CN110135165A - A kind of more granularity fuzz testing bug excavation methods of the classification of mobilism - Google Patents

A kind of more granularity fuzz testing bug excavation methods of the classification of mobilism Download PDF

Info

Publication number
CN110135165A
CN110135165A CN201910294755.XA CN201910294755A CN110135165A CN 110135165 A CN110135165 A CN 110135165A CN 201910294755 A CN201910294755 A CN 201910294755A CN 110135165 A CN110135165 A CN 110135165A
Authority
CN
China
Prior art keywords
test
test case
case
basic block
bug excavation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910294755.XA
Other languages
Chinese (zh)
Other versions
CN110135165B (en
Inventor
赵跃华
卞恭喜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu University
Original Assignee
Jiangsu University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu University filed Critical Jiangsu University
Priority to CN201910294755.XA priority Critical patent/CN110135165B/en
Publication of CN110135165A publication Critical patent/CN110135165A/en
Application granted granted Critical
Publication of CN110135165B publication Critical patent/CN110135165B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present invention relates to information security field, specially a kind of more granularity fuzz testing bug excavation methods of the classification of mobilism, comprising the following steps: 1) establish running environment of the present invention;2) with web crawlers and the heuristic initial test case collection of lopsided database sharing;3) dynamic degression type binary system pitching pile processing target program is used;4) execution of monitoring and test use-case, building are classified more testing graininess sets of uses case;5) the varigrained test use cases of dynamic select execute fuzz testing and carry out bug excavation.The present invention is based on fuzz testing bug excavation technologies, heuristic initial test case collection combination degression type binary system pitching pile technology, reduce covering tracking time loss, more testing graininess sets of uses case, which are classified, using dynamic select carries out bug excavation, whole coarseness and local fine granularity dynamic bind, so that bug excavation is had more specific aim, deeply excavate program bug, provides feasible method efficiently and accurately to carry out fuzz testing bug excavation.

Description

A kind of more granularity fuzz testing bug excavation methods of the classification of mobilism
Technical field
The invention belongs to software test, information security field more particularly to a kind of fuzzy survey of more granularities of the classification of mobilism Try bug excavation method.
Background technique
With the development of internet, the information security events being on the rise constantly affect social development.Software vulnerability is made For one of the basic reason that hacker attack occurs, huge threat is brought to information security.Due to its strong harmfulness, extensively cover Lid and classification diversity are paid close attention to as a kind of resource by each side in the game of Present Global information security.
Software is after the completion of exploitation, although software company can all put into a large amount of resource and carry out software test, software Safe mass is largely dependent upon the working experience of software test personnel, it cannot be guaranteed that the safety of software.Due to software Safety and economic interests the considerations of, Security Officer basically can not obtain the source code of program, so towards binary system journey The research of the Research on Discovering Software Vulnerabilities of sequence becomes an important research branch of information security field.And be born such as base In patch comparison, based on code characteristic and based on a series of bug excavation methods such as fuzz testings.Fuzz testing is as a kind of The high automation bug excavation method of active is widely used by people.It is initially surveyed existing for fuzz testing bug excavation technology at present Example diversity on probation is poor, does not have the deficiencies of specific aim, fail to report extremely to the emphasis basic block of target program, establish one efficiently, Accurate fuzz testing bug excavation method has realistic meaning to the development of information security.
Summary of the invention
To solve the above-mentioned problems, the present invention proposes a kind of classification of mobilism more granularity fuzz testings bug excavation side Method improves the efficiency and accuracy of fuzz testing bug excavation method.
To achieve the goals above, the technical solution of the present invention is as follows:
A kind of more granularity fuzz testing bug excavation methods of the classification of mobilism, comprising the following steps:
1) establish a fuzz testing bug excavation system running environment, including client rs PC, server-side server and Long-range RPC communication network;
2) test case is crawled by web crawlers, heuristic initial testing is constructed in conjunction with lopsided data multiple point crossover and is used Example collection;
3) pitching pile processing is carried out to target program using dynamic degression type binary system pitching pile;
4) execution of monitoring and test use-case, building are classified more testing graininess sets of uses case, and level-one test use cases correspond to target The coarseness of program is tested, and second level test use cases correspond to the fine granularity fuzz testing of target program;
5) random counting method dynamic select difference test use cases are used, while carrying out coarseness and the fuzzy survey of fine granularity Examination carries out bug excavation.
Further, above-mentioned steps 2) in web crawlers crawl not Test cases specific step is as follows:
Step 2.1: crawling and the webpage information of agency service is provided, form IP agent pool;
Step 2.2: obtaining the Agent IP in IP agent pool, crawl the test case of required format;
Step 2.3: obtaining the abstract of test case using SHA1 algorithm, compared in lane database, realize that test is used Example filtering screening;
Step 2.4: the lopsided data in the test case of downloading and lopsided database being configured, are constructed heuristic first Beginning test use cases.
Further, above-mentioned steps 2) in specific steps of the test case in conjunction with the lopsided data in lopsided database such as Under:
Step 2.a: lopsided data bulk in test case size and lopsided database is obtained;
Step 2.b: the ratio for calculating test case quantity and lopsided data class number that initial test case collection includes is big It is small, the lopsided data in lopsided database are uniformly configured to initial test case and are concentrated;
Step 2.c: the test case after the lopsided data of configuration is saved in initial test case collection again.
Further, specific step is as follows for above-mentioned steps (3):
Step 3.1: the basic block address table of target program is obtained using PIN Binary analysis tool;
Step 3.2: pitching pile being carried out to initial target program according to basic block address table;
Step 3.3: the execution of real-time monitoring target program in the process of implementation;
Step 3.4: the basic block coverage information obtained according to monitoring is cyclically updated target program pitching pile, deletes new covering Basic block pitching pile;
Step 3.5: saving the test case for generating and newly covering, execute perfect tracking covering, calculate its coverage rate.
Further, specific step is as follows for above-mentioned steps (4):
Step 4.1: default behavior or user setting mode being selected to determine the address of target basic block;
Step 4.2: establishing HashMap data structure, be initialized as target program basic block address table;
Step 4.3: in implementation procedure, target program being monitored, identifies target basic block;
Step 4.4: if test case covers new basic block, with new HashMap, newly being covered in deletion HashMap Basic block address, and test case is saved in level-one test case and is concentrated;
Step 4.5: if covering is target basic block, not updating HashMap, test case is only saved in second level and is surveyed Example on probation is concentrated.
Further, above-mentioned steps 5) specific step is as follows:
Step 5.1: the probability that the fineness coefficient P of user setting test, i.e. selection carry out fine granularity test selects different surveys Try the probability of set of uses case;
Step 5.2: in test process, generating random number R;
Step 5.3: comparison random number R and fineness coefficient P select to select level-one test use cases when P > R, otherwise select two Grade test use cases;It calls level-one test use cases to carry out whole coarseness test and second level test case is called to concentrate Test case carries out the local fine granularity test of target basic block.
Compared with prior art, beneficial effects of the present invention:
1. constructing heuristic initial test case collection using web crawlers and lopsided database, guarantee when testing and starting The diversity of test case, meanwhile, the use of lopsided database improves the probability of triggering particular vulnerability.
2. degression type pile pitching method, during test execution, dynamic reduces pitching pile quantity, so that it is more next to execute speed Closer to original object program, execution monitors the consumed time during improving fuzz testing.
3. the building of more testing graininess sets of uses case is classified, so that level-one test use cases meet the coarse grain of target program entirety Degree test, second level test use cases meet the local fine granularity test of target program, excavate profound loophole, and reduction is failed to report.
Detailed description of the invention
Fig. 1 is overall design drawing of the invention;
Web crawlers flow chart in the present invention of the position Fig. 2;
Fig. 3 is that test case configures lopsided datagram in the present invention;
Fig. 4 is dynamic degression type pitching pile procedure chart in the present invention;
Fig. 5 is the procedure chart that target basic block is formed in the present invention;
Fig. 6 is to be classified more testing graininess set of uses case test process in the present invention;
Fig. 7 is operational process figure of the invention.
Specific embodiment
In order to be more clearly understood that technology contents of the invention, with reference to the accompanying drawing with specific implementation case to this hair Bright further explanation, for the purposes of this disclosure, described case study on implementation out is intended to convenient for the understanding of the present invention, and does not appoint to it What first provisioning request.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description.
It is as shown in Figure 1 overall design drawing of the invention, the present invention is a kind of more granularity fuzz testings of classification of mobilism Bug excavation method, comprising the following steps:
1) establish this fuzz testing bug excavation system running environment, including client rs PC, server-side server with And long-range RPC communication network;
2) test case is crawled by web crawlers, heuristic initial testing is constructed in conjunction with lopsided data multiple point crossover and is used Example collection;
3) pitching pile processing is carried out to target program using dynamic degression type binary system pitching pile;
4) execution of monitoring and test use-case, building are classified more testing graininess sets of uses case, and level-one test use cases correspond to target The coarseness of program is tested, and second level test use cases correspond to the fine granularity fuzz testing of target program;
5) random counting method dynamic select difference test use cases are used, while carrying out coarseness and the fuzzy survey of fine granularity Examination carries out bug excavation.
The building of the heuristic initial test case collection of step 2) of the present invention mainly includes two parts, and first part is network Crawler crawls test case, and second part is that lopsided data are configured to test case.
Fig. 2 show the process of web crawlers execution, and its step are as follows:
The webpage information of agency service is provided step 1: crawling, forms IP agent pool.
Step 2: obtaining the Agent IP in IP agent pool, required format test case is crawled.
Step 3: obtaining the abstract of test case using SHA1 algorithm, compared in lane database, realizes use-case filtering Screening.Store test case.
Fig. 3 is that test case configures lopsided datagram, in order to generate the mistake of new test case in continuous intersection, variation Cheng Zhong can retain the lopsided data of these fixations into progeny population, according to the file size of test case ratio for a long time Lopsided data S is carried out the insertion of lopsided data twice by example in the front and rear of test case, so that the deformity of deformity insertion Data keep enough distances in test case.
Step 1: obtaining lopsided data bulk in test case size and lopsided database.
Step 2: the ratio for calculating test case quantity and lopsided data class number that initial test case collection includes is big It is small, the lopsided data in lopsided database are uniformly configured to initial test case and are concentrated.When ratio is 1:1, form Test case I;When for 1:n, when n > 1, then configuration is carried out by the way of combination and forms test case J in figure.
Step 3: the test case after the lopsided data of configuration is saved in initial test case collection again.
During step 3) dynamic degression type binary system pitching pile of the present invention, paste test bug excavation technology is needed to target journey The execution of sequence is monitored, and obtains the information such as the coverage rate that program executes, but the covering tracking process of target program needs to consume Plenty of time affects the efficiency of bug excavation.Dynamic reduces pitching pile number, the base newly covered by constantly deleting test process The stake of this block, realization carry out voluntarily feeding back when test case generates new covering.During test execution, so that executing Speed becomes closer to original object program, and execution monitors the consumed time during reducing fuzz testing.
Dynamic degression type pitching pile process as shown in figure 4, a given binary program segment, simulated using program code Degression type pitching pile process uses 3 software interrupt of INT as the stake being inserted into.Each code indicates a basic block.It has Steps are as follows for body:
Step 1: using PIN Binary analysis function library according to the jump instruction in program, comprising: JMP, CALL, RET Deng the acquisition basic block address of program.
Step 2: being inserted into stake, i.e. 3 software interrupt of INT in the front of each basic block.
Step 3: in measuring executing process, r1 wheel produce new covering basic block if (!A) and Fun (), so it 3 software interrupt of INT being previously inserted into is deleted.
It is concentrated step 4: saving the test case for generating and newly covering to test case.If test case does not generate new covering, Then directly delete.
Step 5: the test use cases to preservation carry out covering tracking, its execution route is obtained, and calculate coverage rate, Test case is ranked up.
Coverage rate Cvg calculation method are as follows:
Wherein M is the basic block number of execution route covering, and N is total basic block number.
Step 6: in r2, r3 wheel, and produce new covering, then mutually reply executes third step same operation, deletes and inserts Stake saves test case.Pitching pile program is made to constantly tend to original object program execution speed in constantly executing behind.
Step 4) building of the present invention is classified the test use cases part of more granularities, during dynamic degression type pitching pile, protects The stake for staying target basic block independently saves the test case for covering the specific stake, constructs an independent second level test case Collection.Each of the test case that level-one test case is concentrated produces new covering, so each test case has it solely Some genes can trigger deeper Bug, but test case path therein covering is wide, within the limited testing time, It is then relatively fewer for the test round of each basic block, only complete the test to target program entirety coarseness;And two The execution route that grade test use cases include is then localization, within certain testing time, makes it to limited basic block What is carried out is comprehensively deep fine granularity test, and target basic block is all the edge of execution route covering, in coarseness It is small that probability is covered in test, has loophole possibility bigger.Building is classified the test use cases of more granularities, level-one test use cases Coarseness fuzz testing is carried out, second level test use cases carry out fine granularity fuzz testing for target basic block, to realize depth Spend the purpose excavated.Target is retained during object binary program executes by using dynamic degression type pitching pile process The stake of basic block, referred to as warning stake.The test case for covering the specific stake is independently saved, the independent second level test of building one Set of uses case carries out bug excavation according to fineness coefficient P dynamic select test use cases.Form target basic block process such as Fig. 5 institute Show.
It is similar with dynamic degression type pitching pile process shown in Fig. 5, the difference lies in that the target basic block of fine granularity test is inserted The reservation of stake.I.e. in measuring executing process, the pitching pile in target program is remained at, i.e. gray shade in figure has The basic block of 3 software interrupt of INT.
Fig. 6 is the process that building is classified that more testing graininess sets of uses case and dynamic select test use cases are tested, tool Steps are as follows for body execution.
Step 1: determining basic block address table, while determining the address of target basic block.
There are two types of the determination modes of the basic block address of target: selection default behavior, i.e. system in the process of implementation, are capped The least basic block of number is as the basic block address of target;Or mesh is arranged when testing and starting in user setting mode, i.e. user Mark the address of basic block.
Step 2: establishing HashMap data structure, it is initialized as target program basic block address table.
Step 3: being monitored in implementation procedure to target program, target basic block is identified, if so, not changing HashMap;If it is not, being then updated to HashMap, the basic block address is deleted.
Step 4: according to the basic block address of covering distinguish test case belonging to test use cases, determination be level-one also It is second level test use cases.
Step 5: generating random number R using rand () in test process.
Step 6: the size of comparison random number R and fineness coefficient P selects level-one test use cases as R > P;Conversely, R When < P, second level test use cases are selected, carry out fine granularity test.
In above-mentioned 6th step, the dynamic select measurement standard for testing granularity is fineness coefficient, is denoted as P.
[definition] fineness coefficient P: selection second level (fine granularity) test case concentrates test case to carry out Fuzzing test Probability.
The value interval of P is [0,1], and 0 indicates not carry out fine granularity test to specific program area;1 indicates to test when second level Fuzzing test process after set of uses case meets population scale, then without the concern for level-one test use cases, that is, behind In, the test case that need to only call second level test case to concentrate, all progress fine granularity tests.Wherein population scale N1Calculating it is public Formula are as follows:
Num_total indicates the total basic block number of target program, and a is a coefficient, adjustable by adjusting the coefficient Initial population scale, according to actual testing requirement and test environment, usual a >=10.By this this formula, can define just Beginning test case concentrates the number of test case, complexity positive change of the value with target program, and the increase of its value Trend is more and more gentler.
This method is applied in actual fuzz testing bug excavation, improves the efficiency and accuracy of bug excavation.This hair Bright operational process is as shown in fig. 7, specific operational process is as follows.
Step 1: after activation system, user sends order, target program and test case information to clothes by network transmission It is engaged in end, the set-up mode of fineness coefficient P and target basic block when initialization test.
Step 2: in server-side, server-side uses web crawlers function, and the test that required format is crawled from internet is used Example, by the test case crawled and the lopsided data in database using interleaved mode in conjunction with form initial test case collection.
Step 3: in system circulation implementation procedure, the fineness coefficient of test constantly increases, and is selected according to fineness coefficient dynamic Test use cases are selected, test case is intersected, the operations such as variation are injected into tested program, execute binary program.
Step 4: program monitoring obtains execution information, and whether monitoring objective program generates new covering.If test case is covered This test case is saved in level-one test case and concentrated by lid pitching pile when execution covers new stake;When stake is guarded against in covering, Then it is saved in second level test case concentration.If it is also abnormal without triggering not generate pitching pile covering, the test case is abandoned.
Step 5: to the test case of triggering pitching pile, then starting covering trace routine, carry out covering completely for the test case Lid tracking obtains covering and execution information.
Step 6: the basic block message in execution route obtained according to covering tracking, then to the pitching pile in target program It is updated, the updated target program of pitching pile enters the test of following cycle.
Step 7: during executing test, by call back function real-time monitoring system message queue, obtaining target journey Sequence is abnormal.When target program occurs collapse or handles the problems such as postponing, then obtains collapse real-time contextual information and carry out Anomaly analysis saves the test case of triggering exception, forms exception reporting.
Step 8: exception reporting is fed back into user.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " illustrative examples ", The description of " example ", " specific example " or " some examples " etc. means specific features described in conjunction with this embodiment or example, knot Structure, material or feature are included at least one embodiment or example of the invention.In the present specification, to above-mentioned term Schematic representation may not refer to the same embodiment or example.Moreover, specific features, structure, material or the spy of description Point can be combined in any suitable manner in any one or more of the embodiments or examples.
Although an embodiment of the present invention has been shown and described, it will be understood by those skilled in the art that: not A variety of change, modification, replacement and modification can be carried out to these embodiments in the case where being detached from the principle of the present invention and objective, this The range of invention is defined by the claims and their equivalents.

Claims (6)

1. a kind of more granularity fuzz testing bug excavation methods of the classification of mobilism, which comprises the following steps:
1) a fuzz testing bug excavation system running environment is established, including client rs PC, server-side server and long-range RPC communication network;
2) test case is crawled by web crawlers, heuristic initial test case is constructed in conjunction with lopsided data multiple point crossover Collection;
3) pitching pile processing is carried out to target program using dynamic degression type binary system pitching pile;
4) execution of monitoring and test use-case, building are classified more testing graininess sets of uses case, and level-one test use cases correspond to target program Coarseness test, second level test use cases correspond to the fine granularity fuzz testing of target program;
5) random counting method dynamic select difference test use cases are used, while carrying out coarseness and fine granularity fuzz testing, into Row bug excavation.
2. a kind of more granularity fuzz testing bug excavation methods of the classification of mobilism according to claim 1, feature exist In web crawlers crawls not Test cases specific step is as follows in the step 2):
Step 2.1: crawling and the webpage information of agency service is provided, form IP agent pool;
Step 2.2: obtaining the Agent IP in IP agent pool, crawl the test case of required format;
Step 2.3: obtaining the abstract of test case using SHA1 algorithm, compared in lane database, realize test case mistake Screen choosing;
Step 2.4: the lopsided data in the test case of downloading and lopsided database being configured, heuristic initial survey is constructed Try set of uses case.
3. a kind of more granularity fuzz testing bug excavation methods of the classification of mobilism according to claim 1, feature exist In specific step is as follows in conjunction with the lopsided data in lopsided database for test case in the step 2):
Step 2.a: lopsided data bulk in test case size and lopsided database is obtained;
Step 2.b: calculating the ratio size of test case quantity and lopsided data class number that initial test case collection includes, will Lopsided data in lopsided database are uniformly configured to initial test case concentration;
Step 2.c: the test case after the lopsided data of configuration is saved in initial test case collection again.
4. a kind of more granularity fuzz testing bug excavation methods of the classification of mobilism according to claim 1, feature exist In specific step is as follows for the step (3):
Step 3.1: the basic block address table of target program is obtained using PIN Binary analysis tool;
Step 3.2: pitching pile being carried out to initial target program according to basic block address table;
Step 3.3: the execution of real-time monitoring target program in the process of implementation;
Step 3.4: the basic block coverage information obtained according to monitoring is cyclically updated target program pitching pile, deletes the base newly covered The pitching pile of this block;
Step 3.5: saving the test case for generating and newly covering, execute perfect tracking covering, calculate its coverage rate.
5. a kind of more granularity fuzz testing bug excavation methods of the classification of mobilism according to claim 1, feature exist In specific step is as follows for the step (4):
Step 4.1: default behavior or user setting mode being selected to determine the address of target basic block;
Step 4.2: establishing HashMap data structure, be initialized as target program basic block address table;
Step 4.3: in implementation procedure, target program being monitored, identifies target basic block;
Step 4.4: if test case covers new basic block, with new HashMap, newly being covered in deletion HashMap basic Block address, and test case is saved in level-one test case and is concentrated;
Step 4.5: if covering is target basic block, not updating HashMap, test case is only saved in second level test and is used Example is concentrated.
6. a kind of more granularity fuzz testing bug excavation methods of the classification of mobilism according to claim 1, feature exist In specific step is as follows for the step 5):
Step 5.1: the probability that the fineness coefficient P of user setting test, i.e. selection carry out fine granularity test selects different tests to use The probability of example collection;
Step 5.2: in test process, generating random number R;
Step 5.3: comparison random number R and fineness coefficient P select to select level-one test use cases when P > R, otherwise second level are selected to survey Try set of uses case;Level-one test use cases are called to carry out the test that whole coarseness test and calling second level test case are concentrated Use-case carries out the local fine granularity test of target basic block.
CN201910294755.XA 2019-04-12 2019-04-12 Dynamic hierarchical multi-granularity fuzzy test vulnerability mining method Active CN110135165B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910294755.XA CN110135165B (en) 2019-04-12 2019-04-12 Dynamic hierarchical multi-granularity fuzzy test vulnerability mining method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910294755.XA CN110135165B (en) 2019-04-12 2019-04-12 Dynamic hierarchical multi-granularity fuzzy test vulnerability mining method

Publications (2)

Publication Number Publication Date
CN110135165A true CN110135165A (en) 2019-08-16
CN110135165B CN110135165B (en) 2023-06-09

Family

ID=67569941

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910294755.XA Active CN110135165B (en) 2019-04-12 2019-04-12 Dynamic hierarchical multi-granularity fuzzy test vulnerability mining method

Country Status (1)

Country Link
CN (1) CN110135165B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111897735A (en) * 2020-08-07 2020-11-06 北京理工大学 Fuzzy test case selection method and device based on particle swarm and multiple standards
CN113051153A (en) * 2021-02-23 2021-06-29 国家计算机网络与信息安全管理中心 Application software vulnerability scanning method and related equipment
CN113312254A (en) * 2021-03-29 2021-08-27 阿里巴巴新加坡控股有限公司 Kernel code testing method and device, storage medium and processor

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102508780A (en) * 2011-11-21 2012-06-20 电子科技大学 Crossed dynamic software testing method and device
CN103116540A (en) * 2013-01-23 2013-05-22 电子科技大学 Dynamic symbolic execution method and device thereof based on overall situation super block dominator graph
CN103744782A (en) * 2014-01-02 2014-04-23 北京百度网讯科技有限公司 Method and device for acquiring program execution sequence
CN107193731A (en) * 2017-05-12 2017-09-22 北京理工大学 Use the fuzz testing coverage rate improved method of control variation
CN107193732A (en) * 2017-05-12 2017-09-22 北京理工大学 A kind of verification function locating method compared based on path
CN107832619A (en) * 2017-10-10 2018-03-23 电子科技大学 Vulnerability of application program automatic excavating system and method under Android platform

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102508780A (en) * 2011-11-21 2012-06-20 电子科技大学 Crossed dynamic software testing method and device
CN103116540A (en) * 2013-01-23 2013-05-22 电子科技大学 Dynamic symbolic execution method and device thereof based on overall situation super block dominator graph
CN103744782A (en) * 2014-01-02 2014-04-23 北京百度网讯科技有限公司 Method and device for acquiring program execution sequence
CN107193731A (en) * 2017-05-12 2017-09-22 北京理工大学 Use the fuzz testing coverage rate improved method of control variation
CN107193732A (en) * 2017-05-12 2017-09-22 北京理工大学 A kind of verification function locating method compared based on path
CN107832619A (en) * 2017-10-10 2018-03-23 电子科技大学 Vulnerability of application program automatic excavating system and method under Android platform

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111897735A (en) * 2020-08-07 2020-11-06 北京理工大学 Fuzzy test case selection method and device based on particle swarm and multiple standards
CN111897735B (en) * 2020-08-07 2022-11-11 北京理工大学 Fuzzy test case selection method and device based on particle swarm and multiple standards
CN113051153A (en) * 2021-02-23 2021-06-29 国家计算机网络与信息安全管理中心 Application software vulnerability scanning method and related equipment
CN113051153B (en) * 2021-02-23 2022-11-15 国家计算机网络与信息安全管理中心 Application software vulnerability scanning method and related equipment
CN113312254A (en) * 2021-03-29 2021-08-27 阿里巴巴新加坡控股有限公司 Kernel code testing method and device, storage medium and processor

Also Published As

Publication number Publication date
CN110135165B (en) 2023-06-09

Similar Documents

Publication Publication Date Title
CN110135165A (en) A kind of more granularity fuzz testing bug excavation methods of the classification of mobilism
Cheung et al. Modeling multistep cyber attacks for scenario recognition
CN104219316B (en) A kind of call request processing method and processing device in distributed system
US8935794B2 (en) Verifying application security vulnerabilities
CN106055980B (en) A kind of rule-based JavaScript safety detecting method
CN105871850B (en) Crawler detection method and system
CN106453386A (en) Automatic internet asset monitoring and risk detecting method based on distributed technology
US20080148039A1 (en) Selecting instrumentation points for an application
CN110351260A (en) A kind of Intranet attack method for early warning, device and storage medium
CN109271780A (en) Method, system and the computer-readable medium of machine learning malware detection model
CN105391729A (en) Web loophole automatic mining method based on fuzzy test
CN104850786B (en) Malicious code integrity analysis method based on environment reconstruct
CN104392177A (en) Android platform based virus forensics system and method
Saad et al. Dine and dash: Static, dynamic, and economic analysis of in-browser cryptojacking
CN104184728A (en) Safety detection method and device for Web application system
Prechtel et al. Evaluating spread of ‘gasless send’in ethereum smart contracts
CN104598820A (en) Trojan virus detection method based on feature behavior activity
CN110535874A (en) A kind of network attack detecting method and system of antagonism network
CN108965251B (en) A kind of safe mobile phone guard system that cloud combines
Oliveira et al. An approach for benchmarking the security of web service frameworks
Chatzigeorgiou et al. Application of graph theory to OO software engineering
Liu et al. Legion: Best-first concolic testing
CN114036059A (en) Automatic penetration testing system and method for power grid system and computer equipment
Iannone et al. Toward automated exploit generation for known vulnerabilities in open-source libraries
CN115361203A (en) Vulnerability analysis method based on distributed scanning engine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant