CN113722230B - Integrated evaluation method and device for vulnerability mining capability of fuzzy test tool - Google Patents
Integrated evaluation method and device for vulnerability mining capability of fuzzy test tool Download PDFInfo
- Publication number
- CN113722230B CN113722230B CN202111044429.7A CN202111044429A CN113722230B CN 113722230 B CN113722230 B CN 113722230B CN 202111044429 A CN202111044429 A CN 202111044429A CN 113722230 B CN113722230 B CN 113722230B
- Authority
- CN
- China
- Prior art keywords
- data
- interval
- value
- fuzzy test
- test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3696—Methods or tools to render software testable
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Biomedical Technology (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Artificial Intelligence (AREA)
- Biophysics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Complex Calculations (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses an integrated evaluation method and device for vulnerability discovery capability of a fuzzy test tool, comprising the following steps: cross pairing n fuzzy test tools with m test program sets, and grabbing reference data and target values; taking the target value as supervision data, and training by utilizing reference data to obtain an evaluation model; and after the fuzzy test tool to be tested is cross-paired with the p test program sets, corresponding reference data are input into an evaluation model, and an evaluation report is generated. The invention can perform forward self-growth, solves the problems of strong subjectivity, poor scientificity, limited application range and the like of a plurality of evaluation methods in the field of fuzzy test, and provides guidance and constructive opinions in the aspect of improving the vulnerability mining capability of a fuzzy test tool.
Description
Technical Field
The invention belongs to the field of computer security, and particularly relates to an integrated evaluation method and device for vulnerability mining capability of a fuzzy test tool.
Background
In recent years, in the field of vulnerability discovery, fuzzy test tools have evolved rapidly. Fuzzy testing performs better than other vulnerability discovery tools, such as SMT solvers, symbolic execution, static analysis. The basic methodology of fuzzy testing is simpler than other methods: and (3) circularly and randomly generating program input end data, continuously transmitting the program input end data to an input interface of a target test program, and mining potential vulnerabilities through the running performance and results of the tested program. For example, AFL is a fuzzy test tool developed by google in the united states. AFL and symbolic execution are applied to the same tested program set, including base64, md5sum, uniq, who, sqlite3, libtiff. Eventually, the AFL found 76% more than the average number of holes found by symbolic execution within twenty-four hours.
With significant success in evaluating and detecting important security vulnerabilities of software, not only are development and research of academic-set fuzzy test tools underway, but also fuzzy tests are widely deployed in industrial-set software development tests. The simple idea has remarkable effect, and extremely high theoretical to practical realizability are all important reasons for the appearance of research achievements like spring bamboo shoots after raining in academia and industry. In recent years, researchers have generated great interest and have put great effort in fuzzy test algorithms, fuzzy test strategies, fuzzy test tool optimization and fuzzy test tool development.
However, the fuzzy test is a problem caused by the nature of a random process, and along with the vigorous development of the fuzzy test field, the fuzzy test is provided for a plurality of researchers, but the problem is still to be solved. The fuzzy test is essentially used as a random process, and the algorithm theory system, the test framework and the test decision mechanism of different fuzzy test tools are greatly different, so that objective and effective comparison and evaluation of the fuzzy test tools becomes a difficult problem. The current situation in the field of fuzzy test evaluation just verifies this: in the aspect of fuzzy test, different scientific researchers have different claims, so how to judge the quality when comparing tools becomes a great difficulty. Many researchers are gradually aware of the problem, and try to propose a plurality of different evaluation systems and methods, but various defects cannot be widely accepted and used by the industry, for example, chinese patent application CN112749097a discloses a performance evaluation method and device of a fuzzy test tool, the performance index is not comprehensive, the weight selection method is unknown, and the accuracy of comprehensive reading of the performance index and weight selection is two important criteria affecting accurate reading of the score, and the method is significantly optimized in two aspects including but not limited to.
Disclosure of Invention
In order to solve the problems, the invention aims to provide an integrated evaluation method and device for the vulnerability mining capability of a fuzzy test tool, which have the characteristics of strong science objectivity, wide application range and high self-adaptation capability, and are aimed at providing a comprehensive and scientific evaluation report for developers and users of the fuzzy test tool.
In order to achieve the above object, the following technical scheme is invented:
an integrated evaluation method for vulnerability discovery capability of a fuzzy test tool comprises the following steps:
1) Cross pairing n fuzzy test tools with m test program sets, and grabbing reference data and target values;
2) Taking the target value as supervision data, and training by utilizing reference data to obtain an evaluation model;
3) And after the fuzzy test tool to be tested is cross-paired with the p test program sets, corresponding reference data are input into an evaluation model, and an evaluation report is generated.
Further, the ambiguity test tool includes: one or more of OSS-FUZZ, honggfuzz, syzkaller, awesome tapering, raccoon, AFL, AFLplusplus, memlock, triforceAFL, vuzzer, MOPT-AFL, collAFL, hypothesis, clusterfuzz, afl.rs, paramspider, fuzzit, peach Fuzzer, dharma, and Uafuzz; the test program set includes: magma, LAVA, LAVA-M, CGC and FTS.
Further, the reference data includes: rigid structural values and ductile architecture values.
Further, the rigid structure values include: block coverage, edge coverage, trigger crash number, unique crash number, vulnerability arrival rate, vulnerability triggering rate, vulnerability detection rate, trigger crash number, vulnerability mining accuracy rate and crash input generation rate.
Further, the toughness architecture value includes: code processing method depth, initial set fitness, lime black attributes, deployment consumption, convenience, stability, truth integrity, deduplication mechanism quality, structural analysis quality, and operation monitoring quality.
Further, the target value includes: vulnerability discovery rate.
Further, the reference data is preprocessed between training with the reference data:
1) Classifying the reference data according to the type of the data;
2) Clustering the toughness architecture values to obtain corresponding hierarchical toughness architecture values of the toughness architecture values;
normalizing the rigid structure value, and filtering the characteristic value of the normalized data by utilizing a trusted interval to obtain a normalized rigid structure value;
3) And generating the preprocessed reference data based on the hierarchical toughness architecture value and the normalized rigid structure value.
Further, the evaluation model includes: classification model and regression model, wherein the classified toughness architecture value is sent to the classification model and the normalized rigid structure value is sent to the regression model.
Further, feedback learning is performed according to the evaluation report by:
1) Taking the reference data during training as an original data set, taking the reference data during testing as a new data set, and utilizing a trusted interval to check a normal distribution table to respectively obtain a data interval [ min, max ] of the original data set and a data interval [ min ', max' ] of the new data set;
2) Judging the coincidence rate of the data interval [ min ', max' ] and the data interval [ min, max ]: if the coincidence rate is greater than the standard fuzzy test credibility x), entering the step 4), and if the coincidence rate is less than the standard fuzzy test credibility, entering the step 3);
3) Based on the standard deviation sigma' of the new data set and the standard deviation interval sigma of the original data set, judging: if the standard deviation sigma' does not fall within the standard deviation interval sigma, discarding the new data set; if the standard deviation sigma' falls within the standard deviation interval sigma, entering a step 4);
4) Integrating the new data set and the original data to obtain an updated data set, and judging: if the data of the new data set with the reliability x% greater than the standard fuzzy test falls in the standard fuzzy test interval of the updated data set, entering the step 5); otherwise, enter step 6);
5) The value of the reliability x of the fuzzy test is improved, and a new standard fuzzy test interval is obtained according to the improved value;
6) If the standard fuzzy test interval of the updated data set is the interval uniform deviation of the corresponding standard data set of the original data, taking [ min (mu, mu ') -min (sigma, sigma ') y, max (mu, mu ')+min (sigma, sigma ') y ] as a new standard fuzzy test interval, wherein mu is the average value of the grandchild set of the original data, and mu ' is the average value of the grandchild set of the new data set.
Further, the evaluation report includes: test data, toughness assessment, rigidity assessment, comprehensive assessment and improvement opinion.
A storage medium having a computer program stored therein, wherein the computer program is arranged to perform the above method when run.
An electronic device comprising a memory and a processor, wherein the memory stores a program for performing the above-described method.
Compared with the prior art, the method introduces the technology of deep learning and neural network learning in artificial intelligence, and solves the problems of strong subjectivity, poor scientificity, limited application range and the like in a plurality of evaluation methods in the field of fuzzy test. The invention can not only comprehensively and scientifically carry out qualitative and quantitative evaluation on the tested program, but also carry out forward self-growth under the guidance of a statistical theory in each evaluation process of the tested tool, and the whole evaluation system is always in progress as long as new to-be-tested tools are continuously fed. The invention can be developed and applied to more emerging fuzzy test tools for researchers who perform novel fuzzy test tools and provide guidance and constructive opinions for improving the vulnerability mining capability of the fuzzy test tools.
Drawings
Fig. 1 is a flowchart of an integrated evaluation method of the fuzzy test tool according to the present embodiment.
Fig. 2 is a schematic diagram of the structure of the integrated method for evaluating the comprehensive index according to the embodiment.
Fig. 3 is a structural diagram of evaluation report output in the present embodiment.
Fig. 4 is a flowchart of the implementation of the standard fuzzy tree correction module in this embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clear, the present invention will be further described in detail by means of specific examples and accompanying drawings. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The integrated evaluation method of the present invention, as shown in fig. 1, includes: cross-pairing the twenty selected fuzzy test tools with the five test program sets; the program to be tested and the four test program sets are cross-paired to capture data in x days, y hours is taken as an observation period, and data are comprehensively recorded; processing each index data by a standard fuzzy tree correction module; inputting the processed standard data set into a convolutional neural network, and training the model in a supervised learning mode; after training, inputting a data set of a program to be tested into a neural network model to obtain an evaluation report; and warehousing the tested fuzzy test tool and data thereof, and performing feedback learning of the integrated evaluation method with the help of a standard fuzzy tree feedback module. The method comprises the following specific steps:
1. acquiring raw data
Cross-pairing the twenty selected fuzzy test tools with the five test program sets; and (3) carrying out cross pairing on the program to be tested and four test program sets to capture data in x days, and comprehensively recording the original data by taking y hours as an observation period.
For example, x days of data capture, y hours is a period, and n groups of raw data are captured, where n=24×x+.y. Twenty fuzzy test standard toolsets include OSS-FUZZ, hongfuzz, syzkaler, awesome Fuzzing, raccoon, AFL, AFLplusplus, memlock, tricafl, vuzzzer, MOPT-AFL, collful, hypothesis, clusterizz, AFL. Rs, paramspide, fuzzit, peach Fuzzer, dharma, uafuzz. The selection criteria of the twenty kinds of fuzzy test tools are that one to two representative fuzzy test tools are selected from new fuzzy test tools in 2007 to 2021 every year, specifically, the representative strong needs to meet the requirements of algorithm representative strong, test mode representative strong and decision mechanism representative strong. Five fuzzy test standard packages, magma, LAVA-M, CGC and FTS, were the first five test targets for all researchers to develop the usage of the new fuzzy test tool.
The data that was fully grabbed includes the following three, as shown in fig. 2:
a) A rigid structural value; block coverage rate, edge coverage rate, triggering collapse number, specific collapse number, vulnerability arrival rate, vulnerability triggering rate, vulnerability detection rate, triggering collapse number, vulnerability mining accuracy rate, and collapse input generation rate, ten in total;
b) Toughness architecture value: the code processing method has the advantages of depth, initial set adaptability, lime-black attribute, deployment consumption, convenience, stability, truth value integrity, de-duplication mechanism quality, structural analysis method quality and operation monitoring quality, wherein ten values are adopted;
c) Target value: vulnerability discovery rate, one altogether.
The method specifically comprises the following steps:
1a) The evaluation system is based on the performance data tested by a plurality of fuzzy test tools as index data, and changes the vulnerability mining rate to lb as evaluation data.
1b) Data are obtained. The twenty kinds of fuzzy test tools and the five kinds of test program sets are in cross pairing, the program to be tested and the four kinds of test program sets are in cross pairing at the same time, x days of data grabbing is carried out on all pairing combinations, y hours is an observation period, and data are comprehensively recorded. Specifically, in this experimental part x=10 and y=8, 10×24++8=30 sets of raw data can be obtained.
2. Processing each original data through a standard fuzzy tree correction module
For training data, the filtering process of the standard fuzzy tree correction module comprises the following steps:
2a respectively extracting reference data and target values according to a set rule, wherein the reference data comprises: a rigid structural value and a ductile architecture value;
2b) Judging the data type, and if the data type is the toughness architecture value, clustering and grading the toughness architecture value to obtain a graded toughness architecture value; if the normalized value is the rigid structure value, carrying out normalization processing, and filtering a standard fuzzy credible interval after utilizing the characteristic value of the normalized data to obtain the normalized rigid structure value; when the standard fuzzy credible interval is filtered, the default initial credibility is 60%, so that 20% -80% of data in the middle are taken as effective data, and if the data are not operated for the first time, the credibility is based on the current value. A composite score of 0-100, defining an initial hard index score as a target index D t ×100,D t Is a target value;
2c) The { training standard data set } = { hierarchical toughness architecture value } -normalized rigid structure value } -objective value }.
The standard fuzziness test credibility and credibility interval in the step 2 b) are defined as follows:
let the integrated n fuzzy test tools F 1 ,F 2 ,......,F n And integrated m standard tested program sets P 1 ,P 2 ,......,P m Standard test subset composed one by one
Wherein the method comprises the steps of
M×n subsets in total.Since F, P pairing ambiguity test process is continually cycled back and forth, subset S ij A plurality of Sun Ji are arranged, and the upper limit of the number of grandchild sets is Max Gs . After the fuzzy test set is normalized normally, grand set data approximately accords with normal distribution X-N (mu, sigma), mu is an arithmetic mean, sigma is a standard deviation, and N is a normal distribution algorithm. The reliability of the current standard fuzzy test is set to be x%, and the reliable interval is +.>
The data of (a) and (b) are searched to obtain a corresponding data interval (mu-d, mu+d), wherein d is the distance between the two ends of the normal interval and the arithmetic mean.
And for the test data, only the reference data is extracted, and the reference data is preprocessed, so that { test standard data set } = { hierarchical toughness architecture value } normalized rigid structure value }.
3. And inputting the preprocessed reference data into a convolutional neural network, and performing training in a supervised learning mode by taking the target value as the supervision data.
The structure of the convolutional neural network mainly comprises:
classification model: the hierarchical toughness architecture value enters a classification model, and four types of classification T0, T1, T2 and T3 from high to low are output; regression model: the normalized rigid structure value enters a regression model, and a score S is output, wherein S is more than or equal to 0 and less than or equal to 1;
output layer: based on the outputs of the classification model and the regression model, the total score is output.
In the training process, different parts of the processed standard data set are used as training groups to be input into two different convolutional neural networks, and the model is trained in a supervised learning mode, which is specifically described as follows:
3a) The hierarchical toughness architecture value is used as a classification training set and is input into a classification model;
3b) The normalized rigid structure value is used as a regression training set and is input into a regression model;
3c) And monitoring the total score of the output layer by the target value, and training the convolutional network.
4. After training, the test standard data set of the program to be tested is input into the neural network model to obtain an evaluation report.
Inputting a test standard data set of a program to be tested into a neural network model, wherein the test standard data set is specifically described as follows:
4a) The classified toughness architecture values are input into a classification model, and the classification model outputs the grades of the toughness architecture values and goes to 4c;
4b) The normalized rigid structure value is input into a regression model, the regression model outputs comprehensive scores, and the process goes to 4 c);
4c) Generating an assessment report, as shown in FIG. 3, the assessment report will contain the following aspects:
raw data;
evaluating toughness;
evaluating rigidity;
the comprehensive evaluation, wherein the percentage ranking of the current tested fuzzy test tool in the historical tested tool is output as the main content of the comprehensive evaluation, and the main content comprises soft index ranking, hard index ranking and comprehensive ranking;
the improvement opinion, the current fuzzy test tool under test, in which the set of all the indexes below the average rating value in the historical tool under test, will be presented as the main content in this content as the part to be improved.
5. And warehousing the tested fuzzy test tool and data thereof, and performing feedback learning of the integrated evaluation method under the guidance of the standard fuzzy tree correction module.
The feedback training assisted by the standard fuzzy tree feedback module of the invention, as shown in fig. 4, mainly comprises the following steps:
5a) A data interval is generated. Based on the trusted interval checking normal distribution table, respectively generating a new data set data interval [ min ', max' ] and a standard test set data interval [ min, max ] generated by the tested program;
5b) And judging the credibility of the data generated by the tested program. Judging the coincidence rate of the new data set data interval [ min ', max' ] and the standard test set data interval [ min, max ] after the current fuzzy test is finished, if the coincidence rate is larger than the standard fuzzy test credibility x%, entering the step 5 d), and if the coincidence rate is smaller than the standard fuzzy test credibility, entering the step 5 c);
5c) Calculating standard deviation sigma of new data set new If sigma new Standard deviation sigma greater than standard test set standard Ending the feedback, i.e. directly ending the feedback upgrading process, discarding the new data set, if sigma new Less than sigma standard Step 5 d) is entered;
5d) Integrating the new data set and the standard data set into an updated data set, if the data of the new data set with the reliability x% greater than the standard fuzzy test falls in the standard fuzzy test interval of the updated data set, entering the step 5 e), and if the data of the new data set is not greater than the standard fuzzy test interval, entering the step 5 f);
5e) The reliability x of the standard fuzzy test is improved to be continuously improved to x', so that the number of the data grandchild sets is Max Gs And stopping the test, wherein the reliability of the standard fuzzy test is updated to x', and the corresponding standard fuzzy test interval is updated accordingly.
5f) If the standard fuzzy test interval of the updated data set is the interval uniform deviation of the standard data set, taking [ min (mu, mu ') -min (sigma, sigma') y, max (mu, mu ')+min (sigma, sigma') y ] as a new standard fuzzy test interval, taking x '% calculated by a normal distribution correspondence table as new standard fuzzy test credibility (mu and sigma are the average value and standard deviation of the grand set of original standard data, mu' and sigma 'are the average value and standard deviation of the new data set, and [ mu-sigma y, mu+sigma' y ] is the original standard fuzzy test interval).
It is to be understood that the integrated initial fuzzy test tool and the tested program set in the present invention can be transformed according to actual requirements, the data capturing time and period can also be adjusted according to different modulation and integer values of the test tool and the tested object, and the selection and scoring of the rigid structure data and the toughness architecture data can be adjusted according to more refined requirements, so the above embodiments are only used for illustrating the technical scheme of the present invention and not limiting the same, and those skilled in the art can modify or substitute the technical scheme of the present invention without departing from the spirit and scope of the present invention, and the protection scope of the present invention shall be defined by the claims.
Claims (6)
1. An integrated evaluation method for vulnerability discovery capability of a fuzzy test tool comprises the following steps:
1) The method comprises the steps of cross pairing n fuzzy test tools with m test program sets, performing x-day data grabbing, and taking y hours as an observation period to obtain a plurality of groups of original data;
2) Extracting reference data and target values for a plurality of groups of original data; wherein the reference data comprises: a rigid structural value and a ductile architecture value, the rigid structural value comprising: block coverage rate, edge coverage rate, trigger crash number, specific crash number, vulnerability arrival rate, vulnerability triggering rate, vulnerability detection rate, vulnerability mining accuracy rate and crash input generation rate, wherein the toughness architecture value comprises: code processing method depth, initial set fitness, lime black attributes, deployment consumption, convenience, stability, truth integrity, deduplication mechanism quality, structural analysis quality, and operation monitoring quality, the target values comprising: vulnerability discovery rate;
3) Preprocessing reference data; wherein, the preprocessing the reference data comprises:
classifying the reference data according to the type of the data;
clustering the toughness architecture values to obtain corresponding hierarchical toughness architecture values of the toughness architecture values;
normalizing the rigid structure value, and filtering the characteristic value of the normalized data by utilizing a trusted interval to obtain a normalized rigid structure value;
generating preprocessed reference data based on the hierarchical toughness architecture value and the normalized rigid structure value;
4) Taking the target value as supervision data, and training by utilizing reference data to obtain an evaluation model; wherein the evaluation model comprises: the classification model and the regression model send the classified toughness architecture value into the classification model and send the normalized rigid structure value into the regression model;
5) And after the fuzzy test tool to be tested is cross-paired with the p test program sets, corresponding reference data are input into an evaluation model, and an evaluation report is generated.
2. The method of claim 1, wherein the ambiguity test tool comprises: one or more of OSS-FUZZ, honggfuzz, syzkaller, awesome tapering, raccoon, AFL, AFLplusplus, memlock, triforceAFL, vuzzer, MOPT-AFL, collAFL, hypothesis, clusterfuzz, afl.rs, paramspider, fuzzit, peach Fuzzer, dharma, and Uafuzz; the test program set includes: magma, LAVA, LAVA-M, CGC and FTS.
3. The method of claim 1, wherein feedback learning is performed based on the assessment report by:
1) Taking the reference data during training as an original data set, taking the reference data during testing as a new data set, and utilizing a trusted interval to check a normal distribution table to respectively obtain a data interval [ min, max ] of the original data set and a data interval [ min ', max' ] of the new data set;
2) Judging the coincidence rate of the data interval [ min ', max' ] and the data interval [ min, max ]: if the coincidence rate is greater than the standard fuzzy test credibility x), entering the step 4), and if the coincidence rate is less than the standard fuzzy test credibility, entering the step 3);
3) Based on the standard deviation sigma' of the new data set and the standard deviation interval sigma of the original data set, judging: if the standard deviation sigma' does not fall within the standard deviation interval sigma, discarding the new data set; if the standard deviation sigma' falls within the standard deviation interval sigma, entering a step 4);
4) Integrating the new data set and the original data to obtain an updated data set, and judging: if the data of the new data set with the reliability x% greater than the standard fuzzy test falls in the standard fuzzy test interval of the updated data set, entering the step 5); otherwise, enter step 6);
5) The value of the reliability x of the fuzzy test is improved, and a new standard fuzzy test interval is obtained according to the improved value;
6) If the standard fuzzy test interval of the updated data set is the interval uniform deviation of the corresponding standard data set of the original data, taking [ min (mu, mu ') -min (sigma, sigma ') y, max (mu, mu ')+min (sigma, sigma ') y ] as a new standard fuzzy test interval, wherein mu is the average value of the grandchild set of the original data, and mu ' is the average value of the grandchild set of the new data set.
4. The method of claim 1, wherein the assessment report comprises: test data, toughness assessment, rigidity assessment, comprehensive assessment and improvement opinion.
5. A computer readable storage medium having a computer program stored therein, wherein the computer program is arranged to perform the method of any of claims 1-4 when run.
6. An electronic device comprising a memory, in which a computer program is stored, and a processor arranged to run the computer program to perform the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111044429.7A CN113722230B (en) | 2021-09-07 | 2021-09-07 | Integrated evaluation method and device for vulnerability mining capability of fuzzy test tool |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111044429.7A CN113722230B (en) | 2021-09-07 | 2021-09-07 | Integrated evaluation method and device for vulnerability mining capability of fuzzy test tool |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113722230A CN113722230A (en) | 2021-11-30 |
| CN113722230B true CN113722230B (en) | 2023-06-16 |
Family
ID=78682236
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111044429.7A Active CN113722230B (en) | 2021-09-07 | 2021-09-07 | Integrated evaluation method and device for vulnerability mining capability of fuzzy test tool |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113722230B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115695269B (en) * | 2022-10-31 | 2023-10-27 | 中物院成都科学技术发展中心 | Comprehensive quantitative evaluation method for performance of fuzzy test tool |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667912A (en) * | 2018-04-23 | 2018-10-16 | 中国人民解放军战略支援部队信息工程大学 | A kind of cloud resource distribution method and device |
| CN110197282A (en) * | 2019-06-10 | 2019-09-03 | 电子科技大学 | A kind of threat estimating and method for situation assessment based on Genetic-fuzzy logic tree |
| CN111008126A (en) * | 2019-11-13 | 2020-04-14 | 浙江大学 | Fuzzy test variation scheduling method and system based on particle swarm optimization |
| CN111966604A (en) * | 2020-09-07 | 2020-11-20 | 江苏君英天达人工智能研究院有限公司 | Fuzzy industrial control protocol vulnerability mining system |
| US10949338B1 (en) * | 2019-02-07 | 2021-03-16 | Architecture Technology Corporation | Automated software bug discovery and assessment |
| CN112527674A (en) * | 2020-12-22 | 2021-03-19 | 苏州三六零智能安全科技有限公司 | Safety evaluation method, device, equipment and storage medium of AI (Artificial Intelligence) framework |
| CN112749097A (en) * | 2021-01-26 | 2021-05-04 | 杭州木链物联网科技有限公司 | Performance evaluation method and device for fuzzy test tool |
-
2021
- 2021-09-07 CN CN202111044429.7A patent/CN113722230B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667912A (en) * | 2018-04-23 | 2018-10-16 | 中国人民解放军战略支援部队信息工程大学 | A kind of cloud resource distribution method and device |
| US10949338B1 (en) * | 2019-02-07 | 2021-03-16 | Architecture Technology Corporation | Automated software bug discovery and assessment |
| CN110197282A (en) * | 2019-06-10 | 2019-09-03 | 电子科技大学 | A kind of threat estimating and method for situation assessment based on Genetic-fuzzy logic tree |
| CN111008126A (en) * | 2019-11-13 | 2020-04-14 | 浙江大学 | Fuzzy test variation scheduling method and system based on particle swarm optimization |
| CN111966604A (en) * | 2020-09-07 | 2020-11-20 | 江苏君英天达人工智能研究院有限公司 | Fuzzy industrial control protocol vulnerability mining system |
| CN112527674A (en) * | 2020-12-22 | 2021-03-19 | 苏州三六零智能安全科技有限公司 | Safety evaluation method, device, equipment and storage medium of AI (Artificial Intelligence) framework |
| CN112749097A (en) * | 2021-01-26 | 2021-05-04 | 杭州木链物联网科技有限公司 | Performance evaluation method and device for fuzzy test tool |
Non-Patent Citations (6)
| Title |
|---|
| Evaluating Fuzz Testing;George Klees等;Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security;第2123–2138页 * |
| FUZZOLIC: Mixing fuzzing and concolic execution;Luca Borzacchiello等;Computers & Security;第108卷;第1-26页 * |
| RapidFuzz: Accelerating fuzzing via Generative Adversarial Networks;Aoshuang Ye等;Neurocomputing;第460卷;第195-204页 * |
| 基于代码属性图及注意力双向LSTM的漏洞挖掘方法;段旭 等;软件学报;第31卷(第11期);第3404-3420页 * |
| 漏洞知识图谱的构建及漏洞态势感知技术研究;王丽敏;中国优秀硕士学位论文全文数据库 信息科技辑(第4期);I139-57 * |
| 自动化的系统网络安全脆弱性主动检测技术研究;王忠儒;中国博士学位论文全文数据库 信息科技辑(第1期);I139-17 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113722230A (en) | 2021-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110213222B (en) | Network intrusion detection method based on machine learning | |
| Dewa et al. | Data mining and intrusion detection systems | |
| CN111666169B (en) | Improved isolated forest algorithm and Gaussian distribution-based combined data anomaly detection method | |
| CN111783442A (en) | Intrusion detection method, device, server and storage medium | |
| CN109918505B (en) | Network security event visualization method based on text processing | |
| CN111047173B (en) | Community credibility evaluation method based on improved D-S evidence theory | |
| CN111639497A (en) | Abnormal behavior discovery method based on big data machine learning | |
| CN105072214A (en) | C&C domain name identification method based on domain name feature | |
| US11533373B2 (en) | Global iterative clustering algorithm to model entities' behaviors and detect anomalies | |
| CN110011976B (en) | Network attack destruction capability quantitative evaluation method and system | |
| CN115643035A (en) | Network security situation assessment method based on multi-source log | |
| CN113779272A (en) | Data processing method, device and equipment based on knowledge graph and storage medium | |
| CN111126820A (en) | Electricity stealing prevention method and system | |
| CN112199670A (en) | Log monitoring method for improving IFOREST (entry face detection sequence) to conduct abnormity detection based on deep learning | |
| CN113722230B (en) | Integrated evaluation method and device for vulnerability mining capability of fuzzy test tool | |
| CN113221960A (en) | Construction method and collection method of high-quality vulnerability data collection model | |
| CN117056834A (en) | Big data analysis method based on decision tree | |
| CN115577357A (en) | Android malicious software detection method based on stacking integration technology | |
| CN117195250A (en) | Data security management method and system | |
| CN116843955A (en) | Microorganism classification and identification method and system based on computer vision | |
| CN116776334A (en) | Office software vulnerability analysis method based on big data | |
| CN110808947A (en) | Automatic vulnerability quantitative evaluation method and system | |
| Ramesh et al. | Automatic classification of vulnerabilities using deep learning and machine learning algorithms | |
| CN115842645A (en) | UMAP-RF-based network attack traffic detection method and device and readable storage medium | |
| CN114969761A (en) | Log anomaly detection method based on LDA theme characteristics |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |