CN110647752B - Fuzzy test platform based on genetic algorithm - Google Patents
Fuzzy test platform based on genetic algorithm Download PDFInfo
- Publication number
- CN110647752B CN110647752B CN201910915407.XA CN201910915407A CN110647752B CN 110647752 B CN110647752 B CN 110647752B CN 201910915407 A CN201910915407 A CN 201910915407A CN 110647752 B CN110647752 B CN 110647752B
- Authority
- CN
- China
- Prior art keywords
- test
- genetic algorithm
- population
- fuzzy
- engine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/12—Computing arrangements based on biological models using genetic models
- G06N3/126—Evolutionary algorithms, e.g. genetic algorithms or genetic programming
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The invention relates to a fuzzy test platform based on a genetic algorithm, which applies the genetic algorithm to the generation of test cases in the fuzzy test platform, expands a variation function interface of a test script based on the existing test platform framework, supports the generation of a test case library by using the genetic algorithm, upgrades a data receiving module of a test engine, supports the coding of return data, participates in the calculation of an fitness function in the genetic algorithm, realizes the evaluation of the test cases, and achieves the aim of screening the optimal test cases; the redundancy of the test cases can be reduced, and the efficiency and coverage of fuzzy test are improved, so that the vulnerability mining capability of the test platform is improved.
Description
Technical Field
The invention relates to a fuzzy test platform based on a genetic algorithm, and belongs to the technical field of fuzzy tests.
Background
In recent years, as industrial control systems are introduced into internet technology, the functions of the industrial control systems are becoming more powerful and efficient, promoting the rapid development of the industrial control field, and the industrial control networks are also increasingly emphasized from the characteristic of having vivid traditional sealing property to the present. However, a great number of control devices do not consider a perfect security mechanism at the beginning of design, and serious consequences can occur once the internet is accessed and attacked maliciously. The security test is carried out on the protocol equipment in the industrial control network, hidden holes in the equipment are found, and corresponding means are adopted to repair or avoid, so that the method is one of effective means for avoiding the industrial control network from being attacked.
The industrial control protocol equipment safety test is a protocol safety loophole mining method, and the purpose of loophole mining is achieved by repeatedly sending unexpected data to a tested system and monitoring the running state and the output state of equipment. The detection platform for carrying out the safety test by utilizing the fuzzy test technology internationally has products which are developed and mature and pass through the most authoritative safety certification ISASECURE certification in the international industrial control field, but due to the problems of expansibility, customizable flexibility, maintenance cost and the like, the detection platform is difficult to meet the increasing safety detection requirement brought by the development of the domestic industrial control network system objectively. Based on the current situation, a safety test platform (hereinafter referred to as a test platform) for industrial control and internet of things protocols is independently developed, and the platform provides a set of efficient fuzzy test language and test engine, can provide a special variation method suitable for industrial control and internet of things protocol fuzzy tests, such as structural variation, error injection, inconsistent context and the like, according to the characteristics of the industrial control and internet of things protocols, and ensures that a protocol test model is quickly and efficiently constructed, and a large number of test cases are automatically generated based on the model. At present, the test platform can cover the test of the main stream industrial control protocol, and is oriented to product suppliers and industry users in the field of industrial Internet to develop security evaluation authentication service, but the platform also has the defects of the traditional fuzzy test method, such as huge test cases caused by traversing of variant position fields in protocol data, relatively simple variant strategies, low test efficiency caused by not participating in screening of the test cases of test results, and lower loophole detection rate.
The genetic algorithm is a calculation model of the biological evolution process simulating the natural selection and genetic mechanism of the Darwin biological evolution theory, and is a method for searching the optimal solution by simulating the natural evolution process. Since the genetic algorithm is a general algorithm for solving the search problem, it can be used for various general problems. The application research of the genetic algorithm in the field of software testing has achieved a certain result. The main research direction of the application of the genetic algorithm in the field of testing is how to improve the effectiveness of automatically generating test cases, and the research content comprises:
(1) The coding mode is designed to be suitable for solving the problem, each case in the test case set can correspond to one gene code in the population, and the code has a certain functional relation with the actual test case;
(2) The fitness function, in the genetic algorithm, the evaluation criteria of the test cases are all according to the fitness function, so that the design of the fitness function directly influences the convergence rate of the genetic algorithm;
(3) The selection operator is used for determining individuals participating in cross variation, is a process of selecting the winner and the bad of the population based on the fitness function, and adopts a roulette selection method in the current research results;
(4) A crossover mutation operator, wherein the crossover operation is to randomly select genes at the same positions of two different individuals from all selected father individuals for exchange, so as to generate a new individual; mutation refers to the transformation of genes at certain locations in a selected individual. The crossover mutation operator provides the genetic algorithm with the ability to search globally.
In the research of generating test cases by using a genetic algorithm, according to the characteristics of a tested system and the requirements of the test cases, the above contents of the genetic algorithm are required to be researched and improved until the algorithm can iterate out an optimal solution or an optimal solution set. The current research is to solve the problem of test case generation of a special system, such as a security software system, a database management system and the like, and the evaluation standard of the test case is quantitative evaluation of path coverage, code block coverage and the like. Since the algorithm research improvement is to solve the specific problems in the research work in the specific fields, although the research methods are similar, the research results are difficult to popularize and use due to the poor universality.
Disclosure of Invention
The invention aims to solve the technical problem of providing a fuzzy test platform based on a genetic algorithm, so that the genetic algorithm can be used universally in the process of generating industrial control protocol test cases, the test efficiency and the loophole detection rate are improved, and the effect of optimizing the test cases is achieved.
The invention adopts the following technical scheme for solving the technical problems: the invention designs a fuzzy test platform based on a genetic algorithm, which is used for testing industrial control equipment and comprises a fuzzy test platform, a genetic algorithm use interface defined based on a test script language, a processing interface between a test engine and the genetic algorithm and an iteration component of the genetic algorithm;
based on the fuzzy test platform, in the process of analyzing test cases in the test script by the test engine and testing the industrial control equipment, according to the analyzed genetic algorithm using interface, calling the genetic algorithm according to the processing interface between the test engine and the genetic algorithm, and combining an iteration component of the genetic algorithm, iterating the test cases to obtain the optimal test cases, and completing the fuzzy test of the industrial control equipment.
As a preferred technical scheme of the invention: the processing interface between the test engine and the genetic algorithm comprises an interface for the test engine to access the genetic algorithm population, an interface for the test engine to access the genetic algorithm database, and a calculation module for the test engine to receive the data packet from the test script and to perform the fitness function value of the genetic algorithm.
As a preferred technical scheme of the invention: the iteration aiming at the test cases comprises static call genetic algorithm and dynamic call genetic algorithm, wherein in the static call genetic algorithm, the test cases are stored in a genetic algorithm population, the test engine calls the genetic algorithm, and in combination with an iteration component of the genetic algorithm, the test engine accesses an interface of the genetic algorithm population, the iteration is carried out aiming at the test cases, the optimal test cases are obtained, and then the fuzzy test on the industrial control equipment is completed.
As a preferred technical scheme of the invention: in the dynamic call genetic algorithm, a test engine accesses a genetic algorithm database interface according to the test engine, obtains a current iteration population corresponding to each test case from the genetic algorithm database, sends each test case to industrial control equipment for testing, receives each test result and stores the test result in the genetic algorithm database, and after all the test cases corresponding to the current iteration population finish testing, the test engine calls the genetic algorithm aiming at the current iteration population and each test result, and iterates aiming at the current iteration population by combining with an iteration component of the genetic algorithm to obtain a next iteration population, and repeats the process until a population set corresponding to the optimal test case is obtained.
As a preferred technical scheme of the invention: in the dynamic call genetic algorithm, a test engine sends each test case to industrial control equipment for testing, and in the process of receiving each test result and storing the test result in a genetic algorithm database, the return path information of the industrial control equipment is obtained through pile insertion in a test program of the industrial control equipment.
As a preferred technical scheme of the invention: the genetic algorithm defined based on the test script language uses an interface and comprises a name definition and a parameter definition, wherein the parameter definition comprises an initial population selection range definition, an fitness function pointer definition, a population individual chromosome length, a crossing rate and a mutation rate definition.
As a preferred technical scheme of the invention: the iterative components of the genetic algorithm comprise population initialization, preset type fitness functions, roulette selection methods and cross mutation operators.
As a preferred technical scheme of the invention: the preset type fitness function comprises a linear fitness function or a fitness function based on a Hamming distance.
Compared with the prior art, the fuzzy test platform based on the genetic algorithm has the following technical effects:
the fuzzy test platform based on the genetic algorithm is designed, the genetic algorithm is applied to the generation of test cases in the fuzzy test platform, the mutation function interface of a test script is expanded based on the existing test platform framework, the generation of a test case library by using the genetic algorithm is supported, a data receiving module of a test engine is upgraded, the coding of return data is supported, the calculation of fitness functions in the genetic algorithm is participated, the evaluation of the test cases is realized, and the aim of screening optimal test cases is fulfilled; the redundancy of the test cases can be reduced, and the efficiency and coverage of fuzzy test are improved, so that the vulnerability mining capability of the test platform is improved.
Drawings
FIG. 1 is a schematic diagram of an iteration of a fuzzy test platform applying a genetic algorithm to test cases in the design of the present invention;
FIG. 2 is a diagram illustrating the problem of target program path coverage using the FTP protocol in the design of the present invention.
Detailed Description
The following describes the embodiments of the present invention in further detail with reference to the drawings.
In the field of fuzzy test, the test efficiency and the test coverage are an important index for evaluating the quality of a fuzzy test method. The genetic algorithm can improve the efficiency and coverage of the fuzzy test on the software system. The invention applies the genetic algorithm in the field of fuzzy test on industrial Internet equipment, and improves the protocol test efficiency by more than 20% under the condition of guaranteeing the test coverage rate.
The test platform obtains mutation data of the fuzzy test field by defining an interface function in the test script, wherein the mutation data can be derived from a database, a designated data set or mutation data automatically generated by the function according to certain logic. When there is no experience set of variant data, the most conservative way is to traverse all data that meets the field type, for example: the field of unsigned8 type traverses data 0-0 xFF. The traversal data mutation strategy is complete and has no omission, but when the mutation field is relatively large, the number of generated test cases is extremely large, the test time is long, and the test efficiency is low. In order to improve the effectiveness of the mutation data, the mutation data is subjected to iterative optimization by using a genetic algorithm, test case evaluation standards are introduced, and the optimal test cases or test case sets are screened.
The test platform provides a set of efficient fuzzy test language, and a special variation method suitable for industrial control and Internet of things protocol fuzzy test is developed based on the language, so that a protocol test model can be constructed quickly and efficiently by using the test platform, and the universality and the flexibility of the test platform are ensured. Therefore, the invention designs a fuzzy test platform based on a genetic algorithm, which is used for testing industrial control equipment and comprises a fuzzy test platform, a genetic algorithm use interface defined based on a test script language, a processing interface between a test engine and the genetic algorithm and an iteration component of the genetic algorithm.
Based on the fuzzy test platform, in the process of analyzing test cases in the test script by the test engine and testing the industrial control equipment, according to the analyzed genetic algorithm using interface, calling the genetic algorithm according to the processing interface between the test engine and the genetic algorithm, and combining an iteration component of the genetic algorithm, iterating the test cases to obtain the optimal test cases, and completing the fuzzy test of the industrial control equipment.
In practical application, when the genetic algorithm analyzed by the test engine uses the interface, all variation data are obtained according to the interface parameters as an initial population, the initial population adopts a matrix form, each row represents one individual (chromosome carrying gene codes), each individual consists of a plurality of genes, and each column represents one gene code. The length of a particular chromosome (i.e., the number of genes) is determined by the total number of variant data. For example, mutation data of the type of unogned 16 total 108, so that the chromosome length can be taken to be 7, 27=128 >108. During initialization, the 0-1 value of the codes of the 1 st to 7 th genes of the chromosomes is randomly generated, each chromosome code corresponds to one test case in the population, the population coding process is completed, as shown in figure 1, a genetic algorithm is subsequently invoked, an iteration component of the genetic algorithm is combined, and the iteration of the test cases, the crossing and the mutation of the genetic algorithm are all performed in the chromosome gene codes of individuals in the population.
In applying the genetic algorithm in the fuzzy test, the fitness function is an evaluation standard of test case data, and the evaluation standard can be very simple, for example: the mutation data which is closer to the boundary value can be set to effectively measure the equipment vulnerability; can also be complex, for example: and (3) evaluating the test cases by using a certain algorithm or a multi-dimensional index, wherein in a word, the more objective the evaluation standard of the test cases is, the more truly the fitness function can reflect the test effect, and the higher the effectiveness of the optimal test cases generated by iteration is. Setting a selection operator, a crossover operator and a mutation (mutation process of genetic algorithm, non-test platform mutation data) operator, determining iteration times, and screening out optimal test case data.
(1) The invention defines a genetic algorithm using interface based on the test script language as an extension part of the fuzzy test language. As shown in fig. 2, the following is an exemplary interface definition provided by the test platform, but not limited to, an interface name, and interfaces may be added according to requirements of protocol testing and algorithm improvement, including a name definition, a parameter definition, where the parameter definition includes configuration items such as an initial population selection range definition, an fitness function pointer definition, a population individual chromosome length, a crossover rate, a mutation rate definition, and the like.
Wherein the following is shown:
genetic () is one of the interfaces in the genetic algorithm component, in this example, when the test engine parses the time_to_live field genetic interface, the genetic algorithm will be invoked, iterating through the genetic algorithm on the unigged 8 type variation field in the fault table until an optimal solution or set of optimal solutions is produced. This is a static way of using genetic algorithms, i.e. the fitness function is only related to the test case values, and does not require test results to participate.
The following is shown:
genetics dynamic (), genetics result () is an interface that dynamically uses genetic algorithm, i.e. fitness function needs the return value of test case to participate in evaluation, so the execution of dynamic genetic algorithm and the process of issuing package need to be cross-executed. When the test engine analyzes the genetics dynamic interface, the current iteration population is obtained from the database, a data packet is sent to the tested equipment, after the test engine receives the returned data packet, the test engine analyzes the returned data packet to the genetics result interface, a test result returned value is stored in the database, and the tested equipment returned path information is obtained through pile insertion in the tested program. After the test cases are packaged, a genetic algorithm is called to carry out iterative calculation to screen out next generation population and store the next generation population in a database, and the process is circularly executed until an optimal solution or an optimal solution set is iterated.
(2) The processing interface between the test engine and the genetic algorithm in the design of the invention comprises an interface for the test engine to access the genetic algorithm population, an interface for the test engine to access the genetic algorithm database, and a calculation module for the test engine to receive the data packet from the test script and to perform the fitness function value of the genetic algorithm.
The iteration aiming at the test cases comprises a static call genetic algorithm and a dynamic call genetic algorithm, wherein in the static call genetic algorithm, the test cases are stored in a genetic algorithm population, the test engine calls the genetic algorithm, and in combination with an iteration component of the genetic algorithm, the test engine accesses an interface of the genetic algorithm population, the iteration is carried out aiming at the test cases, the optimal test cases are obtained, and then the fuzzy test on the industrial control equipment is completed. In specific practical application, for the interface of the test engine for accessing the genetic algorithm population, the invention provides a population matrix definition mode for storing the current optimal data or data set. In the initial state, the initial population data comprises a variation data set, an optimal data set is generated after iterative screening of a genetic algorithm, a test engine obtains the variation data set, and if the variation data set is in the optimal data set, a package sending module is called to send test data, otherwise, the test data is not sent.
And accessing a genetic algorithm database interface by the test engine, dynamically calling the genetic algorithm, accessing the genetic algorithm database interface by the test engine according to the test engine, acquiring a current iteration population corresponding to each test case from the genetic algorithm database, sending each test case to the industrial control equipment for testing, and receiving each test result and storing the test result in the genetic algorithm database, wherein the return path information of the industrial control equipment is obtained by inserting piles in a test program of the industrial control equipment, and after the test of all the test cases corresponding to the current iteration population is finished, calling the genetic algorithm by the test engine according to the current iteration population and each test result, carrying out iteration on the current iteration population by combining an iteration component of the genetic algorithm, obtaining the next iteration population, and repeating the process until a population set corresponding to the optimal test case is obtained.
(3) The iteration component of the genetic algorithm in the design comprises a core implementation process of the genetic algorithm, wherein the core implementation process comprises population initialization, a preset type fitness function, a roulette selection method and a cross mutation operator, and the preset type fitness function comprises a linear fitness function or a fitness function based on a Hamming distance. The effect of the genetic algorithm implementation scheme provided by the invention on the test platform is described below.
In the static mode, a genetic algorithm is used, an IPv4.NonFragmented. Combiend FaultInject script is taken as an example, an enumeration method is used for variant data in the script, the total use case number is 22262, and Siemens s7-1200 equipment is tested. At use case number 11501, the device presents an exception rejection service. The device is again denied service at use case number 11542 after restarting.
The complete mutation data of the fault is cited and optimized by using a genetic algorithm, only a version field is reserved for an enumeration method, the total use case number 96077 of the fault table is subjected to iterative screening by the genetic algorithm, the actual package use case number 24834 is obtained, the actual use case number 114740 is obtained when the equipment is refused to serve, and the abnormal refused service occurs again after the equipment is restarted for a period of time. Attempting to simplify the script, measuring the equipment loopholes by using the minimum number of packets, reserving variation only in fields of version and time_to_ live, protocol, selecting optimal variation data by adopting a genetic algorithm in the field of time_to_ live, protocol, and testing the result: total case number 4284, genetic algorithm screens out actual package case number 2173, equipment refuses service when actual case number 1602, restarting equipment for a period of time, and equipment refuses service again.
The genetic algorithm can obviously improve the testing efficiency and shorten the testing time by screening the variation data. And when the loopholes appear, locating the package sending characteristics of the loopholes by adjusting the mode that the test script uses a genetic algorithm. The test is the preliminary use of the genetic algorithm in the test platform, the fitness function is simply set to be close to the boundary value, and along with the continuous discovery of the loopholes in the test, the evaluation of the test cases can be more and more consistent with the objective condition, and the evaluation of the fitness function can be close to reality.
In the dynamic mode using genetic algorithm, if the evaluation standard of the test case is complex, the test case cannot be determined by a certain feature, and the test case needs to be evaluated according to the actual test effect, and the dynamic mode needs to be introduced to screen the optimal test case. A typical problem is how to maximize execution path coverage after test data reaches the target program, because the higher the device under test program path coverage, the greater the probability of detecting vulnerabilities. At this time, the fitness function calculation needs to test the participation of the return value, the working mechanism of the test engine is to call the state of alternately proceeding the package issuing component and the genetic algorithm component, and the database table is circularly accessed to record the iteration result, and finally the optimal solution set is iterated.
In practical application, in the design of a genetic algorithm database, a mapping table is created for storing iterative population information in a genetic algorithm, and the structural design of the table is shown in the following table 1, wherein the table names are as follows: the main key of the deposition: generation+dnaid.
TABLE 1
Dynamic genetic algorithm in practical application, for describing the problem of coverage of a target program path by taking an FTP protocol as an example, the FTP protocol is composed of a plurality of commands, and different branches are executed according to different command types, for example, testing an FTP file uploading function requires a command combination: user name logging, password verification, working path changing, directory creation, file uploading and the like, and the specific function test of the file uploading can be started after a series of command actions are successfully executed, and if an abnormality occurs in the middle process, other paths can be executed by the program. How to generate test cases, so that the target program executes more path branches is a target of test case selection, taking the following test program as an example:
#define SEL_NULL 0
#define PARA_A 11
#define PARA_B 12
......
#define PARA_L 22
#define PARA_M 23
intsel_exec(intpar_a,intpar_b,intpar_c,intpar_d,intpar_e)
{
intsqlstate=SEL_START;
s_again:
Switch(sqlstate)
{
case SEL_START:
if(par_a==PARA_A)sqlstate=SEL_STATE_A;
else if(par_a==PARA_G)sqlstate=SEL_STATE_G;
elsesqlstate=SEL_NULL;
break;
case SEL_STATE_A:
if(par_b==PARA_B)sqlstate=SEL_STATE_B;
else if(par_b==PARA_C)sqlstate=SEL_STATE_C;
elsesqlstate=SEL_NULL;
break;
case SEL_STATE_C:
if(par_c==PARA_E)sqlstate=SEL_STATE_E;
elsesqlstate=SEL_NULL;
break;
case SEL_STATE_E:
if(par_d==PARA_K)sqlstate=SEL_STATE_F;
else if(par_d==PARA_L)sqlstate=SEL_STATE_I;
elsesqlstate=SEL_NULL;
break;
case SEL_STATE_F:
if(par_e==PARA_J)sqlstate=SEL_END;
elsesqlstate=SEL_NULL;
break;
case SEL_STATE_B:
if(par_c==PARA_D)sqlstate=SEL_STATE_D;
elsesqlstate=SEL_NULL;
break;
......
case SEL_STATE_G:
if(par_b==PARA_H)sqlstate=SEL_STATE_H;
elsesqlstate=SEL_NULL;
break;
case SEL_END:return 1;
default:return 0;
}
gotos_again;
}
as shown in FIG. 2, the function to be tested contains 11 states and 4 complete paths, and three optimal paths S-A-C-E-F-J, S-A-B-D-F and S-G-H-I-J are set to be solved into 5 parameter permutation and combination.
In the genetic algorithm design, fitness value calculation based on Hamming distance is applied, wherein a binary code string is used for representing an actual path executed by a tested program, and 11 states are included in the example, 11 bits are used for binary codes for representing SABCDEFGHIJ, and if a certain path is passed, a letter code representing the path is 1, and if no path is passed, the letter code is 0. Then all paths of the program under test correspond to one code as shown in the table below.
The fitness function is based on the code string, and the calculation formula is that
f(S[T])=1/(1+H(S[T],S[P]))
Where ST and SP are two m-bit binary strings, ST is the state combination experienced by the program 'S actual run path T, and SP is the state combination experienced by the program' S target path P. The Hamming distance H (ST, SP) between ST and SP is an integer greater than or equal to 0 and less than or equal to m, where when none of the states of ST and SP is the same, the value of H (ST, SP) is m, where the fitness function value of the individual is 1/(1+m), and when the states of ST and SP are fully coincident, the value of H (ST, SP) is 0, where the fitness function value of the individual is a maximum value of 1.
The fitness function values of the actual paths are different with respect to the three optimal paths, as shown in table 2 below.
TABLE 2
When the individual selection probability is calculated, weight is added to the target paths in order to comprehensively consider the fitness values of all the target paths, and a weighted average is calculated on all the fitness function values. If the fitness function value of a certain actual path has a maximum value of 1, the weight of the value is q, and the weight of the value is 0 relative to other paths, so that an individual with the fitness of 1 can be ensured to be directly output as an optimal solution. If the fitness function value of the actual path has no maximum value of 1, the weight value of each target path is 1/q, and after a test case of one target path is found in the algorithm, the maximum value of the weight value is reduced to q-1. The selection probability thus calculated is taken as the overall selection probability of the individual, and is involved in roulette selection.
In genetic algorithm design, crossover and mutation operators are typically operated on in the entire code string of an individual, which is inefficient if the individual consists of a cascade of multiple parameters. For the to-be-solved with the fitness value being the minimum value, all n parameters contained in the to-be-solved fitness value are not searched, and then the intersection and the variation can be performed on the whole string; when the fitness value is between the minimum value and 1, the actual parameter combination is partially overlapped with the target parameter combination, so that binary coding bits of a plurality of parameters in individual coding are matched with the target parameter, and if the bits are also subjected to cross mutation, the fitness function value of the next generation of sub-individuals is reduced. It is more appropriate to have the crossover and mutation operations performed in bits that do not meet the target parameters, so the crossover and mutation operator determines the range of the operating point.
Additional codes are used to represent the range of crossover and mutation operations. When the candidate solution is not the optimal solution, it indicates that one or more parameters in the parameter combination do not conform to the target parameters, the bits occupied by the non-conforming parameters are bits operable by the crossover and mutation operators, and the additional codes mark the bits. The inclusion or absence of a state indicates the compliance or non-compliance of the parameter, and thus the value of the additional code can be calculated from the relationship of the actual path and the target path. If each parameter in the individual code is represented by a w-bit binary number, the operating point range can be found by the following formula:
R=(n-H(S[T],S[P0])+1)*w
wherein S [ P0] is an m-bit all-0 binary string, H (S [ T ], S [ P0 ]) obtains a coincidence value of an actual path and a target path by calculating the Hamming distance between the actual path T and the P0, the coincidence value describes how many parameter bits in an individual coding string have coincided with a target parameter, and the crossover and mutation operation can be performed on the remaining bits which do not coincided with the target parameter. The cross mutation operator operating point ranges in this example are shown in table 2 above.
In the iterative experiment using the genetic algorithm in a dynamic mode, the test engine randomly generates initial parameters par_a, par_b, par_c, par_d and par_e, executes a round of test packet sending process, returns the tested program to the actual path, and calls the genetic algorithm component to calculate the fitness value according to the actual path return value and stores the fitness value in the database terminal. The test engine continues to call the genetic algorithm component, generates the next generation population (i.e. parameters) through roulette selection method and cross mutation, and repeatedly executes the previous flow, and iterates the steps until the optimal path is generated.
And iterating according to the method, setting the crossover rate to be 0.8 and the mutation rate to be 0.08, and respectively setting different optimal path targets for three experiments. The experimental results are as follows: setting an optimal path as S-A-C-E-F-J, and iterating 22 times by a test platform to generate an optimal parameter combination; setting an optimal path as S-A-B-D-F-J, and iterating 39 times by a test platform to generate an optimal parameter combination; setting the optimal path as S-G-H-I-J, and iterating 19 times by the test platform to generate parameter combinations. The method can be applied to FTP protocol command combination to generate command set combination by the same method so as to achieve the test effect of covering the longest path or deeper code.
In summary, the fuzzy test platform based on the genetic algorithm designed by the technical scheme applies the genetic algorithm to the generation of test cases in the fuzzy test platform, expands a variation function interface of a test script based on the existing test platform framework, supports the generation of a test case library by using the genetic algorithm, upgrades a data receiving module of a test engine, supports the coding of returned data, participates in the calculation of an fitness function in the genetic algorithm, realizes the evaluation of the test cases, and achieves the aim of screening optimal test cases; the redundancy of the test cases can be reduced, and the efficiency and coverage of fuzzy test are improved, so that the vulnerability mining capability of the test platform is improved.
The embodiments of the present invention have been described in detail with reference to the drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the spirit of the present invention.
Claims (6)
1. A fuzzy test platform based on genetic algorithm is used for testing industrial control equipment, and is characterized in that: the system comprises a fuzzy test platform, a genetic algorithm use interface defined based on a test script language, a processing interface between a test engine and the genetic algorithm, and an iteration component of the genetic algorithm;
based on a fuzzy test platform, in the process of analyzing test cases in a test script by a test engine and testing industrial control equipment, according to the analyzed genetic algorithm using interface, calling the genetic algorithm according to a processing interface between the test engine and the genetic algorithm, and carrying out iteration by combining an iteration component of the genetic algorithm, aiming at the test cases, obtaining optimal test cases, and completing fuzzy test on the industrial control equipment;
the iteration aiming at the test cases comprises a static call genetic algorithm and a dynamic call genetic algorithm, wherein in the static call genetic algorithm, the test cases are stored in a genetic algorithm population, a test engine calls the genetic algorithm, and in combination with an iteration component of the genetic algorithm, the test engine accesses an interface of the genetic algorithm population, the iteration is carried out aiming at the test cases, the optimal test cases are obtained, and then the fuzzy test on the industrial control equipment is completed;
in the dynamic call genetic algorithm, a test engine accesses a genetic algorithm database interface according to the test engine, obtains a current iteration population corresponding to each test case in the genetic algorithm database, sends each test case to industrial control equipment for testing, receives each test result and stores the test result in the genetic algorithm database, after all the test cases corresponding to the current iteration population finish testing, the test engine calls the genetic algorithm aiming at the current iteration population and each test result, and iterates aiming at the current iteration population by combining with an iteration component of the genetic algorithm to obtain a next iteration population, and repeats the process until a population set corresponding to the optimal test case is obtained.
2. The fuzzy test platform based on the genetic algorithm of claim 1, wherein: the processing interface between the test engine and the genetic algorithm comprises an interface for the test engine to access the genetic algorithm population, an interface for the test engine to access the genetic algorithm database, and a calculation module for the test engine to receive the data packet from the test script and to perform the fitness function value of the genetic algorithm.
3. The fuzzy test platform based on the genetic algorithm of claim 1, wherein: in the dynamic call genetic algorithm, a test engine sends each test case to industrial control equipment for testing, and in the process of receiving each test result and storing the test result in a genetic algorithm database, the return path information of the industrial control equipment is obtained through pile insertion in a test program of the industrial control equipment.
4. The fuzzy test platform based on the genetic algorithm of claim 1, wherein: the genetic algorithm defined based on the test script language uses an interface and comprises a name definition and a parameter definition, wherein the parameter definition comprises an initial population selection range definition, an fitness function pointer definition, a population individual chromosome length, a crossing rate and a mutation rate definition.
5. The fuzzy test platform based on the genetic algorithm of claim 1, wherein: the iterative components of the genetic algorithm comprise population initialization, preset type fitness functions, roulette selection methods and cross mutation operators.
6. The fuzzy test platform based on the genetic algorithm of claim 5, wherein: the preset type fitness function comprises a linear fitness function or a fitness function based on a Hamming distance.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910915407.XA CN110647752B (en) | 2019-09-26 | 2019-09-26 | Fuzzy test platform based on genetic algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910915407.XA CN110647752B (en) | 2019-09-26 | 2019-09-26 | Fuzzy test platform based on genetic algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110647752A CN110647752A (en) | 2020-01-03 |
| CN110647752B true CN110647752B (en) | 2023-05-16 |
Family
ID=69011280
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910915407.XA Active CN110647752B (en) | 2019-09-26 | 2019-09-26 | Fuzzy test platform based on genetic algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110647752B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111221741B (en) * | 2020-01-17 | 2023-10-10 | 北京工业大学 | Method for automatically generating abnormal unit test based on genetic algorithm and log analysis |
| CN111428238B (en) * | 2020-03-17 | 2023-11-07 | 成都国信安信息产业基地有限公司 | Android component-based service rejection testing method, detection terminal and medium |
| CN112487493A (en) * | 2020-11-25 | 2021-03-12 | 电子科技大学 | Safety strategy scheduling optimization method based on genetic algorithm |
| CN113268432B (en) * | 2021-06-24 | 2023-09-01 | 广东电网有限责任公司计量中心 | Electric energy meter driver testing method and system based on evolutionary algorithm |
| CN113872985B (en) * | 2021-10-14 | 2023-07-18 | 重庆邮电大学 | Fuzzy test method, terminal and computer equipment for vehicle-mounted CAN bus |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101859274B (en) * | 2009-04-07 | 2013-06-05 | 西门子(中国)有限公司 | Method and system for fuzz testing |
| CN105721255A (en) * | 2016-04-14 | 2016-06-29 | 北京工业大学 | Industrial control protocol vulnerability mining system based on fuzzy test |
| CN106445821A (en) * | 2016-09-23 | 2017-02-22 | 郑州云海信息技术有限公司 | Method for automatically generating test case based on genetic algorithm |
-
2019
- 2019-09-26 CN CN201910915407.XA patent/CN110647752B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110647752A (en) | 2020-01-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110647752B (en) | Fuzzy test platform based on genetic algorithm | |
| CN110505241B (en) | Network attack plane detection method and system | |
| Münkemüller et al. | From diversity indices to community assembly processes: a test with simulated data | |
| CN102880546B (en) | Software integration testing method and system based on extensible markup language (XML) database | |
| CN108647520A (en) | A kind of intelligent fuzzy test method and system based on fragile inquiry learning | |
| CN109118353B (en) | Data processing method and device of wind control model | |
| McCaffrey | An empirical study of pairwise test set generation using a genetic algorithm | |
| Gupta et al. | Using genetic algorithm for unit testing of object oriented software | |
| Berndt et al. | Investigating the performance of genetic algorithm-based software test case generation | |
| McCaffrey | Generation of pairwise test sets using a genetic algorithm | |
| CN115114166A (en) | Ether house intelligent contract security testing method | |
| CN112769840A (en) | Network attack behavior identification method based on reinforcement learning Dyna framework | |
| CN115185818A (en) | Program dependence cluster detection method based on binary set | |
| Holm | Lore a red team emulation tool | |
| CN107871055A (en) | A kind of data analysing method and device | |
| Wang et al. | A model-based behavioral fuzzing approach for network service | |
| CN112422540B (en) | Dynamic transformation method for executive body in mimicry WAF | |
| CN114511330A (en) | Improved CNN-RF-based Ethernet workshop Pompe deception office detection method and system | |
| Bouchekir et al. | Learning-based symbolic assume-guarantee reasoning for Markov decision process by using interval Markov process | |
| CN110708344B (en) | Vulnerability detection method and system based on fuzzy technology | |
| CN114201199A (en) | Protection upgrading method based on big data of information security and information security system | |
| CN1753542A (en) | Testing equipment of short message interface | |
| CN110995747A (en) | Distributed storage security analysis method | |
| CN114968750A (en) | Test case generation method, device, equipment and medium based on artificial intelligence | |
| Bai et al. | DSS: discrepancy-aware seed selection method for ICS protocol fuzzing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |