CN110443045B - Fuzzy test case generation method based on machine learning method - Google Patents
Fuzzy test case generation method based on machine learning method Download PDFInfo
- Publication number
- CN110443045B CN110443045B CN201910742264.7A CN201910742264A CN110443045B CN 110443045 B CN110443045 B CN 110443045B CN 201910742264 A CN201910742264 A CN 201910742264A CN 110443045 B CN110443045 B CN 110443045B
- Authority
- CN
- China
- Prior art keywords
- test case
- marking
- machine learning
- test
- fuzzy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention relates to a fuzzy test case generation method based on a machine learning method, and relates to the field of information security. The invention optimizes the design of the redundancy problem of the test case existing in the current fuzzy test technology, marks and identifies the stain variable and the problem function in the program object before the generation of the fuzzy test case in the aspect of generating the fuzzy test case facing the source program file, and combines the existing seed case generation and screening technology, thereby improving the effectiveness of the fuzzy test case and reducing the redundancy of the fuzzy test case set. In the test case generation link, machine learning is combined, the simplified feasibility of the machine learning for the test case is analyzed, the test case generation optimization technical thought of the machine learning is obtained, a model and an algorithm of the machine learning are adopted, the test case generation link in the fuzzy test flow is improved, the test case generation efficiency is improved, redundancy removal of the combination of the test cases is realized, and the goal of improving the intelligent degree of the fuzzy test flow is achieved.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a fuzzy test case generation method based on a machine learning method.
Background
According to the statistics of security vulnerabilities published by a national information security vulnerability library (CNNVD), the number of security vulnerabilities published in 2018 in China is 23029, and compared with the total number of security vulnerabilities in 2017, the annual growth rate is about 23.9%. Compared with the trend that the number of security holes increases sharply in 2017, the number of security holes increases slowly in 2018. However, this does not mean that security hole prevention work has achieved a favorable result, because the main reason for this is that security hole statistics and publication are more decentralized than ever, and a large number of security holes are not officially included and published. Moreover, security breaches are increasingly viewed as an important strategic resource, limiting the amount and time of security breach publication. One core of the network security research is the research related to security vulnerabilities. Due to the existence of the security loophole, a malicious attacker can realize illegal access to resources in a network space and even destroy the resources. In the current network ecosystem, the related range of the damage caused by the security vulnerability is wider and wider, the result is more and more serious, and a plurality of research institutions and personnel carry out deep research work on the security vulnerability detection technology.
As an effective means for detecting security vulnerabilities, the fuzzy testing technology has important safety protection significance for scientific research and production. Due to the advantages of high usability, low cost, good detection effect and the like, the fuzzy test technology has become one of the security vulnerability detection technologies commonly used in the industry at present, and numerous researches and applications have been developed aiming at the targets of network protocols, portal websites, key information systems and the like. However, the current fuzz testing technology still has the following main problems:
(1) the target object type coverage of the fuzz testing technique is to be improved in view of the targeted target scope. For example, for the fuzzifier of a source code program file, the number of supported source code program language types is always one of the factors restricting the wide application of the fuzzifier. Furthermore, the same fuzzifier often exhibits fluctuations in detection levels for different types of software programs.
(2) The generation link of the test case is always a crucial step in the process of the fuzzy test, and the effectiveness of the test case directly influences whether the final test result is accurate or not. The current mainstream fuzzy test technology has the problems of serious case redundancy, high cost, uncontrollable cost and the like in the test case generation stage.
(3) The fuzz testing technique still needs to be improved in terms of the type coverage of security vulnerabilities. Although current fuzz testing techniques can effectively discover certain types of security breaches, they are ineffective for certain specific security breaches.
Disclosure of Invention
Technical problem to be solved
The technical problem to be solved by the invention is as follows: how to realize a new method for generating the fuzzy test case, the effectiveness of the fuzzy test case is improved, and the redundancy of the fuzzy test case set is reduced.
(II) technical scheme
In order to solve the technical problem, the invention provides a fuzzy test case generation method based on a machine learning method, which comprises a code preprocessing link and a fuzzy test case generation link;
the code preprocessing step is to adopt a code detection technology, a stain marking technology and an unsafe function marking technology to preprocess and analyze a software program to be detected and identify suspected vulnerability codes such as suspicious sentences, stain variables and unsafe functions;
the fuzzy test case generation link is that a seed case set is found out by utilizing a decision tree model and a random forest model in machine learning, a large quantity of test cases are generated in a variation mode, and redundant test cases under the similar security loopholes are removed by utilizing a trained classification predictor.
Preferably, the code preprocessing link includes a code detection step, a taint marking step and an unsafe function marking step, wherein the code detection step is to detect logic errors and expression types, the taint marking step is to check and identify program variables, and the unsafe function marking step is to identify suspected problem functions missed in the two steps, namely the code detection step and the taint marking step.
Preferably, the code detection step only performs suspicious statement marking operation on the software program to be detected by using a static statement marking technology.
Preferably, the taint marking step is to mark the taint of the software program output by the code detection step by a static taint marking technology, and mark untrusted input data and suspicious variables in the program according to a data input format of the software program to be detected and security vulnerability characteristics to be detected during marking.
Preferably, the unsafe function marking step identifies and marks unsafe functions existing in the software program output by the taint marking step, and identifies functions which may have unsafe calling modes.
Preferably, the execution sequence of the three steps of code detection, taint marking and unsafe function marking is replaced by parallel processing, and the processed three results are subjected to deduplication processing.
Preferably, the step of generating the fuzzy test case specifically comprises a step of determining a generation mode of a seed case and a step of generating the fuzzy test case;
the step of determining the generation mode of the seed case is to construct the generation mode of the test case according to suspicious codes such as question statements, taint variables and unsafe functions marked by code preprocessing;
the fuzzy test case generation step is that the value types of the fields in the seed cases are combined according to the generation mode of the seed cases to generate a batch of initial test cases for the fuzzy test, and the initial test cases are recorded as an initial set; then, inputting the initial test cases in the initial set into a software program to be tested, dynamically observing an execution effect, recording the condition of triggering the security loophole, judging whether the generation mode of the seed case is reasonable and accurate according to the triggering effect, and adjusting the generation mode when needed; constructing a classification predictor by using a decision tree model and a random forest model in machine learning, taking an adjusted case generation mode as a classification basis, and performing classification learning on the test cases in the initial set to train the classification predictor meeting the preset accuracy requirement; then, generating a plurality of batches of test cases as a test data set of the classification predictor according to the modified case generation mode; and then, carrying out classification operation on the test data set by using the constructed classification predictor, and removing the test case data with the same security vulnerability triggering effect.
Preferably, in the step of determining the generation mode of the seed use case, the generation mode format of the seed use case is determined as follows:
<vars,exps,ops,func,judge_num,var_num,func_num,env,conf>
wherein, the vars pointer points to the stain variable array and is used for storing stain variables, and the length of the array is determined according to the number of the stain variables recorded when the stain points are marked; the exps pointer points to an expression type array and is used for storing type data of suspicious sentences, and the length of the array is determined according to the number of the sentences recorded during code detection; the ops pointer points to the operator type array and is used for storing operator types existing in the suspicious sentences; a func pointer pointing to the unsafe library function array; judge _ num refers to the number of judgment statements existing in the software program to be tested, and the judgment statement number only records the number of the judgment statements and does not record the nested hierarchical structure among the judgment branches; var _ num refers to the number of taint variables in the software program to be tested; func _ num refers to the number of marked unsafe functions in the software program to be tested; an env pointer pointing to an environment information field; a conf pointer to a configuration information field.
Preferably, when a classification predictor is constructed by using a decision tree model and a random forest model in machine learning, the method of increasing classification characteristics and adjusting parameters is adopted to process the under-fitting problem.
Preferably, when the classification predictor is constructed using a decision tree model and a random forest model in machine learning, the classification feature number is also limited, and the training data set is expanded as much as possible to reduce the probability of overfitting.
(III) advantageous effects
The invention develops optimization design for the redundancy problem of the test case existing in the current mainstream fuzzy test technology, and in the aspect of generating the fuzzy test case facing to the source program file, the effectiveness of the fuzzy test case can be improved and the redundancy of the fuzzy test case set can be reduced by marking and identifying the stain variable and the problem function in the program object before the fuzzy test case is generated and combining the existing technologies of generating and screening the seed case. In the test case generation link, the simplified feasibility of the machine learning for the test case is analyzed in combination with the machine learning, the test case generation optimization technical idea of the machine learning is obtained, the test case generation link in the fuzzy test flow is improved by adopting a model and an algorithm of the machine learning, the test case generation efficiency is improved, the redundancy removal of the combination of the test cases is realized, and the aim of improving the intelligent degree of the fuzzy test flow is fulfilled.
Drawings
FIG. 1 is a schematic block diagram of a fuzzy test case method based on machine learning according to the present invention;
FIG. 2 is a flow chart of code detection in the method of the present invention;
FIG. 3 is a flow chart of spot marking in the method of the present invention;
FIG. 4 is a flow chart of the unsafe function labeling in the method of the present invention.
Detailed Description
In order to make the objects, contents, and advantages of the present invention clearer, the following detailed description of the embodiments of the present invention will be made in conjunction with the accompanying drawings and examples.
Aiming at three typical problems existing in the current mainstream fuzzy test technology, the invention develops optimization design for the test case redundancy problem existing in the current mainstream fuzzy test technology, marks and identifies stain variables and problem functions in program objects before generating the fuzzy test case oriented to a source program file, and combines the technologies of generating and screening the existing seed cases, thereby improving the effectiveness of the fuzzy test case and reducing the redundancy of a fuzzy test case set.
The generation link of the test case is a core link of the fuzzy test method, and the validity of the test case directly influences the accuracy of the fuzzy test result. Because the traditional fuzzy test technology adopts random values in the input space of the program to be tested in the test case generation stage, the coverage rate of the test case set to the program is low, and the final test result is always difficult to satisfy. The method combines machine learning, analyzes the feasibility of the machine learning for simplifying the test cases, obtains the test case generation optimization technical idea of the machine learning, adopts a model and an algorithm of the machine learning, improves the test case generation link in the fuzzy test flow, promotes the generation efficiency of the test cases, realizes the redundancy removal of the combination of the test cases, and achieves the aim of improving the intelligent degree of the fuzzy test flow.
The schematic block diagram of the fuzzy test case generation method based on machine learning is shown in fig. 1, and the method comprises a code preprocessing link and a fuzzy test case generation link.
In order to improve the effectiveness of the fuzz test case, the optimization technology aiming at the fuzz test carries out program analysis on a software program to be tested to different degrees at present. The invention continues the technical route of intelligent fuzz test, and needs to carry out code preprocessing on the software program to be tested in order to generate an effective fuzz test case. The code preprocessing link of the invention adopts a code detection technology, a stain marking technology and an unsafe function marking technology to preprocess and analyze the software program to be detected and mark suspected vulnerability codes such as suspicious sentences, stain variables, unsafe functions and the like without carrying out excessively deep program theoretical analysis. Among them, code detection techniques are used for detection of logic errors and expression types, taint marking techniques focus on inspection and identification of program variables, and unsafe function marking techniques are used to identify suspected problem functions that were missed by the first two approaches. Through the combined use of the three technologies, the pretreatment of three levels of variables, statements and functions in the software program to be tested is realized. The method specifically comprises the following three steps:
(1) code detection
The code detection technology adopted by the invention only carries out suspicious statement marking operation on the software program to be detected through the static statement marking technology, and does not carry out excessively deep program theoretical analysis such as path inspection, semantic analysis and the like. The specific flow is shown in fig. 2.
(2) Stain mark
According to the invention, through a static taint marking technology, when a software program output by code detection is marked with taint, according to a data input format of the software program to be detected and a security vulnerability characteristic to be detected, untrusted input data and suspicious variables in the program are marked, and then by combining an unsafe function marking technology, an unsafe mode using taint data can be detected, and the position of the code vulnerability is not revealed by tracking the transmission process of taint data, wherein the specific flow is shown in fig. 3.
(3) Insecure function marking
The invention identifies and marks unsafe functions in the software program output by the stain mark by adopting an unsafe function marking technology, and identifies the functions which possibly have unsafe calling modes. The specific flow is shown in fig. 4.
The three steps of code detection, taint marking and unsafe function marking can also be processed in parallel, but the processed three results also need to be subjected to deduplication processing.
A fuzzy test case generation link: in order to simplify the number of test cases on the premise of ensuring the coverage rate, the invention uses a decision tree model and a random forest model in machine learning to find out a good seed case set, uses a variation mode to generate a large batch of test cases, and uses a trained classifier to remove redundant test cases under the similar security loopholes. The method specifically comprises the following two steps:
(1) determining generation patterns for seed use cases
The method constructs a generation mode of the test case according to suspicious codes such as question statements, taint variables, unsafe functions and the like marked by code preprocessing. And aiming at the software program to be tested, the positions and mutual relations of suspicious sentences, taint variables and unsafe functions are extracted through marking and information recording in a code preprocessing stage. The data is used for generating a generation mode of a seed use case, and provides reference basis for generating a seed use case, such as a taint variable field, an unsafe function field, a suspicious statement field, an operator type field, an expression type field, a judgment branch number field and a step generation mode. Therefore, the generation mode format of the seed case is determined as follows:
<vars,exps,ops,func,judge_num,var_num,func_num,env,conf>
wherein, the vars pointer points to the stain variable array and is used for storing stain variables, and the length of the array is determined according to the number of the stain variables recorded when the stain points are marked; the exps pointer points to an expression type array and is used for storing type data of suspicious sentences, and the length of the array is determined according to the number of the sentences recorded during code detection; the ops pointer points to the operator type array and is used for storing operator types existing in the suspicious sentences; a func pointer pointing to the unsafe library function array; judge _ num refers to the number of judgment statements existing in the software program to be tested (only the number of the judgment statements is recorded, and the nested hierarchical structure among the judgment branches is not recorded); var _ num refers to the number of taint variables in the software program to be tested; func _ num refers to the number of marked unsafe functions in the software program to be tested; an env pointer pointing to an environment information field; a conf pointer to a configuration information field.
(2) Fuzzy test case generation
Combining the value types of the fields according to the generation mode of the seed case to generate a batch of initial test cases for the fuzzy test, and recording the initial test cases as an initial set; then, inputting the initial test cases in the initial set into a software program to be tested, dynamically observing an execution effect, recording the condition of triggering the security loophole, judging whether the generation mode of the seed case is reasonable and accurate according to the triggering effect, and adjusting the generation mode when needed; constructing a classification predictor by using a decision tree algorithm and a random forest algorithm in machine learning, taking an adjusted case generation mode as a classification basis, and performing classification learning on the test cases in the initial set so as to train the classification predictor meeting the accuracy requirement; then, generating a plurality of batches of test cases as a test data set of the classification predictor according to the modified case generation mode; and then, carrying out classification operation on the test data set by using the constructed classification predictor, and removing the test case data with the same security vulnerability triggering effect, thereby realizing the aim of simplifying the test case set.
Meanwhile, in order to solve the problem of generalization limitation of the decision tree learning model and the random forest learning model in the step, the method adopts some methods to limit and avoid under-fitting and over-fitting conditions. Generally speaking, the under-fitting problem in machine learning means that a learning model cannot obtain satisfactory accuracy in the training process of a training data set in a test data set, and the learning model does not perform well on the test data set; the overfitting problem means that the learning model can obtain a better result on a training data set, even the accuracy rate is 100%, but the result meeting the requirement cannot be obtained on a test data set when the model verification link is reached. In order to solve the under-fitting and over-fitting problems of the random forest model and the decision tree model to a certain extent, the under-fitting problem is processed by adopting a method of increasing classification characteristics and adjusting parameters; by reducing the complexity of the model to a certain extent, limiting the classification characteristic number, and simultaneously expanding the training data set as much as possible, the probability of overfitting is reduced.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (4)
1. A fuzzy test case generation method based on a machine learning method is characterized by comprising a code preprocessing link and a fuzzy test case generation link;
the code preprocessing step is to adopt a code detection technology, a stain marking technology and an unsafe function marking technology to preprocess and analyze a software program to be detected and identify suspected vulnerability codes such as suspicious sentences, stain variables and unsafe functions;
the fuzzy test case generation link is that a seed case set is found out by utilizing a decision tree model and a random forest model in machine learning, a large quantity of test cases are generated by using a variation mode, and redundant test cases under the similar security loopholes are removed by using a trained classification predictor;
the code preprocessing link comprises a code detection step, a taint marking step and an unsafe function marking step, wherein the code detection step is used for detecting logic errors and expression types, the taint marking step is used for checking and marking program variables, and the unsafe function marking step is a suspected problem function omitted in the two steps of code identification step and taint marking step;
the code detection step only carries out suspicious statement marking operation on the software program to be detected through a static statement marking technology;
the taint marking step is used for carrying out taint marking on the software program output by the code detection step through a static taint marking technology, and untrusted input data and suspicious variables in the program are marked according to the data input format of the software program to be detected and the security vulnerability characteristics to be detected during marking;
the unsafe function marking step identifies and marks unsafe functions existing in the software program output by the stain marking step, and identifies functions which possibly have unsafe calling modes;
replacing the execution sequence of the three steps of code detection, taint marking and unsafe function marking with parallel processing, and carrying out duplicate removal processing on the processed three results;
the fuzzy test case generation link specifically comprises a step of determining a generation mode of a seed case and a step of generating a fuzzy test case;
the step of determining the generation mode of the seed case is to construct the generation mode of the test case according to suspicious codes such as question statements, taint variables and unsafe functions marked by code preprocessing;
the fuzzy test case generation step is that the value types of the fields in the seed cases are combined according to the generation mode of the seed cases to generate a batch of initial test cases for the fuzzy test, and the initial test cases are recorded as an initial set; then, inputting the initial test cases in the initial set into a software program to be tested, dynamically observing an execution effect, recording the condition of triggering the security loophole, judging whether the generation mode of the seed case is reasonable and accurate according to the triggering effect, and adjusting the generation mode when needed; constructing a classification predictor by using a decision tree model and a random forest model in machine learning, taking an adjusted case generation mode as a classification basis, and performing classification learning on the test cases in the initial set to train the classification predictor meeting the preset accuracy requirement; then, generating a plurality of batches of test cases as a test data set of the classification predictor according to the modified case generation mode; and then, carrying out classification operation on the test data set by using the constructed classification predictor, and removing the test case data with the same security vulnerability triggering effect.
2. The method of claim 1, wherein in the step of determining the generation pattern of the seed use case, the generation pattern format of the seed use case is determined as follows:
<vars,exps,ops,func,judge_num,var_num,func_num,env,conf>
wherein, the vars pointer points to the stain variable array and is used for storing stain variables, and the length of the array is determined according to the number of the stain variables recorded when the stain points are marked; the exps pointer points to an expression type array and is used for storing type data of suspicious sentences, and the length of the array is determined according to the number of the sentences recorded during code detection; the ops pointer points to the operator type array and is used for storing operator types existing in the suspicious sentences; a func pointer pointing to the unsafe library function array; judge _ num refers to the number of judgment statements existing in the software program to be tested, and the judgment statement number only records the number of the judgment statements and does not record the nested hierarchical structure among the judgment branches; var _ num refers to the number of taint variables in the software program to be tested; func _ num refers to the number of marked unsafe functions in the software program to be tested; an env pointer pointing to an environment information field; a conf pointer to a configuration information field.
3. A method as claimed in claim 1, wherein the under-fitting problem is dealt with by adding classification features and tuning parameters when constructing the classification predictor using decision tree models and random forest models in machine learning.
4. A method as claimed in claim 1, wherein when constructing the classification predictor using decision tree models and random forest models in machine learning, the classification feature numbers are also limited while expanding the training data set as much as possible to reduce the probability of overfitting.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910742264.7A CN110443045B (en) | 2019-08-13 | 2019-08-13 | Fuzzy test case generation method based on machine learning method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910742264.7A CN110443045B (en) | 2019-08-13 | 2019-08-13 | Fuzzy test case generation method based on machine learning method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110443045A CN110443045A (en) | 2019-11-12 |
| CN110443045B true CN110443045B (en) | 2020-12-15 |
Family
ID=68434770
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910742264.7A Active CN110443045B (en) | 2019-08-13 | 2019-08-13 | Fuzzy test case generation method based on machine learning method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110443045B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110708344B (en) * | 2019-11-22 | 2022-03-04 | 中电科思仪科技股份有限公司 | Vulnerability detection method and system based on fuzzy technology |
| CN113297060A (en) * | 2020-05-11 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Data testing method and device |
| CN113742204B (en) * | 2020-05-27 | 2023-12-12 | 南京大学 | Deep learning operator testing method based on fuzzy test |
| CN111767546B (en) * | 2020-06-17 | 2022-09-16 | 北京理工大学 | Deep learning-based input structure inference method and device |
| CN112559377A (en) * | 2020-12-25 | 2021-03-26 | 上海高顿教育科技有限公司 | Method and device for generating first test case |
| CN112733146B (en) * | 2020-12-31 | 2022-12-13 | 深圳平安医疗健康科技服务有限公司 | Penetration testing method, device and equipment based on machine learning and storage medium |
| CN112948255B (en) * | 2021-03-23 | 2024-05-14 | 三六零数字安全科技集团有限公司 | Distributed kernel fuzzy test system and method |
| CN114048132A (en) * | 2021-11-12 | 2022-02-15 | 北京知道未来信息技术有限公司 | Fuzzy test method and device based on decision tree |
| CN114117454A (en) * | 2021-12-10 | 2022-03-01 | 中国电子科技集团公司第十五研究所 | Seed optimization method based on vulnerability prediction model |
| CN117435178B (en) * | 2023-12-20 | 2024-03-15 | 厦门东软汉和信息科技有限公司 | Code generation system, method, device and storage medium |
| CN117555814B (en) * | 2024-01-11 | 2024-05-10 | 三六零数字安全科技集团有限公司 | Software testing method and device, storage medium and terminal |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573524A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Fuzz testing method based on static detection |
| CN107832228A (en) * | 2017-11-29 | 2018-03-23 | 北京锐安科技有限公司 | A kind of test case reduction method, device, equipment and storage medium |
| CN109739755A (en) * | 2018-12-27 | 2019-05-10 | 北京理工大学 | A kind of fuzz testing system executed based on program trace and mixing |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9330262B2 (en) * | 2012-09-21 | 2016-05-03 | University Of Limerick | Systems and methods for runtime adaptive security to protect variable assets |
| US10318667B2 (en) * | 2015-12-16 | 2019-06-11 | International Business Machines Corporation | Test case generation |
| CN107957944B (en) * | 2017-11-24 | 2020-08-25 | 浙江大学 | User data coverage rate oriented test case automatic generation method |
| CN108647520B (en) * | 2018-05-15 | 2020-05-29 | 浙江大学 | Intelligent fuzzy test method and system based on vulnerability learning |
| CN109597767B (en) * | 2018-12-19 | 2021-11-12 | 中国人民解放军国防科技大学 | Genetic variation-based fuzzy test case generation method and system |
-
2019
- 2019-08-13 CN CN201910742264.7A patent/CN110443045B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573524A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Fuzz testing method based on static detection |
| CN107832228A (en) * | 2017-11-29 | 2018-03-23 | 北京锐安科技有限公司 | A kind of test case reduction method, device, equipment and storage medium |
| CN109739755A (en) * | 2018-12-27 | 2019-05-10 | 北京理工大学 | A kind of fuzz testing system executed based on program trace and mixing |
Non-Patent Citations (2)
| Title |
|---|
| New Challenge of Protecting Privacy due to Stained Recognition;Lining Xu 等;《2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC)》;20160825;全文 * |
| 基于差分隐私的Android物理传感器侧信道防御方法;唐奔宵 等;《物联网安全专题》;20181128;第55卷(第7期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110443045A (en) | 2019-11-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110443045B (en) | Fuzzy test case generation method based on machine learning method | |
| Petsios et al. | Slowfuzz: Automated domain-independent detection of algorithmic complexity vulnerabilities | |
| EP3566166B1 (en) | Management of security vulnerabilities | |
| CN103995782B (en) | A kind of stain based on stain invariant set analyzes method | |
| Medhat et al. | A new static-based framework for ransomware detection | |
| Alenezi et al. | SQL injection attacks countermeasures assessments | |
| Mirsky et al. | {VulChecker}: Graph-based Vulnerability Localization in Source Code | |
| Laurenza et al. | Malware triage for early identification of advanced persistent threat activities | |
| Feng et al. | Automated detection of password leakage from public github repositories | |
| CN111177731A (en) | Software source code vulnerability detection method based on artificial neural network | |
| Liu et al. | Tracking mirai variants | |
| CN114024761B (en) | Network threat data detection method and device, storage medium and electronic equipment | |
| CN111309589A (en) | Code security scanning system and method based on code dynamic analysis | |
| CN112817877A (en) | Abnormal script detection method and device, computer equipment and storage medium | |
| Kumar et al. | Secuscada: Building secure scada network with obfuscated malware detection technique | |
| CN112257077A (en) | Automatic vulnerability mining method based on deep learning | |
| Seas et al. | Automated Vulnerability Detection in Source Code Using Deep Representation Learning | |
| Mei et al. | CTScopy: hunting cyber threats within enterprise via provenance graph-based analysis | |
| CN106101086A (en) | The cloud detection method of optic of program file and system, client, cloud server | |
| Kumar et al. | Android Malware Family Classification: What Works–API Calls, Permissions or API Packages? | |
| CN115391787A (en) | AFL seed optimization method and system based on generation countermeasure network | |
| CN115545091A (en) | Integrated learner-based malicious program API (application program interface) calling sequence detection method | |
| Elhag et al. | Toward an improved security performance of industrial internet of things systems | |
| Ratyal et al. | On the evaluation of the machine learning based hybrid approach for android malware detection | |
| Ali et al. | A comparative analysis and performance evaluation of web application protection techniques against injection attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |