CN116303082B - Seed scheduling and evaluating method for fuzzy test of kernel of operating system - Google Patents

Seed scheduling and evaluating method for fuzzy test of kernel of operating system Download PDF

Info

Publication number
CN116303082B
CN116303082B CN202310351993.6A CN202310351993A CN116303082B CN 116303082 B CN116303082 B CN 116303082B CN 202310351993 A CN202310351993 A CN 202310351993A CN 116303082 B CN116303082 B CN 116303082B
Authority
CN
China
Prior art keywords
seed
node
test
coverage
seeds
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310351993.6A
Other languages
Chinese (zh)
Other versions
CN116303082A (en
Inventor
施鹤远
罗正雄
梁锴
胡超
沈煜恒
施荣华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Central South University
Original Assignee
Central South University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Central South University filed Critical Central South University
Priority to CN202310351993.6A priority Critical patent/CN116303082B/en
Publication of CN116303082A publication Critical patent/CN116303082A/en
Application granted granted Critical
Publication of CN116303082B publication Critical patent/CN116303082B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3676Test management for coverage analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Biomedical Technology (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Health & Medical Sciences (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Debugging And Monitoring (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the disclosure provides a seed scheduling and evaluating method for fuzzy test of an operating system kernel, which belongs to the technical field of data processing and specifically comprises the following steps: reading an initial corpus; randomly selecting seeds in a corpus; generating a test case; executing the test case; judging whether an abnormal state is generated in the execution process of the operating system or not; judging whether the test case has a new coverage condition under the evaluation of the multi-level coverage index in the execution process; judging whether the fuzzy test tool receives a test ending instruction or not; performing cluster analysis on seeds in the input seed pool and constructing the input seed pool into a multi-level tree; modeling a seed scheduling and evaluating process into a multi-arm slot machine model, and improving a seed scheduling and evaluating strategy according to an improved confidence interval upper bound algorithm; the next seed is selected and mutation operation is carried out to generate a test case, and then the process is carried out in a recycling mode. Through the scheme of the present disclosure, the efficiency of the kernel fuzzy test is improved.

Description

Seed scheduling and evaluating method for fuzzy test of kernel of operating system
Technical Field
The embodiment of the disclosure relates to the technical field of data processing, in particular to a seed scheduling and evaluating method for fuzzy test of an operating system kernel.
Background
The operating system is used as system software for managing computer hardware and software resources, the kernel is the kernel of the operating system, directly manages the hardware resources of the computer, provides an interface for a user program, and has extremely high operation authority unlike an upper application program. Once exploited by humans, vulnerabilities in the kernel can have a fatal impact on the security of the operating system and applications. Therefore, the kernel vulnerability discovery and defense mechanism research of the operating system has important research significance.
Fuzzy testing is an automated software testing technique that discovers possible program errors by injecting random data into a target program that is automatically or semi-automatically generated, and detecting program anomalies. As an efficient vulnerability discovery method, fuzzy testing is widely used in the field of operating system kernel security. In the kernel ambiguity test method, the coverage rate guided kernel ambiguity test is one of the current mainstream test methods. The method takes the maximized whole code coverage rate as a test target, evaluates the quality of the generated test cases according to a fitness function, only reserves the test cases with high fitness, puts the test cases into a seed pool for a subsequent fuzzy detection process, monitors the operation of an operating system, captures abnormal states such as system breakdown, system suspension and the like during the execution of the seed by the operating system, and further discovers the defects of the kernel code.
An important attribute of the fitness function is the ability to save intermediate path nodes, and saving some key intermediate path nodes can reduce the exploration vulnerability space and reduce the time to expose kernel vulnerabilities. The current mainstream kernel fuzzy test tool uses single edge coverage as a measure of fitness function, which makes some key path nodes unable to be reserved as new seeds because of being unable to newly increase edge coverage, thus causing the problems of overlarge exploration space, longer kernel leak finding time, low kernel fuzzy test efficiency and the like.
Therefore, there is a need for a seed scheduling and evaluating method for fuzzy test of operating system kernel with high test efficiency.
Disclosure of Invention
In view of this, the embodiments of the present disclosure provide a seed scheduling and evaluating method for fuzzy test of an operating system kernel, which at least partially solves the problem of poor testing efficiency in the prior art.
The embodiment of the disclosure provides a seed scheduling and evaluating method for fuzzy test of an operating system kernel, which comprises the following steps:
step 1, reading an initial corpus by using a fuzzy test tool;
step 2, randomly selecting seeds in the corpus by using a fuzzy test tool and adding the seeds into an input seed pool;
step 3, selecting seeds in the seed pool by using a testing tool and executing mutation operation on the seeds to generate a test case;
step 4, the operating system executes the test case and collects the kernel position covered by the test case;
step 5, judging whether the operating system generates an abnormal state in the execution process, if so, executing step 6, and if not, executing step 7;
step 6, adding the test cases as new seeds into an output seed pool;
step 7, judging whether the test case has a new coverage condition under the evaluation of the multi-level coverage index in the execution process, if so, executing the step 8, and if not, executing the step 9;
step 8, adding the test cases as new seeds into an input seed pool;
step 9, discarding the test case;
step 10, judging whether the fuzzy test tool receives a test ending instruction, if so, executing step 11, and if not, executing step 12;
step 11, after receiving a test ending instruction, the fuzzy test tool ends the test and outputs an output seed pool which is maintained and updated in the current test process;
step 12, carrying out cluster analysis on seeds in the input seed pool according to the multi-level coverage rate index and constructing the input seed pool into a multi-level tree;
step 13, modeling a seed scheduling and evaluating process into a multi-arm slot machine model, and improving a seed scheduling and evaluating strategy according to an improved confidence interval upper bound algorithm;
and 14, selecting the next seed according to the improved seed scheduling and evaluation strategy, executing mutation operation to generate a test case, and returning to the step 4 to execute the process in a recycling way.
According to a specific implementation of an embodiment of the present disclosure, the multi-level coverage index includes a function coverage, a code block coverage, and an edge coverage.
According to a specific implementation manner of the embodiment of the present disclosure, the step 7 specifically includes:
step 7.1, defining a coverage space Γ, wherein the coverage space comprises a function set Γ covered by an execution kernel program F Executing the set Γ of code blocks covered by the kernel B Executing edge set Γ covered by kernel E
Step 7.2, defining a single coverage indexWherein->Representing kernel libraries,/->Representing a test case set;
step 7.3, constructing a multi-level coverage index by using the single coverage index CWherein C is n ~<C 1 ,...,C n >;
Step 7.4, inputting the test case I into the kernel program P, and utilizing the multi-level coverage index C n Evaluation is carried out to obtain measurement results<M 1 ,...,M n >The metric result generation process is as follows:
<M 1 ,...,M n >←RunWithInstrument(P,I,C n )
wherein, test casesKernel program->Measurement result M epsilon gamma *
Step 7.5, the measurement result M t ←M 1 ∪...∪M n And saved metrics M * Comparing ifReturning to no new coverage, otherwise, returning to new coverage, and adding the measurement result to M in the saved measurement result * ←M * ∪M t
According to a specific implementation manner of the embodiment of the present disclosure, the step 12 specifically includes:
step 12.1, defining sensitivity of coverage index, giving two coverage index C i ,C j The result of the following two formulas is true, then C is C j C, i.e i Ratio C j The sensitivity is higher;
step 12.2, define input seed pool S m ~<s 1 ,...,s m >;
Step 12.3, for inputting seed pool S m ~<s 1 ,...,s m >Creating a cluster cc of arbitrary seeds of (a) j ={s j -j e {1,. }, m };
step 12.4, utilizing the multi-level coverage index C n ~<C 1 ,...,C n >Coverage for middle layer i e {1,.,. N-1} meansLabel C i For each class of cluster cc j Evaluating to obtain corresponding measurement result<M 1 ,...,M m >If M k =M k+1 Then merge cc k And cc (cc) k+1 K e {1,.,. M-1}, untilUntil that is reached;
step 12.5, then using the coverage index C with layer i+1 i+1 Clustering the clusters that have completed clustering in step 12.4 again using the same method untilUntil that is reached;
step 12.6, utilizing the Multi-level coverage index C n ~<C 1 ,...,C n >Evaluating seeds in the input seed pool to obtain corresponding measurement results<M 1 ,...,M n >Will correspondingly measure the result<M 1 ,...,M n >In combination with the seeds, a multi-level tree is constructed, wherein any node with a level i epsilon { 1.. i Mapped clusters, while child nodes at level i+1 represent the result M according to the metrics i+1 The mapped sub-clusters are associated with seeds at any leaf node at the bottom level.
According to a specific implementation manner of the embodiment of the present disclosure, the step 13 specifically includes:
step 13.1, setting an influence factor corresponding to an improved confidence interval upper bound algorithm;
step 13.2 defining a feature F εΓ of level l l Hit times num_hits [ F]And satisfies the following formula:
where P is the kernel program that is executed,is a set of all test cases generated;
step 13.3, constructing a rarefaction raress [ F ] of the feature F by using the hit times num_hits [ F ] of the feature F, wherein the feature rarefaction generating process is as follows:
step 13.4, defining the feature coverage fcov [ s, l, t ] of the fuzzing test of the seed s of the t-th round, and satisfying the following formula:
wherein,is a test case set generated by fuzzing the seed s of the t-th round, C l Is the coverage index level, l e {1,., n };
step 13.5, calculate the reward SeedReward (s, l, t) for seed s after a round of fuzzy test using the rarefaction [ F ] of feature F, as follows:
step 13.6, calculating a Reward Reward (a) for the cluster by back-propagating the seed Reward to the upper layer scheduled cluster based on the Reward SeedReward (s, l, t) for the seed l T), as follows:
wherein,<a 1 ,...,a n ,a n+1 >is the node sequence selected in the t-th round, a n+1 Is a leaf node, namely a seed, a i I e { 2..n } is the cluster of metric result mappings, i.e., middleAn inter-node;
step 13.7, calculating fuzzy test performance FuzzPerf (a) of the node a based on the improved confidence interval upper bound algorithm, as follows:
FuzzPerf(a)=Q(a)+U(a)
wherein Q (a) is the average value of rewards and rewards obtained by the node a, and U (a) is the radius of the upper confidence interval;
step 13.8, calculating a weighted arithmetic average Q (a, t) of rewards obtained by the node a based on rewards Reward (a, t) obtained by the node a of the t-th round and the previous average rewards, as follows:
wherein N [ a, t ] is the number of times node a is selected when the t-th round is ended, t' is the last round of selecting node a, and w is a weight factor;
step 13.9, calculating an estimated radius of the number of times of selecting the node a, as follows:
wherein node a' is the parent node of node a, Y [ a ] is the number of seeds in the node, NA is the number of times the node is selected, and C is a predefined parameter;
step 13.10, calculating the rarity SeedRareess (s, l) of the seed based on the rarity raress [ F ] of the feature F covered by the seed s as follows:
wherein C is l Is the coverage index level, l e {1,., n };
step 13.11, according to a node a l Rarefaciency (s, l) of seeds in (a), node a is calculated l Rareearth rareess (a) l ) The formula is as follows:
Rareness(a l )=SeedRareness(s,l)
wherein,<a 1 ,...,a n ,a n+1 >is the node sequence selected in the t-th round, a n+1 Is a leaf node, i.e., a seed;
step 13.12, calculating a Score (a) of the node a based on rarefaction raress (a) of the node a and fuzzy test performance FuzzPerf (a) of the node a as follows:
Score(a)=Rareness(a)×FuzzPerf(a)。
according to a specific implementation of the disclosed embodiment, the influencing factors include the rarity of the seed itself, the difficulty and uncertainty of seed mutation in generating new seeds.
The kernel fuzzy test seed scheduling and evaluating scheme of the operating system in the embodiment of the disclosure comprises the following steps: step 1, reading an initial corpus by using a fuzzy test tool; step 2, randomly selecting seeds in the corpus by using a fuzzy test tool and adding the seeds into an input seed pool; step 3, selecting seeds in the seed pool by using a testing tool and executing mutation operation on the seeds to generate a test case; step 4, the operating system executes the test case and collects the kernel position covered by the test case; step 5, judging whether the operating system generates an abnormal state in the execution process, if so, executing step 6, and if not, executing step 7; step 6, adding the test cases as new seeds into an output seed pool; step 7, judging whether the test case has a new coverage condition under the evaluation of the multi-level coverage index in the execution process, if so, executing the step 8, and if not, executing the step 9; step 8, adding the test cases as new seeds into an input seed pool; step 9, discarding the test case; step 10, judging whether the fuzzy test tool receives a test ending instruction, if so, executing step 11, and if not, executing step 12; step 11, after receiving a test ending instruction, the fuzzy test tool ends the test and outputs an output seed pool which is maintained and updated in the current test process; step 12, carrying out cluster analysis on seeds in the input seed pool according to the multi-level coverage rate index and constructing the input seed pool into a multi-level tree; step 13, modeling a seed scheduling and evaluating process into a multi-arm slot machine model, and improving a seed scheduling and evaluating strategy according to an improved confidence interval upper bound algorithm; and 14, selecting the next seed according to the improved seed scheduling and evaluation strategy, executing mutation operation to generate a test case, and returning to the step 4 to execute the process in a recycling way.
The beneficial effects of the embodiment of the disclosure are that: according to the scheme, a new coverage rate measurement design, namely a multi-level coverage rate index, is introduced, seeds with the same coverage rate in an input seed pool are grouped into the same cluster according to the index, so that seed cluster analysis is completed, and a multi-level tree is constructed; then, seed scheduling and evaluation processes are carried out from the root node of the tree, seeds are evaluated by adopting an improved confidence interval upper bound algorithm, the priority of the seeds which are not scheduled and the seeds which can trigger rare paths is improved, the number of the seeds which can trigger kernel holes is increased, and the time for exposing holes on the rare paths is reduced, so that the probability of finding kernel defects is improved, the efficiency of kernel fuzzy test is remarkably improved, and the problems of overlong kernel hole detection time, low kernel detection efficiency and the like caused by improper coverage rate index selection in the prior art are solved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
FIG. 1 is a flow chart of a method for scheduling and evaluating fuzzy test seeds in an operating system kernel according to an embodiment of the disclosure;
fig. 2 is a schematic diagram of a kernel ambiguity test flow based on a single-level coverage index according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram of a multi-level coverage index according to an embodiment of the disclosure.
Detailed Description
Embodiments of the present disclosure are described in detail below with reference to the accompanying drawings.
Other advantages and effects of the present disclosure will become readily apparent to those skilled in the art from the following disclosure, which describes embodiments of the present disclosure by way of specific examples. It will be apparent that the described embodiments are merely some, but not all embodiments of the present disclosure. The disclosure may be embodied or practiced in other different specific embodiments, and details within the subject specification may be modified or changed from various points of view and applications without departing from the spirit of the disclosure. It should be noted that the following embodiments and features in the embodiments may be combined with each other without conflict. All other embodiments, which can be made by one of ordinary skill in the art without inventive effort, based on the embodiments in this disclosure are intended to be within the scope of this disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the following claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the present disclosure, one skilled in the art will appreciate that one aspect described herein may be implemented independently of any other aspect, and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. In addition, such apparatus may be implemented and/or such methods practiced using other structure and/or functionality in addition to one or more of the aspects set forth herein.
It should also be noted that the illustrations provided in the following embodiments merely illustrate the basic concepts of the disclosure by way of illustration, and only the components related to the disclosure are shown in the drawings and are not drawn according to the number, shape and size of the components in actual implementation, and the form, number and proportion of the components in actual implementation may be arbitrarily changed, and the layout of the components may be more complicated.
In addition, in the following description, specific details are provided in order to provide a thorough understanding of the examples. However, it will be understood by those skilled in the art that the aspects may be practiced without these specific details.
The embodiment of the disclosure provides a seed scheduling and evaluating method for fuzzy test of an operating system kernel, which can be applied to the testing process of operating system software.
Referring to fig. 1, a flow chart of a method for scheduling and evaluating fuzzy test seeds in an operating system kernel is provided in an embodiment of the disclosure. As shown in fig. 1, the method mainly comprises the following steps:
step 1, reading an initial corpus by using a fuzzy test tool;
the existing mainstream scheme is generally a kernel fuzzy test based on a single-level coverage index, as shown in fig. 2, the flow is as follows:
in the kernel fuzzy test process, firstly, a fuzzy test tool reads an initial corpus, randomly selects seeds in the corpus and adds the seeds into an input seed pool, then selects the seeds in the input seed pool and executes mutation operation to generate test cases. And executing the test case by the operating system, and collecting the kernel position covered by the test case in the execution process. Then, judging whether the operating system generates an abnormal state in the executing process. If yes, adding the test case into an output seed pool, otherwise, performing the next judging task; then, judging whether the edge coverage rate of the test case is newly increased in the execution process. If the test case improves the edge coverage rate, the test case is added into the input seed pool, otherwise, the test case is discarded. Finally, judging whether a test ending instruction is received. If yes, ending the test and outputting an output seed pool maintained and updated in the current test process. Otherwise, selecting the next seed for fuzzy test from the input seed pool for mutation operation, and executing the steps repeatedly.
The method has the following defects: firstly, the method measures the adaptability (namely evaluating the quality of the test cases) of the test cases by using a single coverage index (namely edge coverage), so that some test cases capable of triggering the kernel loopholes can not be reserved as seeds, and the kernel loopholes can not be discovered forever because the edge coverage can not be newly increased before the kernel loopholes are discovered, thereby reducing the exposure quantity of the kernel loopholes and reducing the efficiency of kernel fuzzy test; furthermore, the coverage index (namely, the edge coverage) selected by the method is not sensitive enough, and some key path nodes cannot be stored, so that the search space is too large in the process of mining the kernel loopholes, the exposure time of the kernel loopholes is increased, and the efficiency of kernel fuzzy test is reduced.
In practice, the initial corpus may be read using a fuzzy test tool to facilitate subsequent steps.
Step 2, randomly selecting seeds in the corpus by using a fuzzy test tool and adding the seeds into an input seed pool;
in the implementation, after the initial corpus is obtained, seeds in the corpus can be randomly selected by using a fuzzy test tool and added into an input seed pool, and for kernel fuzzy test, the seeds consist of a system call sequence and parameters in system call.
Step 3, selecting seeds in the seed pool by using a testing tool and executing mutation operation on the seeds to generate a test case;
in the specific implementation, after seeds in the corpus are added into an input seed pool, a testing tool can be used for selecting the seeds in the input seed pool and performing mutation operation on the seeds to generate a test case; the seed mutation determines the possibility that the generated test case can trigger the loopholes and become new seeds, and in the kernel fuzzy test, the seed mutation strategy comprises operations of randomly changing the sequence, the type and each system call parameter of the system call sequence.
Step 4, the operating system executes the test case and collects the kernel position covered by the test case;
in specific implementation, after the test case is generated, the operating system executes the test case and collects the kernel position covered by the test case in real time.
Step 5, judging whether the operating system generates an abnormal state in the execution process, if so, executing step 6, and if not, executing step 7;
in specific implementation, whether an abnormal state is generated in the execution process of the operating system is judged, such as the conditions of system suspension, system breakdown and the like, so that the subsequent operation flow is facilitated, if the abnormal state is generated, the step 6 is executed, and otherwise, the step 7 is executed.
Step 6, adding the test cases as new seeds into an output seed pool;
in the specific implementation, after the generated test cases are executed, the executed strategy cases can be used as new seeds to be added into an output seed pool.
Step 7, judging whether the test case has a new coverage condition under the evaluation of the multi-level coverage index in the execution process, if so, executing the step 8, and if not, executing the step 9;
further, the multi-level coverage index includes a function coverage, a code block coverage, and an edge coverage.
Further, the step 7 specifically includes:
step 7.1, defining a coverage space Γ, wherein the coverage space comprises a function set Γ covered by an execution kernel program F Executing the set Γ of code blocks covered by the kernel B Executing edge set Γ covered by kernel E
Step 7.2, defining a single coverage indexWherein->Representing kernel libraries,/->Representing a test case set;
step 7.3, constructing a multi-level coverage index by using the single coverage index CWherein C is n ~<C 1 ,...,C n >;
Step 7.4, inputting the test case I into the kernel program P, and utilizing the multi-level coverage index C n Evaluation is carried out to obtain measurement results<M 1 ,...,M n >The metric result generation process is as follows:
<M 1 ,...,M n >←RunWithInstrument(P,I,C n )
wherein, test casesKernel program->Measurement result M epsilon gamma *
Step 7.5, the measurement result M t ←M 1 ∪...∪M n And saved metrics M * Comparing ifReturning to no new coverage, otherwise, returning to new coverage, and adding the measurement result to M in the saved measurement result * ←M * ∪M t
For example, as shown in FIG. 3, where a multi-level coverage index refers to multiple coverage indexes that combine different levels, for example: and collecting the functions, code blocks and edges (namely the transfer paths from one code block to the next code block) covered in the seed execution process, obtaining corresponding coverage rate and taking the coverage rate as an index. In practical application, the process of judging whether the test case has new coverage under the evaluation of the multi-level coverage index in the execution process can be as follows:
A1. defining a coverage space Γ; specifically, Γ F Representing a set of functions covered by an execution kernel B Representing execution kernel threadsAn order covered code block set Γ E Representing the set of edges covered by the execution kernel.
A2. Defining a single coverage indexWherein->Representing kernel libraries,/->Representing a test case set; specifically, utilize C F Measurement of functional coverage of an execution kernel program, utilizing C B Measurement of code block coverage of an execution kernel program, utilizing C E Edge coverage of the metric execution kernel program.
A3. Constructing a multi-level coverage index using a single coverage index CWherein C is n ~<C 1 ,...,C n >。
A3. Inputting the test case I into the kernel program P and utilizing the multi-level coverage index C n Evaluation is carried out to obtain measurement results<M 1 ,...,M n >The metric result generation process is as follows:
<M 1 ,...,M n >←RunWithInstrument(P,I,C n )
wherein, test casesKernel program->Measurement result M epsilon gamma *
A4. The measurement result M t ←M 1 ∪...∪M n And saved metrics M * Comparing ifThen return no new coverage, otherwise return new coverage, and add this measurement result to M in the saved measurement result * ←M * ∪M t
Step 8, adding the test cases as new seeds into an input seed pool;
step 9, discarding the test case;
step 10, judging whether the fuzzy test tool receives a test ending instruction, if so, executing step 11, and if not, executing step 12;
in specific implementation, after finishing one test, it can be determined whether the fuzzy test tool receives the test finishing instruction, so as to facilitate the subsequent operation flow.
Step 11, after receiving a test ending instruction, the fuzzy test tool ends the test and outputs an output seed pool which is maintained and updated in the current test process;
when the fuzzy test tool receives the test ending instruction, the test is ended and an output seed pool which is maintained and updated in the current test process is output.
Step 12, carrying out cluster analysis on seeds in the input seed pool according to the multi-level coverage rate index and constructing the input seed pool into a multi-level tree;
based on the above embodiment, the step 12 specifically includes:
step 12.1, defining sensitivity of coverage index, giving two coverage index C i ,C j The result of the following two formulas is true, then C is C j C, i.e i Ratio C j The sensitivity is higher;
step 12.2, define input seed pool S m ~<s 1 ,...,s m >;
Step 12.3, for inputting seed pool S m ~<s 1 ,...,s m >Creating a cluster cc of arbitrary seeds of (a) j ={s j -j e {1,. }, m };
step 12.4, utilizing the multi-level coverage index C n ~<C 1 ,...,C n >The middle layer is coverage index C of i epsilon {1,., n-1} i For each class of cluster cc j Evaluating to obtain corresponding measurement result<M 1 ,...,M m >If M k =M k+1 Then merge cc k And cc (cc) k+1 K e {1,.,. M-1}, untilUntil that is reached;
step 12.5, then using the coverage index C with layer i+1 i+1 Clustering the clusters that have completed clustering in step 12.4 again using the same method untilUntil that is reached;
step 12.6, utilizing the Multi-level coverage index C n ~<C 1 ,...,C n >Evaluating seeds in the input seed pool to obtain corresponding measurement results<M 1 ,...,M n >Will correspondingly measure the result<M 1 ,...,M n >In combination with the seeds, a multi-level tree is constructed, wherein any node with a level i epsilon { 1.. i Mapped clusters, while child nodes at level i+1 represent the result M according to the metrics i+1 The mapped sub-clusters are associated with seeds at any leaf node at the bottom level.
In particular, given the multi-level coverage index as shown in fig. 2, seeds in the seed pool are selected and input, seed clustering is performed from the root node, if a child node with the same function coverage as the seeds exists, the child node is used as a father node, then cluster analysis is performed to the next layer, and otherwise, a new node is created. And finally, selecting a leaf node to reserve the seed according to the edge coverage rate.
The root node of the tree is used as a virtual node, the middle node is a coverage index measurement result, the leaf nodes are seeds, each layer is evaluated by different coverage indexes, and the coverage index granularity is smaller as the coverage index is closer to the bottom layer. When the fuzzy test tool does not receive the test ending instruction, the seeds in the input seed pool can be subjected to cluster analysis according to the multi-level coverage rate index, and the input seed pool is constructed into a multi-level tree, and the specific process is as follows:
B1. defining sensitivity of coverage rate indexes; specifically, two coverage indexes C are given i ,C j The result of the following two formulas is true, then C is C j C, i.e i Ratio C j The sensitivity is higher.
Furthermore, at the multi-level coverage index C n ~<C 1 ,...,C n >Any layer is coverage index C of i e {1,., n-1} i The sensitivity is lower than the coverage index C of the deep level i+1 C, i.e i+1s C i
B2. Definition of input seed pool S m ~<s 1 ,...,s m >。
B3. To input seed pool S m ~<s 1 ,...,s m >Creating a cluster cc of arbitrary seeds of (a) j ={s j J e { 1..m }.
B4. Using multiple levelsCoverage index C n ~<C 1 ,...,C n >The middle layer is coverage index C of i epsilon {1,., n-1} i For each class of cluster cc j Evaluating to obtain corresponding measurement result<M 1 ,...,M m >If M k =M k+1 Then merge cc k And cc (cc) k+1 K e {1,.,. M-1}, untilUntil that point.
B5. Then using the coverage index C with the layer of i+1 i+1 Clustering the clusters which have completed clustering in step B4 again using the same method untilUntil that point.
B6. Using a multi-level coverage index C n ~<C 1 ,...,C n >Evaluating seeds in the input seed pool to obtain corresponding measurement results<M 1 ,...,M n >Will correspondingly measure the result<M 1 ,...,M n >Constructing a multi-level tree by combining the seeds; any node where layer i e { 1..n } represents the result M according to the metric i Mapped clusters, while child nodes at level i+1 represent the result M according to the metrics i+1 The mapped sub-clusters are associated with seeds at any leaf node at the bottom level.
Step 13, modeling a seed scheduling and evaluating process into a multi-arm slot machine model, and improving a seed scheduling and evaluating strategy according to an improved confidence interval upper bound algorithm;
the step 13 specifically includes:
step 13.1, setting an influence factor corresponding to an improved confidence interval upper bound algorithm;
step 13.2 defining a feature F εΓ of level l l Hit times num_hits [ F]And satisfies the following formula:
where P is the kernel program that is executed,is a set of all test cases generated;
step 13.3, constructing a rarefaction raress [ F ] of the feature F by using the hit times num_hits [ F ] of the feature F, wherein the feature rarefaction generating process is as follows:
step 13.4, defining the feature coverage fcov [ s, l, t ] of the fuzzing test of the seed s of the t-th round, and satisfying the following formula:
wherein,is a test case set generated by fuzzing the seed s of the t-th round, C l Is the coverage index level, l e {1,., n };
step 13.5, calculate the reward SeedReward (s, l, t) for seed s after a round of fuzzy test using the rarefaction [ F ] of feature F, as follows:
step 13.6, calculating a Reward Reward (a) for the cluster by back-propagating the seed Reward to the upper layer scheduled cluster based on the Reward SeedReward (s, l, t) for the seed l T), as follows:
wherein,<a 1 ,...,a n ,a n+1 >is the node sequence selected in the t-th round, a n+1 Is a leaf node, namely a seed, a i I e { 2..n } is the cluster of metric result mappings, i.e., the intermediate node;
step 13.7, calculating fuzzy test performance FuzzPerf (a) of the node a based on the improved confidence interval upper bound algorithm, as follows:
FuzzPerf(a)=Q(a)+U(a)
wherein Q (a) is the average value of rewards and rewards obtained by the node a, and U (a) is the radius of the upper confidence interval;
step 13.8, calculating a weighted arithmetic average Q (a, t) of rewards obtained by the node a based on rewards Reward (a, t) obtained by the node a of the t-th round and the previous average rewards, as follows:
wherein N [ a, t ] is the number of times node a is selected when the t-th round is ended, t' is the last round of selecting node a, and w is a weight factor;
step 13.9, calculating an estimated radius of the number of times of selecting the node a, as follows:
wherein node a' is the parent node of node a, Y [ a ] is the number of seeds in the node, NA is the number of times the node is selected, and C is a predefined parameter;
step 13.10, calculating the rarity SeedRareess (s, l) of the seed based on the rarity raress [ F ] of the feature F covered by the seed s as follows:
wherein C is l Is the coverage index level, l e { 1.,n};
step 13.11, according to a node a l Rarefaciency (s, l) of seeds in (a), node a is calculated l Rareearth rareess (a) l ) The formula is as follows:
Rareness(a l )=SeedRareness(s,l)
wherein,<a 1 ,...,a n ,a n+1 >is the node sequence selected in the t-th round, a n+1 Is a leaf node, i.e., a seed;
step 13.12, calculating a Score (a) of the node a based on rarefaction raress (a) of the node a and fuzzy test performance FuzzPerf (a) of the node a as follows:
Score(a)=Rareness(a)×FuzzPerf(a)。
further, the influencing factors include the rarity of the seeds themselves, the difficulty and uncertainty of seed mutation in generating new seeds.
In specific implementation, the seed scheduling and evaluation process is modeled as a multi-arm slot machine model, and then the seed scheduling and evaluation strategy is improved according to an improved confidence interval upper bound (UCB 1, upper Confidence Bound) algorithm; then starting from the root node of the multi-level tree, selecting the child node with the highest score based on the multi-level coverage index until one leaf node is selected; finally, all nodes along the path of the seed selection will increase in score. The specific process is as follows:
C1. the improved UCB1 algorithm realizes a better seed scheduling and evaluation strategy, and obtains the seeds with the highest scores, and three aspects need to be considered: first, the rarity of the seed itself. Second, the difficulty of seed mutation in creating new seeds. Third, uncertainty.
C2. Defining a feature F e Γ of hierarchy l l Hit times num_hits [ F]And satisfies the following formula:
where P is the kernel program that is executed,is a set of all test cases generated.
C3. The rarefaction raress [ F ] of the feature F is constructed by using the hit times num_hits [ F ] of the feature F, and the feature rarefaction generating process is as follows:
C4. defining feature coverage fcov [ s, l, t ] of the fuzzing test of the seed s of the t-th round, and meeting the following formula:
/>
wherein,is a test case set generated by fuzzing the seed s of the t-th round, C l Is the coverage index level, l e {1,., n }.
C5. Using the rarefaction of feature F [ F ], the reward of seed s after a round of fuzzy test is calculated, sedreward (s, l, t), as follows:
C6. based on the rewards SeedReward (s, l, t) of the seeds, the rewards Reward (a) of the clusters are calculated by back-propagating the seed rewards to the upper-layer scheduled clusters l T), as follows:
wherein,<a 1 ,...,a n ,a n+1 >is the node sequence selected in the t-th round, a n+1 Is a leaf node, i.e. a seed,a i I e { 2..n } is the cluster of metric result mappings, i.e., the intermediate node.
C7. Based on the improved UCB1 algorithm, calculating fuzzy test performance FuzzPerf (a) of the node a as follows:
FuzzPerf(a)=Q(a)+U(a)
where Q (a) is the average of rewards awarded by node a and U (a) is the upper confidence interval radius.
C8. Based on the rewards review (a, t) obtained by the t-th round of node a and the previous average rewards, a weighted arithmetic average Q (a, t) of the rewards obtained by node a is calculated as follows:
wherein, N [ a, t ] is the number of times node a is selected when the t-th round is finished, t' is the last round of selecting node a, w is a weight factor, and the value is usually 0.5, and the purpose of introducing the weight factor is to solve the problem that the characteristic rarity is continuously reduced in the fuzzy test process.
C9. The estimated radius of the number of times node a is selected is calculated as follows:
wherein node a' is the parent node of node a, Y [ a ] is the number of seeds in the node, NA is the number of times the node is selected, C is a predefined parameter, typically a value of 1.4, which serves to improve the seed scheduling and evaluation strategy.
C10. Based on the rarefaction [ F ] of the feature F covered by the seed s, the rarefaction SeedRareness (s, l) of the seed is calculated as follows:
wherein C is l Is the coverage index level, l e {1,., n }.
C11. Due to one node a l The seeds in (a) have the same measurement result M l Therefore node a l Rareearth rareess (a) l ) Depending on the rarity SeedRareness (s, l) of the seeds, the calculation formula is as follows:
Rareness(a l )=SeedRareness(s,l)
wherein,<a 1 ,...,a n ,a n+1 >is the node sequence selected in the t-th round, a n+1 Is a leaf node, i.e., seed.
C12. Based on rarefaction raress (a) of node a and fuzziness test performance FuzzPerf (a) of node a, score (a) of node a is calculated as follows:
Score(a)=Rareness(a)×FuzzPerf(a)
and 14, selecting the next seed according to the improved seed scheduling and evaluation strategy, executing mutation operation to generate a test case, and returning to the step 4 to execute the process in a recycling way.
In specific implementation, selecting the next seed according to the improved seed scheduling and evaluation strategy, executing mutation operation to generate test cases, and then executing the process in a recycling mode.
According to the seed scheduling and evaluating method for fuzzy test of the kernel of the operating system, a new coverage rate measurement design, namely a multi-level coverage rate index, is introduced, seeds with the same coverage rate in an input seed pool are grouped into the same cluster according to the index, so that seed cluster analysis is completed, and a multi-level tree is constructed; then, seed scheduling and evaluation processes are carried out from the root node of the tree, seeds are evaluated by adopting an improved confidence interval upper bound algorithm, the priority of the seeds which are not scheduled and the seeds which can trigger rare paths is improved, the number of the seeds which can trigger kernel holes is increased, and the time for exposing holes on the rare paths is reduced, so that the probability of finding kernel defects is improved, the efficiency of kernel fuzzy test is remarkably improved, and the problems of overlong kernel hole detection time, low kernel detection efficiency and the like caused by improper coverage rate index selection in the prior art are solved.
The units involved in the embodiments of the present disclosure may be implemented by means of software, or may be implemented by means of hardware.
It should be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof.
The foregoing is merely specific embodiments of the disclosure, but the protection scope of the disclosure is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the disclosure are intended to be covered by the protection scope of the disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (5)

1. The method for scheduling and evaluating the fuzzy test seeds of the kernel of the operating system is characterized by comprising the following steps:
step 1, reading an initial corpus by using a fuzzy test tool;
step 2, randomly selecting seeds in the corpus by using a fuzzy test tool and adding the seeds into an input seed pool;
step 3, selecting seeds in the seed pool by using a testing tool and executing mutation operation on the seeds to generate a test case;
step 4, the operating system executes the test case and collects the kernel position covered by the test case;
step 5, judging whether the operating system generates an abnormal state in the execution process, if so, executing step 6, and if not, executing step 7;
step 6, adding the test cases as new seeds into an output seed pool;
step 7, judging whether the test case has a new coverage condition under the evaluation of the multi-level coverage index in the execution process, if so, executing the step 8, and if not, executing the step 9;
the step of judging whether the test case has a new coverage under the evaluation of the multi-level coverage index in the execution process comprises the following steps:
step 7.1, defining a coverage space Γ, wherein the coverage space includes a kernel program executedCovered function set Γ F Executing the set Γ of code blocks covered by the kernel B Executing edge set Γ covered by kernel E
Step 7.2, defining a single coverage indexWherein->Representing kernel libraries,/->Representing a test case set;
step 7.3, constructing a multi-level coverage index by using the single coverage index CWherein C is n ~<C 1 ,...,C n >;
Step 7.4, inputting the test case I into the kernel program P, and utilizing the multi-level coverage index C n Evaluation is carried out to obtain measurement results<M 1 ,...,M n >The metric result generation process is as follows:
<M 1 ,...,M n >←RunWithInstrument(P,I,C n )
wherein, test casesKernel program->Measurement result M epsilon gamma *
Step 7.5, the measurement result M t ←M 1 ∪...∪M n And saved metrics M * Comparing ifReturning to no new coverage, otherwise, returning to new coverage, and adding the measurement result to M in the saved measurement result * ←M * ∪M t
Step 8, adding the test cases as new seeds into an input seed pool;
step 9, discarding the test case;
step 10, judging whether the fuzzy test tool receives a test ending instruction, if so, executing step 11, and if not, executing step 12;
step 11, after receiving a test ending instruction, the fuzzy test tool ends the test and outputs an output seed pool which is maintained and updated in the current test process;
step 12, carrying out cluster analysis on seeds in the input seed pool according to the multi-level coverage rate index and constructing the input seed pool into a multi-level tree;
step 13, modeling a seed scheduling and evaluating process into a multi-arm slot machine model, and improving a seed scheduling and evaluating strategy according to an improved confidence interval upper bound algorithm;
and 14, selecting the next seed according to the improved seed scheduling and evaluation strategy, executing mutation operation to generate a test case, and returning to the step 4 to execute the process in a recycling way.
2. The method of claim 1, wherein the multi-level coverage index comprises a function coverage, a code block coverage, and an edge coverage.
3. The method according to claim 2, wherein the step 12 specifically comprises:
step 12.1, defining sensitivity of coverage index, giving two coverage index C i ,C j The result of the following two formulas is true, then C is C j C, i.e i Ratio C j The sensitivity is higher;
step 12.2, define input seed pool S m ~<s 1 ,...,s m >;
Step 12.3, for inputting seed pool S m ~<s 1 ,...,s m >Creating a cluster cc of arbitrary seeds of (a) j ={s j -j e {1,. }, m };
step 12.4, utilizing the multi-level coverage index C n ~<C 1 ,...,C n >The middle layer is coverage index C of i epsilon {1,., n-1} i For each class of cluster cc j Evaluating to obtain corresponding measurement result<M 1 ,...,M m >If M k =M k+1 Then merge cc k And cc (cc) k+1 K e {1,.,. M-1}, untilUntil that is reached;
step 12.5, then using the coverage index C with layer i+1 i+1 Clustering the clusters that have completed clustering in step 12.4 again using the same method untilUntil that is reached;
step 12.6, utilizing the Multi-level coverage index C n ~<C 1 ,...,C n >Evaluating seeds in the input seed pool to obtain corresponding measurement results<M 1 ,...,M n >Will correspondingly measure the result<M 1 ,...,M n >In combination with the seeds, a multi-level tree is constructed, wherein any node with a level i epsilon { 1.. i Mapped clusters, and at layer iChild node representation of +1 is based on metric result M i+1 The mapped sub-clusters are associated with seeds at any leaf node at the bottom level.
4. A method according to claim 3, wherein said step 13 comprises:
step 13.1, setting an influence factor corresponding to an improved confidence interval upper bound algorithm;
step 13.2 defining a feature F εΓ of level l l Hit times num_hits [ F]And satisfies the following formula:
where P is the kernel program that is executed,is a set of all test cases generated;
step 13.3, constructing a rarefaction raress [ F ] of the feature F by using the hit times num_hits [ F ] of the feature F, wherein the feature rarefaction generating process is as follows:
step 13.4, defining the feature coverage fcov [ s, l, t ] of the fuzzing test of the seed s of the t-th round, and satisfying the following formula:
wherein,is a test case set generated by fuzzing the seed s of the t-th round, C l Is the coverage index level, l e {1,., n };
step 13.5, calculate the reward SeedReward (s, l, t) for seed s after a round of fuzzy test using the rarefaction [ F ] of feature F, as follows:
step 13.6, calculating a Reward Reward (a) for the cluster by back-propagating the seed Reward to the upper layer scheduled cluster based on the Reward SeedReward (s, l, t) for the seed l T), as follows:
wherein,<a 1 ,...,a n ,a n+1 >is the node sequence selected in the t-th round, a n+1 Is a leaf node, namely a seed, a i I e { 2..n } is the cluster of metric result mappings, i.e., the intermediate node;
step 13.7, calculating fuzzy test performance FuzzPerf (a) of the node a based on the improved confidence interval upper bound algorithm, as follows:
FuzzPerf(a)=Q(a)+U(a)
wherein Q (a) is the average value of rewards and rewards obtained by the node a, and U (a) is the radius of the upper confidence interval;
step 13.8, calculating a weighted arithmetic average Q (a, t) of rewards obtained by the node a based on rewards Reward (a, t) obtained by the node a of the t-th round and the previous average rewards, as follows:
wherein N [ a, t ] is the number of times node a is selected when the t-th round is ended, t' is the last round of selecting node a, and w is a weight factor;
step 13.9, calculating an estimated radius of the number of times of selecting the node a, as follows:
wherein node a' is the parent node of node a, Y [ a ] is the number of seeds in the node, NA is the number of times the node is selected, and C is a predefined parameter;
step 13.10, calculating the rarity SeedRareess (s, l) of the seed based on the rarity raress [ F ] of the feature F covered by the seed s as follows:
wherein C is l Is the coverage index level, l e {1,., n };
step 13.11, according to a node a l Rarefaciency (s, l) of seeds in (a), node a is calculated l Rareearth rareess (a) l ) The formula is as follows:
Rareness(a l )=SeedRareness(s,l)
wherein,<a 1 ,...,a n ,a n+1 >is the node sequence selected in the t-th round, a n+1 Is a leaf node, i.e., a seed;
step 13.12, calculating a Score (a) of the node a based on rarefaction raress (a) of the node a and fuzzy test performance FuzzPerf (a) of the node a, as follows:
Score(a)=Rareness(a)×FuzzPerf(a)。
5. the method of claim 4, wherein the influencing factors include rarity of the seed itself, difficulty in seed mutation to generate new seeds, and uncertainty.
CN202310351993.6A 2023-04-04 2023-04-04 Seed scheduling and evaluating method for fuzzy test of kernel of operating system Active CN116303082B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310351993.6A CN116303082B (en) 2023-04-04 2023-04-04 Seed scheduling and evaluating method for fuzzy test of kernel of operating system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310351993.6A CN116303082B (en) 2023-04-04 2023-04-04 Seed scheduling and evaluating method for fuzzy test of kernel of operating system

Publications (2)

Publication Number Publication Date
CN116303082A CN116303082A (en) 2023-06-23
CN116303082B true CN116303082B (en) 2023-12-19

Family

ID=86813216

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310351993.6A Active CN116303082B (en) 2023-04-04 2023-04-04 Seed scheduling and evaluating method for fuzzy test of kernel of operating system

Country Status (1)

Country Link
CN (1) CN116303082B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117827685B (en) * 2024-03-05 2024-04-30 国网浙江省电力有限公司丽水供电公司 Fuzzy test input generation method, device, terminal and medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108882297A (en) * 2018-06-22 2018-11-23 天津大学 Wireless sensor network node energy-efficient deployment method based on the sampling of Poisson disk
CN112995343A (en) * 2021-04-22 2021-06-18 华南理工大学 Edge node calculation unloading method with performance and demand matching capability
CN114661621A (en) * 2022-05-13 2022-06-24 上海交通大学宁波人工智能研究院 Industrial control protocol fuzzy test system and method based on reinforcement learning
CN114840437A (en) * 2022-05-24 2022-08-02 中南大学 Operating system kernel fuzzy test seed evaluation distribution method
CN114840857A (en) * 2022-04-29 2022-08-02 哈尔滨工程大学 Intelligent contract fuzzy testing method and system based on deep reinforcement learning and multi-level coverage strategy
CN115130376A (en) * 2022-06-21 2022-09-30 大连理工大学 Determinant diversity guide-based group reinforcement learning training method
WO2022247738A1 (en) * 2021-05-24 2022-12-01 国网湖北电力有限公司电力科学研究院 Electric internet-of-things protocol vulnerability detection system and method based on fuzzy testing

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10452526B2 (en) * 2017-06-15 2019-10-22 Microsoft Technology Licensing, Llc Machine learning for constrained mutation-based fuzz testing
DE102020213891A1 (en) * 2020-11-04 2022-05-05 Robert Bosch Gesellschaft mit beschränkter Haftung Computer-implemented method and device for selecting a fuzzing method for testing a program code

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108882297A (en) * 2018-06-22 2018-11-23 天津大学 Wireless sensor network node energy-efficient deployment method based on the sampling of Poisson disk
CN112995343A (en) * 2021-04-22 2021-06-18 华南理工大学 Edge node calculation unloading method with performance and demand matching capability
WO2022247738A1 (en) * 2021-05-24 2022-12-01 国网湖北电力有限公司电力科学研究院 Electric internet-of-things protocol vulnerability detection system and method based on fuzzy testing
CN114840857A (en) * 2022-04-29 2022-08-02 哈尔滨工程大学 Intelligent contract fuzzy testing method and system based on deep reinforcement learning and multi-level coverage strategy
CN114661621A (en) * 2022-05-13 2022-06-24 上海交通大学宁波人工智能研究院 Industrial control protocol fuzzy test system and method based on reinforcement learning
CN114840437A (en) * 2022-05-24 2022-08-02 中南大学 Operating system kernel fuzzy test seed evaluation distribution method
CN115130376A (en) * 2022-06-21 2022-09-30 大连理工大学 Determinant diversity guide-based group reinforcement learning training method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于聚类和新覆盖信息的模糊测试改进;程亮等;《计算机系统应用》;第31卷(第9期);192-200 *
面向深度学习框架的漏洞挖掘技术研究;申香中;《中国优秀硕士学位论文全文数据库 信息科技辑》(第11期);I139-132 *

Also Published As

Publication number Publication date
CN116303082A (en) 2023-06-23

Similar Documents

Publication Publication Date Title
Böhme et al. Coverage-based greybox fuzzing as markov chain
Cai et al. NuMVC: An efficient local search algorithm for minimum vertex cover
Harman et al. A theoretical and empirical study of search-based testing: Local, global, and hybrid search
CN116303082B (en) Seed scheduling and evaluating method for fuzzy test of kernel of operating system
CN108508745B (en) Multi-target test sequence set optimization generation method
Luo et al. Improving local search for random 3-SAT using quantitative configuration checking
Conrad et al. Empirically studying the role of selection operators duringsearch-based test suite prioritization
CN114238958A (en) Intrusion detection method and system based on traceable clustering and graph serialization
CN110659284A (en) Block sequencing method and system based on tree graph structure and data processing terminal
Gupta et al. An insight into test case optimization: ideas and trends with future perspectives
CN105446742A (en) Optimization method for artificial intelligence performing task
CN114840857A (en) Intelligent contract fuzzy testing method and system based on deep reinforcement learning and multi-level coverage strategy
Barnat et al. A time-optimal on-the-fly parallel algorithm for model checking of weak LTL properties
CN115828260A (en) Multi-machine collaborative vulnerability detection system based on vulnerability clustering and distance space division
Chatterjee et al. Lower bounds for symbolic computation on graphs: Strongly connected components, liveness, safety, and diameter
Fiedor et al. Advances in noise‐based testing of concurrent software
Chen Building a hybrid SAT solver via conflict-driven, look-ahead and XOR reasoning techniques
Li et al. Feature mining for machine learning based compilation optimization
Vejandla et al. Evolving gaming strategies for attacker-defender in a simulated network environment
CN110109811A (en) A kind of source tracing method towards GPU calculated performance problem
Klinkhamer et al. Shadow/puppet synthesis: A stepwise method for the design of self-stabilization
Li et al. A portfolio-based approach to select efficient variable ordering heuristics for constraint satisfaction problems
Papadopoulou et al. A machine-learning approach for communication prediction of large-scale applications
Chatterjee et al. Controller synthesis with budget constraints
Pelánek Model classifications and automated verification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant