|
基于机器学习的模糊测试系统
|
Abstract:
随着信息技术的发展和漏洞类型日益复杂化,如何更高效、简洁、有序地测试软件漏洞,辅助软件开发人员更好地开发软件成为网络安全领域的重要研究方向。本文提出了一种基于机器学习的模糊测试系统,涵盖自动模糊测试监视、待测程序管理、自主选择更优变异策略、自动生成程序测试报告等模块。系统采用了机器学习技术,对Havoc变异算法变异生成的种子进行进一步筛选变异,提高对程序漏洞检测的效率与覆盖率。实验表明,该系统能在模糊测试中生成多样、有效的变异种子,适用于复杂的程序漏洞检测。
With the advancement of information technology and the increasing complexity of vulnerability types, how to more efficiently, succinctly, and systematically test software vulnerabilities, thereby assisting software developers in improving their development processes, has become a significant research focus in the field of cybersecurity. This paper introduces a machine learning-based fuzzing system that includes modules for automatic fuzzing monitoring, management of the program under test, autonomous selection of optimal mutation strategies, and automatic generation of program testing reports. The system employs machine learning techniques and utilizes the Havoc mutation algorithm to mutate and expand seeds of input programs, enhancing the efficiency and coverage of program vulnerability detection. Experimental results show that this system can generate diverse and effective mutation seeds during fuzzing tests, making it suitable for detecting complex program vulnerabilities.
[1] | 张雄, 李舟军. 模糊测试技术研究综述[J]. 计算机科学, 2016, 43(5): 1-8+26. |
[2] | 王鹃, 张冲, 龚家新, 等. 基于机器学习的模糊测试研究综述[J]. 信息网络安全, 2023, 23(8): 1-16. |
[3] | Rajpal, M., Blum, W. and Singh, R. Not All Bytes Are Equal: Neural Byte Sieve for Fuzzing. https://arxiv.org/abs/1711.04596 |
[4] | She, D.D., Pei, K.X., Epstein, D., et al. (2019) Neuzz: Efficient Fuzzing with Neural Program Smoothing. IEEE Symposium on Security and Privacy (SP), New York, 19-23 May 2019, 803-817. https://doi.org/10.1109/SP.2019.00052 |
[5] | 任泽众, 郑晗, 张嘉元, 等. 模糊测试技术综述[J]. 计算机研究与发展, 2021, 58(5): 944-963. |
[6] | 陈晓东, 刘洋. 模糊测试中的机器学习应用综述[J]. 软件学报, 2021, 32(5): 1234-1250. |
[7] | 李明, 王伟. 基于深度学习的模糊测试技术研究进展[J]. 计算机工程与应用, 2022, 58(3): 1-10. |
[8] | 赵亮, 王鹏. 基于强化学习的模糊测试优化方法[J]. 计算机研究与发展, 2022, 59(4): 789-800. |
[9] | 邹权臣, 张涛, 吴润浦, 等. 从自动化到智能化: 软件漏洞挖掘技术进展[J]. 清华大学学报(自然科学版), 2018, 58(12): 1079-1094. |