case.It is obtained within certain CPU time " initial seed file set " S is calculated using AFL-fuzz original Test cases technology respectively then using S as training dataset Method, random variation, LSTM neural network model generate new test case.Use new test case as input file again It executes AFL-fuzz and carries out fuzz testing, compare the effect of three kinds of methods.
One, experimental situation
Test macro: Intel core i7-4790 processor, 16.04 system of Ubuntu, 8G memory;Test target: OpenSSH-Portable-V_7_5;Fuzz testing tool: AFL-fuzz 2.52b;Neural network model learning framework: TensorFlow,Keras;Neural network model learns GPU:8*GTX1080;Programming language: Python, C;Auxiliary tool: 010Editor。
Two, description of test
(1) it in order to improve efficiency when AFL-fuzz fuzz testing, on the basis of AFL-fuzz 2.52b is installed, is also mounted Clang and LLVM makes it support LLVM_mode.(2) it tests all fuzz testing parts to test under single CPU environment, LSTM Model learning and generation test case part carry out on 8GPU server.
Three, effective test case is constructed
During initial compilation, pre-processed:
(1) OpenSSH in order to prevent " Replay Attack ", has used random train during shake hands, it is therefore desirable to disable its with Machine is concatenated the validity grown up to be a useful person to guarantee initial test case.
(2) need to disable the cyclic redundancy check value (CRC) and message authentication code (MAC) of server end message.This is Because if not disabling verification, it will limit program verifying the single bit upset of data and continue to execute, lead to fuzz testing Efficiency is extremely low.In this way if detecting program bug, the test that can turn around carefully to modify triggering tender spots again is used Example, it is possible to obtain an energy and pass through the test case of verification.
(3) this test is primarily to verify neural network model the fuzz testing skill of pitching pile mode when with based on compiling Art combines the improvement for network security protocol Test cases technology effect.Therefore only to the initial handshake protocol of unencryption with Key exchange process carries out fuzz testing.
After a series of pretreatment, we have obtained the validity test use-case case that first size is 2.4KB, make It is checked with tool 010Editor, as shown in Figure 5.
AFL-fuzz is used to obscure sshd program as input file first validity test use-case of generation Test, due to constantly will be seen that team is added as new test case in the variation file of new execution route in its implementation procedure Column, therefore execute after certain CPU time available " initial seed file set "." initial seed file set " is somebody's turn to do in definition are as follows: S ={ S1,S2,…Sn}。
This experiment is executed AFL-fuzz and has been carried out respectively 10 minutes and 9 small using first validity test use-case of construction When 30 minutes fuzz testings, implementing result is shown in Fig. 6, Fig. 7.
As can be seen that AFL-fuzz is executed about after ten minutes, 303 execution routes are had found altogether, therefore also corresponding raw At 303 " seed files ", i.e. S={ S1,S2,…S303}.Due to training data size for deep neural network mould Type learning effect has larger impact, this test also 500 " seed files " progress to generating after 30 points of fuzz testing 9 hours Relevant comparative test.
Method 1 --- original method (abbreviation orig):
Using " initial seed file set " S as training data, 200 are generated using AFL-fuzz original Test cases generation algorithm Test case is that input (orig-select-200) re-executes fuzz testing with 200 newly-generated test cases;
Method 2 --- random variation algorithm (abbreviation random):
Using " initial seed file set " S as training data, randomly select 200 " seed files ", based on/dev/urandom with Machine makes a variation after random bytes therein, is that input (random-select-200) is held again with 200 newly-generated test cases Row fuzz testing;
Method 3 --- LSTM model (abbreviation LSTM):
Using " initial seed file set " S as training data, on the server of 8GPU using TensorFlow and Kera frame into The training study of row LSTM neural network model.The training set that all " seed files " in S is connected as neural network, LSTM Model is as follows: input layer includes 128 neurons, and only 1 LSTM middle layer uses softmax excitation function in output layer, Use RMSprop as majorized function, learning rate takes 0.01, uses categorical cross-entropy as loss letter Number.To model and new test case is generated by study in about 29 hours, takes 200 conducts to re-start after segmentation fuzzy The input (LSTM-learned-200) of test.
Re-starting fuzz testing using three kinds of distinct methods generation test cases, the results are shown in Table 1.
1 three kinds of distinct methods of table generate the Contrast on effect of test case
As shown in table 1, wherein discovery total number of paths can intuitively reflect very much with discovery new route number (uniq path) Input the code coverage situation that " seed file " executes fuzz testing.Favored path number refers to that fuzz testing device compares Interested number of path, New edges on number refer to the number of " seed file " that can cause more preferable edges cover, time-out Number is to lead to " seed file " quantity of fuzz testing program time-out.These data item can be at some extent as weighing apparatus Measure the reference index of test case code coverage effect.
Four, analysis of experimental results
According to the Different Results that above-mentioned three kinds of methods are tested, respectively obtains and use different size " seed file " as training Collection generate new test case " seed file " and re-start fuzz testing as a result, comparison such as Fig. 8, Fig. 9.
By result above compare in can be clear that:
(1) code coverage that three kinds of methods are tested in Fig. 8 is all lower compared with Fig. 9.This has been absolutely proved in generating algorithm In, training set is bigger, and the training time is longer, and effect is better.
(2) in Fig. 8, AFL-fuzz original method (orig) effect is best, discovery total path 324, discovery new route 124 It is a;LSTM model (LSTM) effect is taken second place, discovery total path 248, discovery new route 48;Random variation algorithm (random) Effect is worst, discovery total path 246, discovery new route 46.
(3) in Fig. 9, LSTM model finds that total path 374, discovery new route 174, random variation algorithm find total road 319, diameter, discovery new route 119, AFL-fuzz original method find total path 242, discovery new route 42.Therefore exist It was found that LSTM model is most strong on path capability, random variation algorithm takes second place, and AFL-fuzz original method is worst.The discovery of LSTM model Path capability ratio AFL-fuzz original method improves about 54%, improves about 17% than random variation algorithm.
(4) (2) and (3) are combined to consider, it is seen that with the increase of training set, the increase of training time, LSTM The ability of model learning is just increasingly stronger.
Experiment showed within the identical CPU time, was based on identical training dataset, and method proposed by the present invention can look for To more, the more interested program execution path of fuzz testing device, more target protocol codes are covered, to effectively improve needle To the efficiency of the fuzz testing of network security protocol.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features; And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and Range.

Claims (8)

1. the network security protocol fuzz testing method based on LSTM characterized by comprising
Step 1 carries out fuzz testing to target network security protocol using initial test case collection;
Step 2 carries out fragility to the target network security protocol according to the new execution route generated during fuzz testing Analysis, and using the new execution route as initial seed file set;
Step 3, using the initial seed file set as training data, be trained to obtain using deep neural network learner LSTM model;
Step 4 is generated new test use cases using the LSTM model and carries out fuzzy survey to the target network security protocol Examination.
2. the method according to claim 1, wherein further include:
Obtain the realization source code of target network security protocol;
Processing is carried out to the realization source code using default generating algorithm and generates initial test case collection.
3. according to the method described in claim 2, it is characterized in that, after the realization source code for obtaining target network security protocol Further include: pitching pile label is carried out to the realization source code;Correspondingly,
Processing is carried out to the realization source code using default generating algorithm and generates initial test case collection specifically:
Processing is carried out to the realization source code after pitching pile using default generating algorithm and generates initial test case collection.
4. according to the method described in claim 2, it is characterized in that, the default generating algorithm is genetic algorithm or random variation Algorithm.
5. the network security protocol fuzz testing system based on LSTM characterized by comprising
First fuzz testing module, for carrying out fuzz testing to target network security protocol using initial test case collection;
Vulnerability analysis module, for being assisted safely according to the new execution route generated during fuzz testing to the target network View carries out vulnerability analysis, and using the new execution route as initial seed file set;
LSTM model generation module, for utilizing deep neural network using the initial seed file set as training data Device is practised to be trained to obtain LSTM model;
Second fuzz testing module, for generating new test use cases to the target network safety using the LSTM model Agreement carries out fuzz testing.
6. system according to claim 5, which is characterized in that further include:
Source code obtains module, for obtaining the realization source code of target network security protocol;
Initial test case generation module generates initial survey for carrying out processing to the realization source code using default generating algorithm Try set of uses case.
7. system according to claim 6, which is characterized in that further include:
Pitching pile mark module, for carrying out pitching pile label to the realization source code;Correspondingly,
The initial test case generation module is specifically used for:
Processing is carried out to the realization source code after pitching pile using default generating algorithm and generates initial test case collection.
8. system according to claim 6, which is characterized in that the default generating algorithm is genetic algorithm or random variation Algorithm.
CN201811033742.9A 2018-09-05 2018-09-05 Network security protocol fuzzy test method and system based on LSTM Active CN109379329B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811033742.9A CN109379329B (en) 2018-09-05 2018-09-05 Network security protocol fuzzy test method and system based on LSTM

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811033742.9A CN109379329B (en) 2018-09-05 2018-09-05 Network security protocol fuzzy test method and system based on LSTM

Publications (2)

Publication Number Publication Date
CN109379329A true CN109379329A (en) 2019-02-22
CN109379329B CN109379329B (en) 2021-12-21

Family

ID=65404960

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811033742.9A Active CN109379329B (en) 2018-09-05 2018-09-05 Network security protocol fuzzy test method and system based on LSTM

Country Status (1)

Country Link
CN (1) CN109379329B (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110365678A (en) * 2019-07-15 2019-10-22 北京工业大学 A kind of industry control network protocol bug excavation method based on anti-sample
CN110502432A (en) * 2019-07-23 2019-11-26 平安科技(深圳)有限公司 Intelligent test method, device, equipment and readable storage medium storing program for executing
CN110505111A (en) * 2019-07-09 2019-11-26 杭州电子科技大学 The industry control agreement fuzz testing method reset based on flow
CN111092775A (en) * 2019-12-30 2020-05-01 河南省云迈瀚海电子科技有限公司 Network protocol security test evaluation method based on model learning
CN111124937A (en) * 2020-03-31 2020-05-08 深圳开源互联网安全技术有限公司 Method and system for assisting in improving test case generation efficiency based on instrumentation function
CN111897734A (en) * 2020-08-07 2020-11-06 北京理工大学 Fuzzy test case selection method and device based on online incremental learning
CN111897729A (en) * 2020-08-03 2020-11-06 北京理工大学 TensorFuzz-based deep neural network fuzzy test framework and test method
CN111913876A (en) * 2020-07-03 2020-11-10 北京惠而特科技有限公司 Industrial control DPI engine AFL fuzzy test method and device and electronic equipment
CN112073242A (en) * 2020-09-08 2020-12-11 中国人民解放军陆军工程大学 Method for generating and applying network protocol fuzzy test case
WO2021031279A1 (en) * 2019-08-20 2021-02-25 东北大学 Deep-learning-based intelligent pneumonia diagnosis system and method for x-ray chest radiograph
CN112445709A (en) * 2020-11-30 2021-03-05 安徽工业大学 Method and device for solving AFL test model data imbalance through GAN
CN112632557A (en) * 2020-12-22 2021-04-09 厦门大学 Kernel vulnerability mining method, medium, equipment and device based on fuzzy test
CN112925710A (en) * 2021-02-26 2021-06-08 西南民族大学 Fuzzy testing method based on gradient descent optimization
CN113076545A (en) * 2021-04-20 2021-07-06 湖南大学 Deep learning-based kernel fuzzy test sequence generation method
CN113114534A (en) * 2021-04-08 2021-07-13 苏煜程 Hybrid network fuzzy test tool based on neural network
CN113111329A (en) * 2021-06-11 2021-07-13 四川大学 Password dictionary generation method and system based on multi-sequence long-term and short-term memory network
CN113407443A (en) * 2021-06-02 2021-09-17 贝格迈思(深圳)科技有限公司 Efficient fuzzy test method based on GPU binary code translation
CN113743572A (en) * 2020-05-27 2021-12-03 南京大学 Artificial neural network testing method based on fuzzy
CN114650163A (en) * 2022-01-21 2022-06-21 中国人民解放军战略支援部队信息工程大学 Stateful network protocol-oriented fuzzy test method and system
CN114944997A (en) * 2022-03-24 2022-08-26 浙江大华技术股份有限公司 Protocol detection method, protocol detection device and computer readable storage medium
CN116016297A (en) * 2022-12-27 2023-04-25 中国联合网络通信集团有限公司 Communication monitoring system and method based on artificial intelligence

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103914383A (en) * 2014-04-04 2014-07-09 福州大学 Fuzz testing system on basis of multi-swarm collaboration evolution genetic algorithm
CN104573524A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Fuzz testing method based on static detection
CN107153605A (en) * 2016-03-02 2017-09-12 阿里巴巴集团控股有限公司 The generation method and device of test sample
CN107193731A (en) * 2017-05-12 2017-09-22 北京理工大学 Use the fuzz testing coverage rate improved method of control variation
CN108171064A (en) * 2018-01-29 2018-06-15 中国人民解放军战略支援部队信息工程大学 A kind of sample format guard method and device for ash box fuzz testing
CN108416219A (en) * 2018-03-18 2018-08-17 西安电子科技大学 A kind of Android binary files leak detection method and system
CN108470003A (en) * 2018-03-24 2018-08-31 中科软评科技(北京)有限公司 Fuzz testing methods, devices and systems

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103914383A (en) * 2014-04-04 2014-07-09 福州大学 Fuzz testing system on basis of multi-swarm collaboration evolution genetic algorithm
CN104573524A (en) * 2014-12-19 2015-04-29 中国航天科工集团第二研究院七〇六所 Fuzz testing method based on static detection
CN107153605A (en) * 2016-03-02 2017-09-12 阿里巴巴集团控股有限公司 The generation method and device of test sample
CN107193731A (en) * 2017-05-12 2017-09-22 北京理工大学 Use the fuzz testing coverage rate improved method of control variation
CN108171064A (en) * 2018-01-29 2018-06-15 中国人民解放军战略支援部队信息工程大学 A kind of sample format guard method and device for ash box fuzz testing
CN108416219A (en) * 2018-03-18 2018-08-17 西安电子科技大学 A kind of Android binary files leak detection method and system
CN108470003A (en) * 2018-03-24 2018-08-31 中科软评科技(北京)有限公司 Fuzz testing methods, devices and systems

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110505111A (en) * 2019-07-09 2019-11-26 杭州电子科技大学 The industry control agreement fuzz testing method reset based on flow
CN110365678A (en) * 2019-07-15 2019-10-22 北京工业大学 A kind of industry control network protocol bug excavation method based on anti-sample
CN110502432A (en) * 2019-07-23 2019-11-26 平安科技(深圳)有限公司 Intelligent test method, device, equipment and readable storage medium storing program for executing
CN110502432B (en) * 2019-07-23 2023-11-28 平安科技(深圳)有限公司 Intelligent test method, device, equipment and readable storage medium
WO2021031279A1 (en) * 2019-08-20 2021-02-25 东北大学 Deep-learning-based intelligent pneumonia diagnosis system and method for x-ray chest radiograph
CN111092775A (en) * 2019-12-30 2020-05-01 河南省云迈瀚海电子科技有限公司 Network protocol security test evaluation method based on model learning
CN111124937A (en) * 2020-03-31 2020-05-08 深圳开源互联网安全技术有限公司 Method and system for assisting in improving test case generation efficiency based on instrumentation function
CN113743572A (en) * 2020-05-27 2021-12-03 南京大学 Artificial neural network testing method based on fuzzy
CN111913876B (en) * 2020-07-03 2023-06-27 北京惠而特科技有限公司 AFL fuzzy test method and device for industrial control DPI engine and electronic equipment
CN111913876A (en) * 2020-07-03 2020-11-10 北京惠而特科技有限公司 Industrial control DPI engine AFL fuzzy test method and device and electronic equipment
CN111897729B (en) * 2020-08-03 2022-08-19 北京理工大学 TensorFuzz-based deep neural network fuzzy test framework and test method
CN111897729A (en) * 2020-08-03 2020-11-06 北京理工大学 TensorFuzz-based deep neural network fuzzy test framework and test method
CN111897734B (en) * 2020-08-07 2022-08-19 北京理工大学 Fuzzy test case selection method and device based on online incremental learning
CN111897734A (en) * 2020-08-07 2020-11-06 北京理工大学 Fuzzy test case selection method and device based on online incremental learning
CN112073242A (en) * 2020-09-08 2020-12-11 中国人民解放军陆军工程大学 Method for generating and applying network protocol fuzzy test case
CN112445709A (en) * 2020-11-30 2021-03-05 安徽工业大学 Method and device for solving AFL test model data imbalance through GAN
CN112632557A (en) * 2020-12-22 2021-04-09 厦门大学 Kernel vulnerability mining method, medium, equipment and device based on fuzzy test
CN112925710A (en) * 2021-02-26 2021-06-08 西南民族大学 Fuzzy testing method based on gradient descent optimization
CN112925710B (en) * 2021-02-26 2022-05-20 西南民族大学 Fuzzy testing method based on gradient descent optimization
CN113114534A (en) * 2021-04-08 2021-07-13 苏煜程 Hybrid network fuzzy test tool based on neural network
CN113076545A (en) * 2021-04-20 2021-07-06 湖南大学 Deep learning-based kernel fuzzy test sequence generation method
CN113407443A (en) * 2021-06-02 2021-09-17 贝格迈思(深圳)科技有限公司 Efficient fuzzy test method based on GPU binary code translation
CN113111329A (en) * 2021-06-11 2021-07-13 四川大学 Password dictionary generation method and system based on multi-sequence long-term and short-term memory network
CN114650163A (en) * 2022-01-21 2022-06-21 中国人民解放军战略支援部队信息工程大学 Stateful network protocol-oriented fuzzy test method and system
CN114650163B (en) * 2022-01-21 2023-08-22 中国人民解放军战略支援部队信息工程大学 Fuzzy test method and system for stateful network protocol
CN114944997A (en) * 2022-03-24 2022-08-26 浙江大华技术股份有限公司 Protocol detection method, protocol detection device and computer readable storage medium
CN114944997B (en) * 2022-03-24 2024-02-20 浙江大华技术股份有限公司 Protocol detection method, protocol detection device and computer readable storage medium
CN116016297A (en) * 2022-12-27 2023-04-25 中国联合网络通信集团有限公司 Communication monitoring system and method based on artificial intelligence

Also Published As

Publication number Publication date
CN109379329B (en) 2021-12-21

Similar Documents

Publication Publication Date Title
CN109379329A (en) Network security protocol fuzz testing method and system based on LSTM
Li et al. Fuzzing: a survey
Wang et al. Neufuzz: Efficient fuzzing with deep neural network
Hou et al. Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs
Basnet et al. Towards Detecting and Classifying Network Intrusion Traffic Using Deep Learning Frameworks.
Le Goues et al. Genprog: A generic method for automatic software repair
Shen et al. A survey of automatic software vulnerability detection, program repair, and defect prediction techniques
Li et al. Opcode sequence analysis of Android malware by a convolutional neural network
Beaman et al. Fuzzing vulnerability discovery techniques: Survey, challenges and future directions
Avancini et al. Comparison and integration of genetic algorithms and dynamic symbolic execution for security testing of cross-site scripting vulnerabilities
Zhang et al. SQL injection detection based on deep belief network
Zhang et al. A branch and bound framework for stronger adversarial attacks of ReLU networks
Manes et al. The art, science, and engineering of fuzzing: A survey
Kuruvila et al. Defending hardware-based malware detectors against adversarial attacks
Liu et al. Revealer: Detecting and exploiting regular expression denial-of-service vulnerabilities
Chaumette et al. Automated extraction of polymorphic virus signatures using abstract interpretation
Yuste et al. Optimization of code caves in malware binaries to evade machine learning detectors
Hou et al. Disentangled representation learning in heterogeneous information network for large-scale android malware detection in the COVID-19 era and beyond
Mei et al. Detecting vulnerabilities in IoT software: New hybrid model and comprehensive data analysis
Ye et al. RapidFuzz: Accelerating fuzzing via generative adversarial networks
Edholm et al. Escaping the fuzz-evaluating fuzzing techniques and fooling them with anti-fuzzing
Zhao et al. Suzzer: A vulnerability-guided fuzzer based on deep learning
Kumar et al. A comprehensive survey on hardware-assisted malware analysis and primitive techniques
Zhao et al. A systematic review of fuzzing
Adnan et al. Root of trust for trusted node based-on ARM11 platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant