您的位置:首页  > 论文页面

基于深度学习的高效模糊测试技术研究

发表时间:2021-06-19  浏览量:246  下载量:55
全部作者: 刘文倩,杨文川
作者单位: 北京邮电大学网络空间安全学院;北京邮电大学软件安全中心
摘 要: 模糊测试是漏洞挖掘中最为常用的方法之一,然而在测试具有高度结构化输入的软件时,传统模糊测试技术存在生成样本合法性弱和依赖人工参与的问题。针对该问题,本文在Learn&Fuzz方法的基础上,提出了一种基于深度学习的高效模糊测试技术。该技术使用双向长短时记忆(bi-directional long short-term memory,BLSTM)神经网络和注意力(Attention)机制构建样本自动生成模型,通过训练使模型学习样本的内在格式特征,从而能够自动化生成符合一定语法规范的样本。另外,该技术通过改进Learn&Fuzz的采样算法,增加了测试样本的多样性和变异性,从而进一步提高了模糊测试的效率。与Learn&Fuzz方法相比,该技术能够达到更高的代码覆盖率,生成的触发崩溃样本也更多。
关 键 词: 计算机科学技术基础学科;模糊测试;深度学习;漏洞挖掘
Title: Research on efficient fuzzing technology based on deep learning
Author: LIU Wenqian, YANG Wenchuan
Organization: School of Cyberspace Security, Beijing University of Posts and Telecommunications; Software Security Center, Beijing University of Posts and Telecommunications
Abstract: Fuzzing is one of the most commonly used methods in vulnerability mining. However, when testing software with highly structured input, traditional fuzzing technology has the problem of generating sample with weak legitimacy and having dependence on human participation. To solve this problem, an efficient fuzzing technology based on deep learning is proposed in this paper, which is improved on the basis of the Learn&Fuzz method. Bi-directional long short-term memory (BLSTM) neural network and attention mechanism are used to build an automatic sample generation model, and the model learns the inherent format characteristics of samples through training, so as to automatically generate samples that meet certain grammatical specifications. In addition, this technology increases the diversity and variability of test samples by improving sampling algorithm of the Learn&Fuzz method, thereby further improving the efficiency of fuzzing. Compared with the Learn&Fuzz method, this technology can achieve higher code coverage and generate more samples that trigger a crash.
Key words: basic subject of computer science and technology; fuzzing; deep learning; vulnerability mining
发表期数: 2021年6月第2期
引用格式: 刘文倩,杨文川. 基于深度学习的高效模糊测试技术研究[J]. 中国科技论文在线精品论文,2021,14(2):160-167.
 
1 评论数 0
暂无评论
友情链接