CN109379329A - Network security protocol fuzz testing method and system based on LSTM - Google Patents
Network security protocol fuzz testing method and system based on LSTM Download PDFInfo
- Publication number
- CN109379329A CN109379329A CN201811033742.9A CN201811033742A CN109379329A CN 109379329 A CN109379329 A CN 109379329A CN 201811033742 A CN201811033742 A CN 201811033742A CN 109379329 A CN109379329 A CN 109379329A
- Authority
- CN
- China
- Prior art keywords
- fuzz testing
- security protocol
- network security
- lstm
- test case
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/12—Computing arrangements based on biological models using genetic models
- G06N3/126—Evolutionary algorithms, e.g. genetic algorithms or genetic programming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Biophysics (AREA)
- Computing Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Biology (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Evolutionary Computation (AREA)
- Molecular Biology (AREA)
- General Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Computational Linguistics (AREA)
- Biomedical Technology (AREA)
- Artificial Intelligence (AREA)
- Genetics & Genomics (AREA)
- Physiology (AREA)
- Computer And Data Communications (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present invention provides a kind of network security protocol fuzz testing method and system based on LSTM.This method comprises: step 1, using initial test case collection carrying out initial fuzz testing to target network security protocol;Step 2 carries out vulnerability analysis to the target network security protocol according to the new execution route generated during fuzz testing, and using the new execution route as initial seed file set;Step 3, using the initial seed file set as training data, be trained to obtain LSTM model using deep neural network learner;Step 4 generates new test use cases using the LSTM model to target network security protocol progress fuzz testing.The system includes: the first fuzz testing module, vulnerability analysis module, LSTM model generation module and the second fuzz testing module.The present invention passes through the generating algorithm of training LSTM neural network model optimal inspection use-case, improves the code coverage of test case.
Description
Technical field
The present invention relates to technical field of network information safety, more particularly to the network security protocol fuzz testing based on LSTM
Method and system.
Background technique
With the continuous propulsion of information revolution, network is at indispensable a part in for people's lives.Sensitive information exists
Safe transmission issue concerns on network personal, enterprise or even country development.Security protocol based on cryptographic algorithm
Information protection service is provided for user in internet, is an important content of information security field.But at the same time, network
Security incident is broken out again and again, and growth trend is presented in cyberspace vulnerability quantity, and the network information security faces huge test.Therefore,
Safety evaluation is carried out to network security protocol to have important practical significance.
For vulnerability analysis technology both at home and abroad there are many research, fuzz testing technology has become most popular at present
Black box dynamic analysis technology, can to unknown system carry out it is simple and effective, automation, large-scale bug excavation.Fuzz testing
Technology, exactly by providing unexpected input to target application and monitoring the exception in output find can not in target application
The method of the code execution path or loophole of prediction.Compared to other vulnerability analysis methods, fuzz testing technical idea is simple
Intuitively, it is easily achieved and is had partial automation characteristic, open source software or agreement can not only be tested, and be also suitable
In binary program, application range is wider.
The basic framework of traditional fuzzy test method mainly includes test case constructor, fuzz testing engine, mesh to be measured
Beacon course sequence and abnormal monitoring device.The test case that fuzz testing engine is generated based on certain algorithms selection test case constructor
As input performance objective program.The entire treatment process of abnormal monitoring device monitoring objective program finds and positions target appearance
Abnormal conditions, record saves exception and relevant information, analyzes so as to subsequent tender spots.
But at present to fuzz testing technology having some limitations property used in network protocol bug excavation.Due to network
Agreement generally all can design data validation checking, such as checking algorithm, Encryption Algorithm etc., nowadays newly-designed network protocol is more
It is generally to begin to use multistage verification or dynamic encryption algorithm.When target protocol is carried out using existing fuzz testing method
When test, these checking algorithms or Encryption Algorithm can make the mass data packet in target protocol and be dropped because of invalid, lead
Cause existing fuzz testing tool very narrow to the test coverage of target protocol, efficiency is lower.Therefore, occur some fuzzy
Test method solves the problems, such as this by reappearing checking algorithm or the Encryption Algorithm of target protocol, but operating process is complicated and right
The reproduction difficulty of complicated checking algorithm or Encryption Algorithm is then bigger.
Summary of the invention
To solve the above-mentioned problems in the prior art, the present invention provides a kind of network security protocol mould based on LSTM
Paste test method and system.
On the one hand, the present invention provides a kind of network security protocol fuzz testing method based on LSTM, this method include with
Lower step:
Step 1 carries out fuzz testing to target network security protocol using initial test case collection;
Step 2 carries out fragility to the target network security protocol according to the new execution route generated during fuzz testing
Analysis, and using the new execution route as initial seed file set;
Step 3, using the initial seed file set as training data, be trained to obtain using deep neural network learner
LSTM model;
Step 4 is generated new test use cases using the LSTM model and carries out fuzzy survey to the target network security protocol
Examination.
Further, this method further include:
Obtain the realization source code of target network security protocol;
Processing is carried out to the realization source code using default generating algorithm and generates initial test case collection.
Further, after the realization source code for obtaining target network security protocol further include: carried out to the realization source code slotting
Pile beacon note;Correspondingly,
Processing is carried out to the realization source code using default generating algorithm and generates initial test case collection specifically:
Processing is carried out to the realization source code after pitching pile using default generating algorithm and generates initial test case collection.
Further, the default generating algorithm is genetic algorithm or random variation algorithm.
On the other hand, the present invention provides a kind of network security protocol fuzz testing system based on LSTM, which includes:
First fuzz testing module, for carrying out fuzz testing to target network security protocol using initial test case collection;
Vulnerability analysis module, for being assisted safely according to the new execution route generated during fuzz testing to the target network
View carries out vulnerability analysis, and using the new execution route as initial seed file set;
LSTM model generation module, for utilizing deep neural network using the initial seed file set as training data
Device is practised to be trained to obtain LSTM model;
Second fuzz testing module, for generating new test use cases to the target network safety using the LSTM model
Agreement carries out fuzz testing.
Further, the system further include:
Source code obtains module, for obtaining the realization source code of target network security protocol;
Initial test case generation module generates initial survey for carrying out processing to the realization source code using default generating algorithm
Try set of uses case.
Further, the system further include: pitching pile mark module, for carrying out pitching pile label to the realization source code;Phase
Ying Di,
The initial test case generation module is specifically used for:
Processing is carried out to the realization source code after pitching pile using default generating algorithm and generates initial test case collection.
Further, the default generating algorithm is genetic algorithm or random variation algorithm.
Beneficial effects of the present invention:
Network security protocol fuzz testing method and system provided by the invention based on LSTM use initial test case first
Collect (can be previously obtained by traditional generating algorithm) and initial fuzz testing is carried out to target network security protocol, constantly excavation target
The new execution route of network security protocol, is then continuously added deep neural network for new execution route as initial seed file
The tranining database of learner, training obtain LSTM model and generate more suitable targets network security protocol using the LSTM model
New test case, and then using new test case carry out fuzz testing.In this way, since new test case is according to LSTM mould
What type generated, and the LSTM model is then the new execution road that target network security protocol constantly generates during fuzz testing
Diameter training obtains, this indicates that new test case can cover the code of the target network security protocol of the overwhelming majority, i.e.,
The present invention obtains the generation of LSTM model and then optimal inspection use-case using the intelligent feature training of deep neural network model
Algorithm improves the code coverage of test case.
Also, the present invention by further use pitching pile mode to target network security protocol carry out pitching pile label so that
Initial test case collection has certain guiding performance, and efficiently solving leads to mass data quilt because of checking algorithm or cryptographic algorithm
The problem of discarding, further improves the code coverage of test case, improves fuzz testing efficiency.
Detailed description of the invention
Fig. 1 is that the process of the network security protocol fuzz testing method provided in an embodiment of the present invention based on LSTM is illustrated
Figure;
Fig. 2 is the process signal for the network security protocol fuzz testing method based on LSTM that further embodiment of this invention provides
Figure;
Fig. 3 is the structural schematic diagram of the network security protocol fuzz testing system provided in an embodiment of the present invention based on LSTM;
Fig. 4 is the structural representation for the network security protocol fuzz testing system based on LSTM that further embodiment of this invention provides
Figure;
Fig. 5 is the schematic diagram of first validity test use-case of OpenSSH provided in an embodiment of the present invention;
Fig. 6 is 10 minutes " initial seed file set " schematic diagrames generated of test provided in an embodiment of the present invention;
Fig. 7 be it is provided in an embodiment of the present invention test 9 hours 30 it is mitogenetic at " initial seed file set " schematic diagram;
Fig. 8 is the comparing result schematic diagram of 303 provided in an embodiment of the present invention " initial seed file " tests about 30 minutes;
Fig. 9 is the comparing result schematic diagram of 500 provided in an embodiment of the present invention " initial seed file " tests about 5 hours.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached in the embodiment of the present invention
Figure, technical solution in the embodiment of the present invention are explicitly described, it is clear that described embodiment is a part of the invention
Embodiment, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making wound
Every other embodiment obtained under the premise of the property made labour, shall fall within the protection scope of the present invention.
Fig. 1 is that the process of the network security protocol fuzz testing method provided in an embodiment of the present invention based on LSTM is illustrated
Figure.As shown in Figure 1, method includes the following steps:
S101, fuzz testing is carried out to target network security protocol using initial test case collection;
S102, fragility is carried out to the target network security protocol according to the new execution route generated during fuzz testing
Property analysis, and using the new execution route as initial seed file set;
Specifically, the fuzz testing process in this step includes the mould in the fuzz testing process and step S104 in step S101
Paste test process.Vulnerability analysis refers to judges target network security protocol with the presence or absence of possible fragility using new execution route
Point.
S103, using the initial seed file set as training data, be trained using deep neural network learner
Obtain LSTM model;
S104, new test use cases are generated using the LSTM model target network security protocol is obscured
Test.
As can be seen from the above-described embodiment, the network security protocol fuzzy control provided in an embodiment of the present invention based on LSTM
Method first carries out just initial test case collection to target network security protocol on the basis of traditional fuzzy test method
Beginning fuzz testing constantly excavates the new execution route of target network security protocol, then using new execution route as initial seed
File is continuously added the tranining database of deep neural network learner, and training obtains the new of more suitable targets network security protocol
Then test case carries out fuzz testing again to target network security protocol using new test case, and by fuzz testing mistake
Tranining database is added as initial seed file in the new execution route generated in journey, forms the fuzz testing stream of a circulation
Journey.In this way, generated due to new test case according to new execution route, and new execution route is pacified according to target network
Full agreement obtains, this indicates that new test case can cover the code of the target network security protocol of the overwhelming majority, i.e., originally
Inventive embodiments obtain LSTM model and then optimal inspection use-case using the intelligent feature training of deep neural network model
Generating algorithm improves the code coverage of test case.
Fig. 2 is that the process for the network security protocol fuzz testing method based on LSTM that further embodiment of this invention provides is shown
It is intended to.As shown in Fig. 2, this method comprises:
S201, the realization source code for obtaining target network security protocol;
S202, processing generation initial test case collection is carried out to the realization source code using default generating algorithm;
S203, fuzz testing is carried out to the target network security protocol using initial test case collection;
S204, fragility point is carried out to the target network security protocol according to the new execution route generated during fuzz testing
Analysis, and using the new execution route as initial seed file set;
S205, using the initial seed file set as training data, be trained to obtain using deep neural network learner
LSTM model;
S206, new test use cases are generated using the LSTM model fuzzy survey is carried out to the target network security protocol
Examination.
As can be seen from the above-described embodiment, the generation of initial test case collection can be with the realization source of target network security protocol
Code is reference, then using default generating algorithm, such as genetic algorithm or random variation algorithm, at the realization source code
Reason generates initial test case collection.It will thus be seen that the present invention is when carrying out fuzz testing, by traditional test use-case generating algorithm
It is combined with the exclusive LSTM model generation algorithm of the present invention, improves the code coverage of test case, and improve fuzzy survey
Try efficiency.
On the basis of the above embodiments, after the realization source code for obtaining target network security protocol further include: to institute
It states and realizes that source code carries out pitching pile label;Correspondingly,
Processing is carried out to the realization source code using default generating algorithm and generates initial test case collection specifically:
Processing is carried out to the realization source code after pitching pile using default generating algorithm and generates initial test case collection.
Specifically, the embodiment of the present invention is difficult to break through data validation, rule hardly possible for traditional fuzzy test method
To formulate, be difficult to generate the difficulty of high quality test case, use pitching pile mode to realization source to when realizing that source code is compiled
Code is marked, and is then handled the realization source code after pitching pile using traditional Test cases generation algorithm so as to produce
The raw initial test case for having more guiding performance, and the LSTM neural network model for combining the present invention exclusive advanced optimizes test
The generating algorithm of use-case improves code coverage.
Fig. 3 is the structural representation of the network security protocol fuzz testing system provided in an embodiment of the present invention based on LSTM
Figure.As shown in figure 3, the system includes: the first fuzz testing module 301, vulnerability analysis module 302, LSTM model generation mould
Block 303 and the second fuzz testing module 304.Wherein:
First fuzz testing module 301 is used to carry out fuzzy survey to target network security protocol using initial test case collection
Examination;Vulnerability analysis module 302 is according to the new execution route generated during fuzz testing to the target network security protocol
Vulnerability analysis is carried out, and using the new execution route as initial seed file set;LSTM model generation module 303 be used for
The initial seed file set is trained to obtain LSTM model using deep neural network learner as training data;The
Two fuzz testing modules 304 are used to generate new test use cases to the target network security protocol using the LSTM model
Carry out fuzz testing.
" the first fuzz testing module " and " the second fuzz testing module " in this implementation is obscured merely to distinguishing
Test test use cases used are different, and should not be construed as the restriction to the embodiment of the present invention.
On the basis of the above embodiments, system further include: source code obtains module and initial test case generation module.
Wherein, source code obtains the realization source code that module is used to obtain target network security protocol;Initial test case generation module is used for
Processing is carried out to the realization source code using default generating algorithm (such as genetic algorithm or random variation algorithm) and generates initial survey
Try set of uses case.
On the basis of the above embodiments, system further include: pitching pile mark module.The pitching pile mark module for pair
The realization source code carries out pitching pile label;Correspondingly,
The initial test case generation module is specifically used for: the default generating algorithm of use (such as genetic algorithm or random variation
Algorithm) processing generation initial test case collection is carried out to the realization source code after pitching pile.
It should be noted that the network security protocol fuzz testing system provided in an embodiment of the present invention based on LSTM be for
Realize the above method, function specifically refers to above method embodiment, details are not described herein again.
Fig. 4 is that the structure for the network security protocol fuzz testing system based on LSTM that further embodiment of this invention provides is shown
It is intended to.As shown in figure 4, the network security protocol fuzz testing system framework based on LSTM specifically includes that targeted security agreement, depth
Spend neural network learning device, fuzz testing device and vulnerability analysis four module.
Targeted security agreement is to need to carry out the goal systems of fuzz testing.The mould of pitching pile mode when the present invention combines compiling
Paste measuring technology needs the realization source code of known target security protocol to need if the binary system of only targeted security agreement is realized
QUME is wanted to support, testing efficiency can decrease.
Deep neural network learner is the emphasis module that the present invention designs, and is used for improving to test in fuzz testing
The generating algorithm of example.The test use cases that the module generates when target network security protocol is carried out initial fuzz testing are as instruction
Practice data, trains on the server, learns effective LSTM neural network model out, help improves original Test cases technology effect
Rate.The time response for constantly discovering " execution route " in fuzz testing according to training data, uses LSTM neural network mould
Type is learnt and is tested.
Fuzz testing device is made of test case generator and fuzz testing engine two parts.Test case generator is in original
On the basis of beginning Test cases generation algorithm, it is added to the method that LSTM model generates.Original Test cases generation algorithm is main
It is the product that the comprehensive traditional means of AFL-fuzz frame obtain including traditional certain methods, such as genetic algorithm.Such as random variation
Algorithm, random variation algorithm are in Linux system, based on generating new survey after/dev/urandom random variation random bytes
The method of example on probation.The method that LSTM model generates is then based on deep neural network learner instruction in design framework of the present invention
Practice, the LSTM model that study obtains automatically generates.
The method that fuzz testing device carries out pitching pile to target source code in initial compilation, can effectively break through protocol realization system
The many conditions limitation of system when being executed, it can be found that the indiscoverable more deeper execution roads of traditional fuzzy test
Diameter.
Vulnerability analysis module is mainly to be assisted safely according to the execution route generated during fuzz testing to target network
View carries out vulnerability analysis, judges whether there is possible tender spots.It on the other hand, can be fuzzy according to pitching pile mode when compiling
The characteristic of measuring technology, it may be found that the training data that " the initial seed file " of execution route learns as neural network model,
To continue more efficient fuzz testing after improving method for generating test case.
Below fuzz testing method proposed by the invention will be verified in network protocol vulnerability analysis by experiment simulation
Effect in research.
The open source that the embodiment of the present invention chooses SSH realizes that OpenSSH is test target agreement, is based on AFL-fuzz frame,
In conjunction with LSTM neural network model, verify proposition based on the fuzz testing method of LSTM model refinement in network protocol fragility
Effect in analysis and research.Concrete thought is as follows:
Using the server end demons sshd of OpenSSH as target, by the way that OpenSSH finger daemon is operated in
Inetd mode monitors web socket, and the interaction data for obtaining ssh and sshd program in OpenSSH is reset.If can success
Connection is logged in, carries out fuzz testing using AFL-fuzz as initial test case.It is obtained within certain CPU time
" initial seed file set " S is calculated using AFL-fuzz original Test cases technology respectively then using S as training dataset
Method, random variation, LSTM neural network model generate new test case.Use new test case as input file again
It executes AFL-fuzz and carries out fuzz testing, compare the effect of three kinds of methods.
One, experimental situation
Test macro: Intel core i7-4790 processor, 16.04 system of Ubuntu, 8G memory;Test target:
OpenSSH-Portable-V_7_5;Fuzz testing tool: AFL-fuzz 2.52b;Neural network model learning framework:
TensorFlow,Keras;Neural network model learns GPU:8*GTX1080;Programming language: Python, C;Auxiliary tool:
010Editor。
Two, description of test
(1) it in order to improve efficiency when AFL-fuzz fuzz testing, on the basis of AFL-fuzz 2.52b is installed, is also mounted
Clang and LLVM makes it support LLVM_mode.(2) it tests all fuzz testing parts to test under single CPU environment, LSTM
Model learning and generation test case part carry out on 8GPU server.
Three, effective test case is constructed
During initial compilation, pre-processed:
(1) OpenSSH in order to prevent " Replay Attack ", has used random train during shake hands, it is therefore desirable to disable its with
Machine is concatenated the validity grown up to be a useful person to guarantee initial test case.
(2) need to disable the cyclic redundancy check value (CRC) and message authentication code (MAC) of server end message.This is
Because if not disabling verification, it will limit program verifying the single bit upset of data and continue to execute, lead to fuzz testing
Efficiency is extremely low.In this way if detecting program bug, the test that can turn around carefully to modify triggering tender spots again is used
Example, it is possible to obtain an energy and pass through the test case of verification.
(3) this test is primarily to verify neural network model the fuzz testing skill of pitching pile mode when with based on compiling
Art combines the improvement for network security protocol Test cases technology effect.Therefore only to the initial handshake protocol of unencryption with
Key exchange process carries out fuzz testing.
After a series of pretreatment, we have obtained the validity test use-case case that first size is 2.4KB, make
It is checked with tool 010Editor, as shown in Figure 5.
AFL-fuzz is used to obscure sshd program as input file first validity test use-case of generation
Test, due to constantly will be seen that team is added as new test case in the variation file of new execution route in its implementation procedure
Column, therefore execute after certain CPU time available " initial seed file set "." initial seed file set " is somebody's turn to do in definition are as follows: S
={ S1,S2,…Sn}。
This experiment is executed AFL-fuzz and has been carried out respectively 10 minutes and 9 small using first validity test use-case of construction
When 30 minutes fuzz testings, implementing result is shown in Fig. 6, Fig. 7.
As can be seen that AFL-fuzz is executed about after ten minutes, 303 execution routes are had found altogether, therefore also corresponding raw
At 303 " seed files ", i.e. S={ S1,S2,…S303}.Due to training data size for deep neural network mould
Type learning effect has larger impact, this test also 500 " seed files " progress to generating after 30 points of fuzz testing 9 hours
Relevant comparative test.
Method 1 --- original method (abbreviation orig):
Using " initial seed file set " S as training data, 200 are generated using AFL-fuzz original Test cases generation algorithm
Test case is that input (orig-select-200) re-executes fuzz testing with 200 newly-generated test cases;
Method 2 --- random variation algorithm (abbreviation random):
Using " initial seed file set " S as training data, randomly select 200 " seed files ", based on/dev/urandom with
Machine makes a variation after random bytes therein, is that input (random-select-200) is held again with 200 newly-generated test cases
Row fuzz testing;
Method 3 --- LSTM model (abbreviation LSTM):
Using " initial seed file set " S as training data, on the server of 8GPU using TensorFlow and Kera frame into
The training study of row LSTM neural network model.The training set that all " seed files " in S is connected as neural network, LSTM
Model is as follows: input layer includes 128 neurons, and only 1 LSTM middle layer uses softmax excitation function in output layer,
Use RMSprop as majorized function, learning rate takes 0.01, uses categorical cross-entropy as loss letter
Number.To model and new test case is generated by study in about 29 hours, takes 200 conducts to re-start after segmentation fuzzy
The input (LSTM-learned-200) of test.
Re-starting fuzz testing using three kinds of distinct methods generation test cases, the results are shown in Table 1.
1 three kinds of distinct methods of table generate the Contrast on effect of test case
As shown in table 1, wherein discovery total number of paths can intuitively reflect very much with discovery new route number (uniq path)
Input the code coverage situation that " seed file " executes fuzz testing.Favored path number refers to that fuzz testing device compares
Interested number of path, New edges on number refer to the number of " seed file " that can cause more preferable edges cover, time-out
Number is to lead to " seed file " quantity of fuzz testing program time-out.These data item can be at some extent as weighing apparatus
Measure the reference index of test case code coverage effect.
Four, analysis of experimental results
According to the Different Results that above-mentioned three kinds of methods are tested, respectively obtains and use different size " seed file " as training
Collection generate new test case " seed file " and re-start fuzz testing as a result, comparison such as Fig. 8, Fig. 9.
By result above compare in can be clear that:
(1) code coverage that three kinds of methods are tested in Fig. 8 is all lower compared with Fig. 9.This has been absolutely proved in generating algorithm
In, training set is bigger, and the training time is longer, and effect is better.
(2) in Fig. 8, AFL-fuzz original method (orig) effect is best, discovery total path 324, discovery new route 124
It is a;LSTM model (LSTM) effect is taken second place, discovery total path 248, discovery new route 48;Random variation algorithm (random)
Effect is worst, discovery total path 246, discovery new route 46.
(3) in Fig. 9, LSTM model finds that total path 374, discovery new route 174, random variation algorithm find total road
319, diameter, discovery new route 119, AFL-fuzz original method find total path 242, discovery new route 42.Therefore exist
It was found that LSTM model is most strong on path capability, random variation algorithm takes second place, and AFL-fuzz original method is worst.The discovery of LSTM model
Path capability ratio AFL-fuzz original method improves about 54%, improves about 17% than random variation algorithm.
(4) (2) and (3) are combined to consider, it is seen that with the increase of training set, the increase of training time, LSTM
The ability of model learning is just increasingly stronger.
Experiment showed within the identical CPU time, was based on identical training dataset, and method proposed by the present invention can look for
To more, the more interested program execution path of fuzz testing device, more target protocol codes are covered, to effectively improve needle
To the efficiency of the fuzz testing of network security protocol.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (8)
1. the network security protocol fuzz testing method based on LSTM characterized by comprising
Step 1 carries out fuzz testing to target network security protocol using initial test case collection;
Step 2 carries out fragility to the target network security protocol according to the new execution route generated during fuzz testing
Analysis, and using the new execution route as initial seed file set;
Step 3, using the initial seed file set as training data, be trained to obtain using deep neural network learner
LSTM model;
Step 4 is generated new test use cases using the LSTM model and carries out fuzzy survey to the target network security protocol
Examination.
2. the method according to claim 1, wherein further include:
Obtain the realization source code of target network security protocol;
Processing is carried out to the realization source code using default generating algorithm and generates initial test case collection.
3. according to the method described in claim 2, it is characterized in that, after the realization source code for obtaining target network security protocol
Further include: pitching pile label is carried out to the realization source code;Correspondingly,
Processing is carried out to the realization source code using default generating algorithm and generates initial test case collection specifically:
Processing is carried out to the realization source code after pitching pile using default generating algorithm and generates initial test case collection.
4. according to the method described in claim 2, it is characterized in that, the default generating algorithm is genetic algorithm or random variation
Algorithm.
5. the network security protocol fuzz testing system based on LSTM characterized by comprising
First fuzz testing module, for carrying out fuzz testing to target network security protocol using initial test case collection;
Vulnerability analysis module, for being assisted safely according to the new execution route generated during fuzz testing to the target network
View carries out vulnerability analysis, and using the new execution route as initial seed file set;
LSTM model generation module, for utilizing deep neural network using the initial seed file set as training data
Device is practised to be trained to obtain LSTM model;
Second fuzz testing module, for generating new test use cases to the target network safety using the LSTM model
Agreement carries out fuzz testing.
6. system according to claim 5, which is characterized in that further include:
Source code obtains module, for obtaining the realization source code of target network security protocol;
Initial test case generation module generates initial survey for carrying out processing to the realization source code using default generating algorithm
Try set of uses case.
7. system according to claim 6, which is characterized in that further include:
Pitching pile mark module, for carrying out pitching pile label to the realization source code;Correspondingly,
The initial test case generation module is specifically used for:
Processing is carried out to the realization source code after pitching pile using default generating algorithm and generates initial test case collection.
8. system according to claim 6, which is characterized in that the default generating algorithm is genetic algorithm or random variation
Algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811033742.9A CN109379329B (en) | 2018-09-05 | 2018-09-05 | Network security protocol fuzzy test method and system based on LSTM |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811033742.9A CN109379329B (en) | 2018-09-05 | 2018-09-05 | Network security protocol fuzzy test method and system based on LSTM |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109379329A true CN109379329A (en) | 2019-02-22 |
CN109379329B CN109379329B (en) | 2021-12-21 |
Family
ID=65404960
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811033742.9A Active CN109379329B (en) | 2018-09-05 | 2018-09-05 | Network security protocol fuzzy test method and system based on LSTM |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109379329B (en) |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110365678A (en) * | 2019-07-15 | 2019-10-22 | 北京工业大学 | A kind of industry control network protocol bug excavation method based on anti-sample |
CN110502432A (en) * | 2019-07-23 | 2019-11-26 | 平安科技(深圳)有限公司 | Intelligent test method, device, equipment and readable storage medium storing program for executing |
CN110505111A (en) * | 2019-07-09 | 2019-11-26 | 杭州电子科技大学 | The industry control agreement fuzz testing method reset based on flow |
CN111092775A (en) * | 2019-12-30 | 2020-05-01 | 河南省云迈瀚海电子科技有限公司 | Network protocol security test evaluation method based on model learning |
CN111124937A (en) * | 2020-03-31 | 2020-05-08 | 深圳开源互联网安全技术有限公司 | Method and system for assisting in improving test case generation efficiency based on instrumentation function |
CN111897734A (en) * | 2020-08-07 | 2020-11-06 | 北京理工大学 | Fuzzy test case selection method and device based on online incremental learning |
CN111897729A (en) * | 2020-08-03 | 2020-11-06 | 北京理工大学 | TensorFuzz-based deep neural network fuzzy test framework and test method |
CN111913876A (en) * | 2020-07-03 | 2020-11-10 | 北京惠而特科技有限公司 | Industrial control DPI engine AFL fuzzy test method and device and electronic equipment |
CN112073242A (en) * | 2020-09-08 | 2020-12-11 | 中国人民解放军陆军工程大学 | Method for generating and applying network protocol fuzzy test case |
WO2021031279A1 (en) * | 2019-08-20 | 2021-02-25 | 东北大学 | Deep-learning-based intelligent pneumonia diagnosis system and method for x-ray chest radiograph |
CN112445709A (en) * | 2020-11-30 | 2021-03-05 | 安徽工业大学 | Method and device for solving AFL test model data imbalance through GAN |
CN112632557A (en) * | 2020-12-22 | 2021-04-09 | 厦门大学 | Kernel vulnerability mining method, medium, equipment and device based on fuzzy test |
CN112925710A (en) * | 2021-02-26 | 2021-06-08 | 西南民族大学 | Fuzzy testing method based on gradient descent optimization |
CN113076545A (en) * | 2021-04-20 | 2021-07-06 | 湖南大学 | Deep learning-based kernel fuzzy test sequence generation method |
CN113114534A (en) * | 2021-04-08 | 2021-07-13 | 苏煜程 | Hybrid network fuzzy test tool based on neural network |
CN113111329A (en) * | 2021-06-11 | 2021-07-13 | 四川大学 | Password dictionary generation method and system based on multi-sequence long-term and short-term memory network |
CN113407443A (en) * | 2021-06-02 | 2021-09-17 | 贝格迈思(深圳)科技有限公司 | Efficient fuzzy test method based on GPU binary code translation |
CN113743572A (en) * | 2020-05-27 | 2021-12-03 | 南京大学 | Artificial neural network testing method based on fuzzy |
CN114650163A (en) * | 2022-01-21 | 2022-06-21 | 中国人民解放军战略支援部队信息工程大学 | Stateful network protocol-oriented fuzzy test method and system |
CN114944997A (en) * | 2022-03-24 | 2022-08-26 | 浙江大华技术股份有限公司 | Protocol detection method, protocol detection device and computer readable storage medium |
CN116016297A (en) * | 2022-12-27 | 2023-04-25 | 中国联合网络通信集团有限公司 | Communication monitoring system and method based on artificial intelligence |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103914383A (en) * | 2014-04-04 | 2014-07-09 | 福州大学 | Fuzz testing system on basis of multi-swarm collaboration evolution genetic algorithm |
CN104573524A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Fuzz testing method based on static detection |
CN107153605A (en) * | 2016-03-02 | 2017-09-12 | 阿里巴巴集团控股有限公司 | The generation method and device of test sample |
CN107193731A (en) * | 2017-05-12 | 2017-09-22 | 北京理工大学 | Use the fuzz testing coverage rate improved method of control variation |
CN108171064A (en) * | 2018-01-29 | 2018-06-15 | 中国人民解放军战略支援部队信息工程大学 | A kind of sample format guard method and device for ash box fuzz testing |
CN108416219A (en) * | 2018-03-18 | 2018-08-17 | 西安电子科技大学 | A kind of Android binary files leak detection method and system |
CN108470003A (en) * | 2018-03-24 | 2018-08-31 | 中科软评科技(北京)有限公司 | Fuzz testing methods, devices and systems |
-
2018
- 2018-09-05 CN CN201811033742.9A patent/CN109379329B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103914383A (en) * | 2014-04-04 | 2014-07-09 | 福州大学 | Fuzz testing system on basis of multi-swarm collaboration evolution genetic algorithm |
CN104573524A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Fuzz testing method based on static detection |
CN107153605A (en) * | 2016-03-02 | 2017-09-12 | 阿里巴巴集团控股有限公司 | The generation method and device of test sample |
CN107193731A (en) * | 2017-05-12 | 2017-09-22 | 北京理工大学 | Use the fuzz testing coverage rate improved method of control variation |
CN108171064A (en) * | 2018-01-29 | 2018-06-15 | 中国人民解放军战略支援部队信息工程大学 | A kind of sample format guard method and device for ash box fuzz testing |
CN108416219A (en) * | 2018-03-18 | 2018-08-17 | 西安电子科技大学 | A kind of Android binary files leak detection method and system |
CN108470003A (en) * | 2018-03-24 | 2018-08-31 | 中科软评科技(北京)有限公司 | Fuzz testing methods, devices and systems |
Cited By (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110505111A (en) * | 2019-07-09 | 2019-11-26 | 杭州电子科技大学 | The industry control agreement fuzz testing method reset based on flow |
CN110365678A (en) * | 2019-07-15 | 2019-10-22 | 北京工业大学 | A kind of industry control network protocol bug excavation method based on anti-sample |
CN110502432A (en) * | 2019-07-23 | 2019-11-26 | 平安科技(深圳)有限公司 | Intelligent test method, device, equipment and readable storage medium storing program for executing |
CN110502432B (en) * | 2019-07-23 | 2023-11-28 | 平安科技(深圳)有限公司 | Intelligent test method, device, equipment and readable storage medium |
WO2021031279A1 (en) * | 2019-08-20 | 2021-02-25 | 东北大学 | Deep-learning-based intelligent pneumonia diagnosis system and method for x-ray chest radiograph |
CN111092775A (en) * | 2019-12-30 | 2020-05-01 | 河南省云迈瀚海电子科技有限公司 | Network protocol security test evaluation method based on model learning |
CN111124937A (en) * | 2020-03-31 | 2020-05-08 | 深圳开源互联网安全技术有限公司 | Method and system for assisting in improving test case generation efficiency based on instrumentation function |
CN113743572A (en) * | 2020-05-27 | 2021-12-03 | 南京大学 | Artificial neural network testing method based on fuzzy |
CN111913876B (en) * | 2020-07-03 | 2023-06-27 | 北京惠而特科技有限公司 | AFL fuzzy test method and device for industrial control DPI engine and electronic equipment |
CN111913876A (en) * | 2020-07-03 | 2020-11-10 | 北京惠而特科技有限公司 | Industrial control DPI engine AFL fuzzy test method and device and electronic equipment |
CN111897729B (en) * | 2020-08-03 | 2022-08-19 | 北京理工大学 | TensorFuzz-based deep neural network fuzzy test framework and test method |
CN111897729A (en) * | 2020-08-03 | 2020-11-06 | 北京理工大学 | TensorFuzz-based deep neural network fuzzy test framework and test method |
CN111897734B (en) * | 2020-08-07 | 2022-08-19 | 北京理工大学 | Fuzzy test case selection method and device based on online incremental learning |
CN111897734A (en) * | 2020-08-07 | 2020-11-06 | 北京理工大学 | Fuzzy test case selection method and device based on online incremental learning |
CN112073242A (en) * | 2020-09-08 | 2020-12-11 | 中国人民解放军陆军工程大学 | Method for generating and applying network protocol fuzzy test case |
CN112445709A (en) * | 2020-11-30 | 2021-03-05 | 安徽工业大学 | Method and device for solving AFL test model data imbalance through GAN |
CN112632557A (en) * | 2020-12-22 | 2021-04-09 | 厦门大学 | Kernel vulnerability mining method, medium, equipment and device based on fuzzy test |
CN112925710A (en) * | 2021-02-26 | 2021-06-08 | 西南民族大学 | Fuzzy testing method based on gradient descent optimization |
CN112925710B (en) * | 2021-02-26 | 2022-05-20 | 西南民族大学 | Fuzzy testing method based on gradient descent optimization |
CN113114534A (en) * | 2021-04-08 | 2021-07-13 | 苏煜程 | Hybrid network fuzzy test tool based on neural network |
CN113076545A (en) * | 2021-04-20 | 2021-07-06 | 湖南大学 | Deep learning-based kernel fuzzy test sequence generation method |
CN113407443A (en) * | 2021-06-02 | 2021-09-17 | 贝格迈思(深圳)科技有限公司 | Efficient fuzzy test method based on GPU binary code translation |
CN113111329A (en) * | 2021-06-11 | 2021-07-13 | 四川大学 | Password dictionary generation method and system based on multi-sequence long-term and short-term memory network |
CN114650163A (en) * | 2022-01-21 | 2022-06-21 | 中国人民解放军战略支援部队信息工程大学 | Stateful network protocol-oriented fuzzy test method and system |
CN114650163B (en) * | 2022-01-21 | 2023-08-22 | 中国人民解放军战略支援部队信息工程大学 | Fuzzy test method and system for stateful network protocol |
CN114944997A (en) * | 2022-03-24 | 2022-08-26 | 浙江大华技术股份有限公司 | Protocol detection method, protocol detection device and computer readable storage medium |
CN114944997B (en) * | 2022-03-24 | 2024-02-20 | 浙江大华技术股份有限公司 | Protocol detection method, protocol detection device and computer readable storage medium |
CN116016297A (en) * | 2022-12-27 | 2023-04-25 | 中国联合网络通信集团有限公司 | Communication monitoring system and method based on artificial intelligence |
Also Published As
Publication number | Publication date |
---|---|
CN109379329B (en) | 2021-12-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109379329A (en) | Network security protocol fuzz testing method and system based on LSTM | |
Li et al. | Fuzzing: a survey | |
Wang et al. | Neufuzz: Efficient fuzzing with deep neural network | |
Hou et al. | Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs | |
Basnet et al. | Towards Detecting and Classifying Network Intrusion Traffic Using Deep Learning Frameworks. | |
Le Goues et al. | Genprog: A generic method for automatic software repair | |
Shen et al. | A survey of automatic software vulnerability detection, program repair, and defect prediction techniques | |
Li et al. | Opcode sequence analysis of Android malware by a convolutional neural network | |
Beaman et al. | Fuzzing vulnerability discovery techniques: Survey, challenges and future directions | |
Avancini et al. | Comparison and integration of genetic algorithms and dynamic symbolic execution for security testing of cross-site scripting vulnerabilities | |
Zhang et al. | SQL injection detection based on deep belief network | |
Zhang et al. | A branch and bound framework for stronger adversarial attacks of ReLU networks | |
Manes et al. | The art, science, and engineering of fuzzing: A survey | |
Kuruvila et al. | Defending hardware-based malware detectors against adversarial attacks | |
Liu et al. | Revealer: Detecting and exploiting regular expression denial-of-service vulnerabilities | |
Chaumette et al. | Automated extraction of polymorphic virus signatures using abstract interpretation | |
Yuste et al. | Optimization of code caves in malware binaries to evade machine learning detectors | |
Hou et al. | Disentangled representation learning in heterogeneous information network for large-scale android malware detection in the COVID-19 era and beyond | |
Mei et al. | Detecting vulnerabilities in IoT software: New hybrid model and comprehensive data analysis | |
Ye et al. | RapidFuzz: Accelerating fuzzing via generative adversarial networks | |
Edholm et al. | Escaping the fuzz-evaluating fuzzing techniques and fooling them with anti-fuzzing | |
Zhao et al. | Suzzer: A vulnerability-guided fuzzer based on deep learning | |
Kumar et al. | A comprehensive survey on hardware-assisted malware analysis and primitive techniques | |
Zhao et al. | A systematic review of fuzzing | |
Adnan et al. | Root of trust for trusted node based-on ARM11 platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |