计算机科学 ›› 2022, Vol. 49 ›› Issue (5): 318-324.doi: 10.11896/jsjkx.210300281
胡志濠, 潘祖烈
HU Zhi-hao, PAN Zu-lie
摘要: 目前,网络协议模糊测试的目标趋向于大型协议实体,而传统的测试用例过滤方法主要是基于测试对象的运行状态信息,测试对象越庞大,其执行单个测试用例的时间也越长。因此,针对传统的网络协议模糊测试用例过滤方法存在无效执行时间长、效率低下的问题,依据循环神经网络模型对序列数据较强的处理和预测能力,提出一种基于QRNN的网络协议模糊测试用例过滤方法。通过学习网络协议的结构特征,包括字段取值范围和字段间约束关系,该方法可以自动过滤无效测试用例,减少协议实体测试用例的执行次数。实验结果表明,与传统的网络协议模糊测试用例过滤方法相比,所提方法可以有效降低网络协议漏洞挖掘的时间成本,显著提高网络协议模糊测试的效率。
中图分类号:
[1]LI J,ZHAO B,ZHANG C.Fuzzing:asurvey[J].Cybersecurity,2018,1(1):1-13. [2]COHEN M B,SNYDER J,ROTHERMEL G.Testing acrossconfigurations:implications for combinatorial testing[J].ACM SIGSOFT Software Engineering Notes,2006,31(6):1-9. [3]LIANG H,PEI X,JIA X,et al.Fuzzing:State ofthe art[J].IEEE Transactions on Reliability,2018,67(3):1199-1218. [4]PEACHTEC.Peach[EB/OL].(2017-10-06)[2021-04-17].http://www.peachfuzzer.com/products/peach-platform. [5]Beyond Security.beSTORM[EB/OL].(2021-04-17)[2021-04-17].https://beyondsecurity.com/solutions/bestorm.html. [6]PHAM V T,BÖHME M,ROYCHOUDHURY A.AFLNet:agreybox fuzzer for network protocols[C]//2020 IEEE 13th International Conference onSoftware Testing,Validation and Verification(ICST).IEEE,2020:460-465. [7]LI M L,HUANG H,LU Y L.Test Case Generation Technology Based on Symbol Divideand Conquer Area for Vulnerability Mining[J].Netinfo Security,2020,20(5):39-46. [8]GONG W,ZHANG G,ZHOU X.Learn to Accelerate Identif-ying New Test Cases in Fuzzing[C]//International Conference on Security,Pri-vacy and Anonymity in Computation,Communication and Storage.Cham:Springer,2017:298-307. [9]KARAMCHETI S,MANN G,ROSENBERG D.ImprovingGrey-Box Fuzzing by Modeling Program Behavior[J].arXiv:1811.08973,2018. [10]ZONG P,LV T,WANG D,et al.Fuzzguard:Filteringout un-reachable inputs in directed grey-box fuzzing through deep learning[C]//29th Security Symposium (USENIX).2020:2255-2269. [11]ZHANG X,LI Z J.Surveyof Fuzz TestingTechnology[J].Computer Science,2016,43(5):1-8,26. [12]JIANG Y G,CHEN X,LI J B,et al.A FuzzyTest Case Generation Method based on LSTM for S7 Protocol[J].Computer Engineering,2021,47(7):183-188. [13]ZALEWSKI M.American fuzzy lop[EB/OL].(2017-11-05)[2021-04-17].https://github.com/mirrorer/afl. [14]LCAMTUF.AFL fuzzing strategies[EB/OL].(2014-08-08)[2021-04-17].https://lcamtuf.blogspot.jp/2014/08/binary-fuzzing-strategies-what-works.html. [15]SCHMIDHUBER J.Gradient Flow in RecurrentNets:the Difficulty of Learning Long-Term Dependencies[M]//Wiley-IEEE Press,2001. [16]HOCHREITER S,SCHMIDHUBER J.Long Short-Term Me-mory[J].Neural Computation,1997,9(8):1735-1780. [17]BRADBURY J,MERITY S,XIONG C,et al.Quasi-recu-rrent neural networks[J].arXiv:1611.01576,2016. [18]LOU Y X,YUAN W H,PENG R Q.Speech EnhancementMethod Based on Quasi Recurrent Neural Network[J].Computer Engineering,2020,46(4):316-320. [19]WANG Y,JIA P,LIU L,et al.A systematic reviewof fuzzingbased on machine learning techniques[J].PLoS ONE,2020,15(8):e0237749. [20]QIU X P.Neural Networks and Deep Learning[M].Beijing:China Machine Press,2020. [21]ZHOU Y H.Research on Network Protocol Vulnerability Mining Method Based on Deep Learning[D].Chengdu:University of Electronic Science and Technology of China,2020. [22]XU L L,CHI D X.Machine learning classification strategy for imbalanced data sets[J].Computer Engineeringand Applications,2020,56(24):12-27. [23]BIND 9[EB/OL].(2004-01-28)[2021-04-17].https://www.isc.org/bind/. |
[1] | 饶志双, 贾真, 张凡, 李天瑞. 基于Key-Value关联记忆网络的知识图谱问答方法 Key-Value Relational Memory Networks for Question Answering over Knowledge Graph 计算机科学, 2022, 49(9): 202-207. https://doi.org/10.11896/jsjkx.220300277 |
[2] | 汤凌韬, 王迪, 张鲁飞, 刘盛云. 基于安全多方计算和差分隐私的联邦学习方案 Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy 计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108 |
[3] | 徐涌鑫, 赵俊峰, 王亚沙, 谢冰, 杨恺. 时序知识图谱表示学习 Temporal Knowledge Graph Representation Learning 计算机科学, 2022, 49(9): 162-171. https://doi.org/10.11896/jsjkx.220500204 |
[4] | 王剑, 彭雨琦, 赵宇斐, 杨健. 基于深度学习的社交网络舆情信息抽取方法综述 Survey of Social Network Public Opinion Information Extraction Based on Deep Learning 计算机科学, 2022, 49(8): 279-293. https://doi.org/10.11896/jsjkx.220300099 |
[5] | 黄松, 杜金虎, 王兴亚, 孙金磊. 以太坊智能合约模糊测试技术研究综述 Survey of Ethereum Smart Contract Fuzzing Technology Research 计算机科学, 2022, 49(8): 294-305. https://doi.org/10.11896/jsjkx.220500069 |
[6] | 郝志荣, 陈龙, 黄嘉成. 面向文本分类的类别区分式通用对抗攻击方法 Class Discriminative Universal Adversarial Attack for Text Classification 计算机科学, 2022, 49(8): 323-329. https://doi.org/10.11896/jsjkx.220200077 |
[7] | 姜梦函, 李邵梅, 郑洪浩, 张建朋. 基于改进位置编码的谣言检测模型 Rumor Detection Model Based on Improved Position Embedding 计算机科学, 2022, 49(8): 330-335. https://doi.org/10.11896/jsjkx.210600046 |
[8] | 孙奇, 吉根林, 张杰. 基于非局部注意力生成对抗网络的视频异常事件检测方法 Non-local Attention Based Generative Adversarial Network for Video Abnormal Event Detection 计算机科学, 2022, 49(8): 172-177. https://doi.org/10.11896/jsjkx.210600061 |
[9] | 胡艳羽, 赵龙, 董祥军. 一种用于癌症分类的两阶段深度特征选择提取算法 Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification 计算机科学, 2022, 49(7): 73-78. https://doi.org/10.11896/jsjkx.210500092 |
[10] | 程成, 降爱莲. 基于多路径特征提取的实时语义分割方法 Real-time Semantic Segmentation Method Based on Multi-path Feature Extraction 计算机科学, 2022, 49(7): 120-126. https://doi.org/10.11896/jsjkx.210500157 |
[11] | 侯钰涛, 阿布都克力木·阿布力孜, 哈里旦木·阿布都克里木. 中文预训练模型研究进展 Advances in Chinese Pre-training Models 计算机科学, 2022, 49(7): 148-163. https://doi.org/10.11896/jsjkx.211200018 |
[12] | 周慧, 施皓晨, 屠要峰, 黄圣君. 基于主动采样的深度鲁棒神经网络学习 Robust Deep Neural Network Learning Based on Active Sampling 计算机科学, 2022, 49(7): 164-169. https://doi.org/10.11896/jsjkx.210600044 |
[13] | 苏丹宁, 曹桂涛, 王燕楠, 王宏, 任赫. 小样本雷达辐射源识别的深度学习方法综述 Survey of Deep Learning for Radar Emitter Identification Based on Small Sample 计算机科学, 2022, 49(7): 226-235. https://doi.org/10.11896/jsjkx.210600138 |
[14] | 祝文韬, 兰先超, 罗唤霖, 岳彬, 汪洋. 改进Faster R-CNN的光学遥感飞机目标检测 Remote Sensing Aircraft Target Detection Based on Improved Faster R-CNN 计算机科学, 2022, 49(6A): 378-383. https://doi.org/10.11896/jsjkx.210300121 |
[15] | 王建明, 陈响育, 杨自忠, 史晨阳, 张宇航, 钱正坤. 不同数据增强方法对模型识别精度的影响 Influence of Different Data Augmentation Methods on Model Recognition Accuracy 计算机科学, 2022, 49(6A): 418-423. https://doi.org/10.11896/jsjkx.210700210 |
|