信息安全研究2024,Vol.10Issue(6):490-497,8.DOI:10.12379/j.issn.2096-1057.2024.06.01
基于序列生成对抗网络的智能模糊测试方法
Intelligent Fuzzy Testing Method Based on Sequence Generative Adversarial Networks
摘要
Abstract
The increase in the number of vulnerabilities and the emergence of a large number of highly dangerous vulnerabilities,such as supercritical and high-risk ones,pose great challenges to the state of network security.As a mainstream security testing method,fuzz testing is widely used.Test case generation,as a core step,directly determines the quality of fuzz testing.However,traditional test case generation methods based on pre-generation,random generation,and mutation strategies face bottlenecks such as low coverage,high labor costs,and low quality.Generating high-quality,highly available,and comprehensive test cases is a difficult problem in intelligent fuzz testing.To address this issue,this paper proposes an intelligent fuzz testing method based on the sequence generation adversarial network(SeqGAN)model.By combining the idea of reinforcement learning,the test case generation is abstracted as a learning and approximate generation problem for universally applicable variable-length discrete sequence data.Innovatively,a configurable embedding layer is added to the generator part to standardize the generation,and a reward function is designed from the dimensions of authenticity and diversity through dynamic weight adjustment.This ultimately achieves the goal of automatically and intelligently constructing a comprehensive,complete,and usable test case set for flexible and efficient intelligent fuzz testing.This paper verifies the proposed scheme from two aspects of effectiveness and universality.The average test case pass rate of over 95%and the average target defect detection rate of 10%under four different testing targets fully demonstrate the universality of the scheme.The 98%test case pass rate,9%target defect detection rate,and the ability to generate 20 000 usable test cases per unit time under four different schemes fully demonstrate the effectiveness of the scheme.关键词
漏洞挖掘/模糊测试/序列生成对抗网络/网络安全/测试用例生成Key words
vulnerability mining/fuzzy testing/sequence adversarial generating network/network security/generation of test cases分类
信息技术与安全科学引用本文复制引用
靳文京,卜哲,秦博阳..基于序列生成对抗网络的智能模糊测试方法[J].信息安全研究,2024,10(6):490-497,8.基金项目
2022年工信部产业基础再造和制造业高质量发展专项(TC220H079) (TC220H079)
