Yuan LIU,Yong-hui YANG,Chun-rui ZHANG,Wei WANG

DOI: https://doi.org/10.3969/j.issn.0372-2112.2017.03.007

2017-01-01

Abstract:Considering the features of the traditional Fuzzing technology,a method is proposed for Fuzzing test case generating in vulnerability exploiting,which is aimed at nonlinear solution and single input problem.This method takes advantage of the genetic algorithm and deals with those two problems mentioned above.The experiment results show that,the proposed solution has an obvious improvement compared with the early method which generates the test cases randomly.

Bo Shuai,Haifeng Li,Lei Zhang,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.1109/cis.2015.84

2015-01-01

Abstract:In order to solve the problems of traditional Fuzzing technique for software vulnerability detection, a novel method based on code coverage and test cost is proposed. Firstly, static analysis is applied to calculate the code coverage information, including basic block coverage and new block coverage. In addition, test path diversity information is introduced to elevate path coverage, which is achieved based on the sequence alignment algorithm. Secondly, test cost is analyzed respectively from running time and loop structure. The loop structure is simplified using finite expansion manner. Thirdly, the genetic algorithm fitness function is constructed based on the code coverage and test cost to guide the test case generation. Experiments on realistic binary software show that the method could obtain higher vulnerability detection accuracy and efficiency than the traditional Fuzzing technique.

Xinshi Zhou,Bin Wu

DOI: https://doi.org/10.1109/itnec48623.2020.9084765

2020-01-01

Abstract:Web fuzzing has always been an effective way to detect web vulnerabilities. Normally, traditional web fuzzing method mainly use limited test cases or generate test cases based on certain rules, which cause web fuzzing slow and inefficient. To solve this problem, we present improved genetic algorithm with a new mutation method to generate test cases. And the concept of preset functional units is proposed: test cases are divided into different functional units to ensure that the semantic structure will not be damaged during crossover and mutation. The experimental results show that the improved algorithm can generate better test cases than the standard genetic algorithm (SGA) and the adaptive genetic algorithm (AGA) and also detect more web vulnerabilities.

Bo Shuai,Mengjun Li,Haifeng Li,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.1109/CECNet.2013.6703400

2013-01-01

Abstract:In order to solve the problems of traditional Fuzzing technique for software vulnerability detection, this paper proposes a novel method based on genetic algorithm and dynamic taint analysis. First, static analysis is applied to calculate the critical path information, including danger functions, high cyclomatic number functions and loop structures. Second, dynamic taint analysis is introduced to identify the key bytes to reduce the input space. Third, the genetic algorithm fitness function is constructed based on the critical path information to guide the test case generation and the genetic operators are executed on the reduced input space. Experiments show that the method could obtain higher vulnerability detection accuracy and efficiency.

Jun Yang,Guojun Mei,Chen Chen

DOI: https://doi.org/10.1109/ICCCN.2018.8487461

2018-01-01

Abstract:The fuzzy technology based on model constraint is lack of guidance in variation process, and the fuzzy technology based on coverage information has a weak code penetration ability when meeting a complex logic verification, what's more, these two methods' code coverage are deeply dependent on the initial samples, if there are no specific file structure types in the initial samples, the possibility of covering the corresponding code blocks will be very low. This paper proposes a vulnerability mining method based on genetic algorithm and constraint model. The method uses the model constraint technology to create test samples, and uses the fuzzy technology based on coverage information feedback to guide the direction of data variation. Besides that, using genetic algorithm to enrich the diversity of file structure types and combinations among test samples, and generate high-quality test samples gradually at the same time, which can greatly improve the efficiency of fuzzing test.

Xing Zhang,Chao Feng,Bin Zhang,Quan Zhang

2016-01-01

Abstract:Many vulnerabilities in binary program today are caused by particular area which is so-called sensitive area, and it is very important to cover the path to the sensitive area which is called sensitive path in software testing. This paper cares about three main sensitive area and proposed a test case auto generate algorithm with static analysis, dynamic taint analysis and offline symbolic execution. The algorithm can efficiently generate test case which can cover the sensitive path. First, static analysis can locate the sensitive area and find out sensitive area call chain. Then dynamic taint analysis mark key segment in input test case which can avoid status explosion in symbolic execution. Finally offline symbolic execution generates new test case to cover the sensitive area. Experiment results show that the algorithm can cover the sensitive area with less round and cost less time than other popular algorithm.

Guang-Hong Liu,Gang Wu,Zheng Tao,Jian-Mei Shuai,Zhuo-Chun Tang

DOI: https://doi.org/10.1109/ICCIT.2008.9

2008-01-01

Abstract:Fuzzing was successfully used to discover security bugs in popular programs, though released without source code. It becomes a major tool in security analysis, but needs large input space, ineffective. This paper presents a new method for the identification of vulnerabilities in executable program called GAFuzzing (Genetic Algorithm Fuzzing), which combines static and dynamic analysis to extend random Fuzzing. First, it uses static analysis to obtain the structural behavior, interface and interest region of code, then formally describes test requirement. Second, it uses genetic algorithm to intelligently direct test data generation and improve the testing objective. Unlike many software testing tools, our implementation analyzes the executables without source code directly. Our evaluation shows that GAFuzzing is superior to random Fuzzing for vulnerabilty analysis.

Shuping Fan,Baoying Ma,Nianmin Yao,Yan Zhang,Chunyan Xia,Dan Zhang

DOI: https://doi.org/10.1088/1757-899x/719/1/012070

2020-01-01

IOP Conference Series Materials Science and Engineering

Abstract:Test data generation is an important part of software testing. The imbalance of data crossing program branches is often ignored in generating test data. As a result, there is much data crossing some branches while little data crossing other branches. To solve the phenomenon so as to generate test data effectively, we introduce branch balance and program balance in the evolutionary generation of test data. First, the number of individuals crossing the true and false branch of each branch node on the target path are computed. Then, the calculation methods of branch balance and program balance are given. Finally, the fitness value function which considers the change of program balance before and after an individual joining is presented. And an individual that can improve the balance will be retained in the evolution process. Experiments show that our method is better than the other method in running time and success rate.

Yaoyang Liu,Bin Wu

DOI: https://doi.org/10.1109/icmcce51767.2020.00289

2020-01-01

Abstract:Fuzzy testing technology has a good effect in discovering web vulnerabilities, which is incomparable with other security testing technologies. Because of the randomness and unpredictability of its test cases, it can dig out the relevant vulnerabilities comprehensively and systematically. Before that, some researchers proposed to use genetic algorithm to generate test cases to solve the problem of single test cases. However, the test cases generated by genetic algorithm are often of high randomness, and the proportion of effective test cases is relatively low. According to this problem, I proposed to generate test cases based on generative countermeasure network. On the basis of ensuring its randomness, the relevant test cases are generated pertinently. Through relevant experiments, it is proved that the generated confrontation network can generate effective test cases. Compared with the test cases generated by genetic algorithm, its effectiveness is better and more web vulnerabilities can be found.

Xiaoan Bao,Zijian Xiong,Na Zhang,Junyan Qian,Biao Wu,Wei Zhang

DOI: https://doi.org/10.1371/journal.pone.0187471

IF: 3.7

2017-01-01

PLoS ONE

Abstract:The automatic generation of test cases oriented paths in an effective manner is a challenging problem for structural testing of software. The use of search-based optimization methods, such as genetic algorithms (GAs), has been proposed to handle this problem. This paper proposes an improved adaptive genetic algorithm (IAGA) for test cases generation by maintaining population diversity. It uses adaptive crossover rate and mutation rate in dynamic adjustment according to the differences between individual similarity and fitness values, which enhances the exploitation of searching global optimum. This novel approach is experimented and tested on a benchmark and six industrial programs. The experimental results confirm that the proposed method is efficient in generating test cases for path coverage.

Yang Cao,Chunhua Hu,Luming Li

DOI: https://doi.org/10.1109/icrms.2009.5269962

2009-01-01

Abstract:We focus on software reliability with testing coverage, which will grow with increment of the coverage. We expect to improve quality of software testing with it automated. An approach of generating test data for a specific single path is presented in this paper, different from the predicate distance applied by most test data generators based on genetic algorithms. A similarity between the target path and execution path with sub path overlapped is designed as fitness value to evaluate the individuals of a population and drive GA to search the appropriate solutions. Several experiments are taken to examine the effectiveness of the designed fitness function, which evaluate performance of the function with the convergence ability and consumed time. Results show that the function performs well compared with other two typical fitness functions for specific paths.

Chang-An Wei,Yunlong Sheng,Shou-Da Jiang,Jianfeng Wang

2015-01-01

Abstract:In this paper, we present an algorithm for generating combinatorial test suites using Fuzzy Genetic Algorithm (FGA). According to the problem of falling into local optimum of the traditional Genetic Algorithm (GA) method, we introduce the fuzzy control method to select the cross and variation probability adaptively using the entropy and discrete degree in the population, which improves the efficiency and reduces the time of generating the test data. Compared to other well-known algorithms, the final experiment results show the competitiveness of our algorithm both in the test suite size and the running time.

Ming Wan,Shiyan Zhang,Yan Song,Jiangyuan Yao,Hao Luo,Xingcan Cao

DOI: https://doi.org/10.32604/iasc.2021.017214

2021-01-01

Abstract:Due to the lack of security consideration in the original design of industrial communication protocols, industrial fuzzing test which can successfully exploit various potential security vulnerabilities has become one new research hotspot. However, one critical issue is how to improve its testing efficiency. From this point of view, this paper proposes a novel fuzzing test case optimization approach based on improved genetic algorithm for industrial communication protocols. Moreover, a new individual selection strategy is designed as the selection operator in this genetic algorithm, which can be actively engaged in the fuzzing test case optimization process. In this individual selection strategy, the selection operation based on high and low fitness populations is introduced to enhance the individual selection diversity, which can increase the average fitness value of individuals and further improve the efficiency of test cases. In practice, we construct industrial communication data which conforms to Siemens S7 communication protocol to evaluate the proposed approach, and the experimental results show that, the individual fitness value of output population in the improved genetic algorithm is obviously higher than the one in traditional genetic algorithm under the same iteration, and this approach can enhance the efficiency and accuracy of test cases in Siemens S7 fuzzing vulnerability exploiting.

Yan Zhang,Dunwei Gong

DOI: https://doi.org/10.1109/BICTA.2010.5645159

2010-01-01

Abstract:The aim of software testing is to find faults in the program under test. Generating test data which can reveal faults is the core issue. Although existing methods of path-oriented testing can generate test data which traverse target paths, they cannot guarantee that the data find the faults in the program. In this paper, we transform the problem into a multi-objective optimization problem with constrains and propose a method of evolutionary generation of test data for multiple paths coverage with faults detection. First, we establish the mathematical model of this problem and then a strategy based on multi-objective genetic algorithms is given. Finally we apply the proposed method in some programs under test and the experimental results validate that our method can find specified faults effectively. Compared with other methods of test data generation for multiple paths coverage, our method has greater advantage in faults detection and testing efficiency.

JIN Hu,LI Zhishu,ZHANG Lei,LI Baolin,LI Yongjun

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.03.008

2007-01-01

Abstract:Applying GA in automatic test cases generation,followed is the main work:(1)Using control flow path table to analyze the relation between test cases and the executing path;(2)Implementing the GA for automatic test cases generating which is path-oriented,and proving this method can accomplish the equivalent-class subdividing in all the test cases set;(3)In the point of statistics to analyze the error-detecting capability of this method;(4)Doing experiment for validating,which shows a far better performance than a random way.

Xian-zhong ZHOU,Yong-cheng SUN,Jin-long JIANG

DOI: https://doi.org/10.3321/j.issn:1000-1093.2006.06.022

2006-01-01

Abstract:Automatic generation technology of test data is an important field of software test, which is an effective method to promote the efficiency and the effect of software test. In order to ensure that the more frequently used features would be tested more thoroughly, usage model and genetic algorithm were integrated together. One programming model was proposed, in which the optimal objective function was defined as the required test data number for whole software test. The methods to decide the weight of path and to select the target path set were presented. Three key elements, i.e. path weight, path coverage ratio and path approximation level were incorporated for designing the fitness function. An example shows the rationality and validity of the model and the methods.

Mingrui Ma,Lansheng Han,Yekui Qian

DOI: https://doi.org/10.3390/s22031265

2022-02-07

Abstract:As one of the most effective methods of vulnerability mining, fuzzy testing has scalability and complex path detection ability. Fuzzy testing sample generation is the key step of fuzzy testing, and the quality of sample directly determines the vulnerability mining ability of fuzzy tester. At present, the known sample generation methods focus on code coverage or seed mutation under a critical execution path, so it is difficult to take both into account. Therefore, based on the idea of ensemble learning in artificial intelligence, we propose a fuzzy testing sample generation framework named CVDF DYNAMIC, which is based on genetic algorithm and BI-LSTM neural network. The main purpose of CVDF DYNAMIC is to generate fuzzy testing samples with both code coverage and path depth detection ability. CVDF DYNAMIC generates its own test case sets through BI-LSTM neural network and genetic algorithm. Then, we integrate the two sample sets through the idea of ensemble learning to obtain a sample set with both code coverage and vulnerability mining ability for a critical execution path of the program. In order to improve the efficiency of fuzzy testing, we use heuristic genetic algorithm to simplify the integrated sample set. We also innovatively put forward the evaluation index of path depth detection ability (pdda), which can effectively measure the vulnerability mining ability of the generated test case set under the critical execution path of the program. Finally, we compare CVDF DYNAMIC with some existing fuzzy testing tools and scientific research results and further propose the future improvement ideas of CVDF DYNAMIC.

Shun Kun Yang,Fu Ping Zeng

DOI: https://doi.org/10.4028/www.scientific.net/amm.380-384.1464

2013-01-01

Applied Mechanics and Materials

Abstract:In order to realize the adaptive Genetic Algorithms to balance the contradiction between algorithm convergence rate and algorithm accuracy for automatic generation of software testing cases, improved Genetic Algorithms is proposed for different aspects. Orthogonal method and Equivalence partitioning are employed together to make the initial testing population more effective with more reasonable coverage; Genetic operators of Crossover and Mutation is defined adaptively by the dynamic adjustment according to multi-objective Fitness function, which can guide the testing process more properly and realize the biggest testing coverage to find more defects as far as possible. Finally, the improved Genetic Algorithm are compared and analyzed by testing one benchmark program to verify its feasibility and effectiveness.

Chunlai Du,Guizhi Xu,Yanhui Guo,Zhongru Wang,Weiqiang Yu

DOI: https://doi.org/10.3390/math12050745

IF: 2.4

2024-03-02

Mathematics

Abstract:Coverage-guided fuzzing has been widely applied in software error and security vulnerability detection. The fuzzing technique based on AFL (American Fuzzy Loop) is a common coverage-guided fuzzing method. The code coverage during AFL fuzzing is highly dependent on the quality of the initial seeds. If the selected seeds' quality is poor, the AFL may not be able to detect program paths in a targeted manner, resulting in wasted time and computational resources. To solve the problems that the seed selection strategy in traditional AFL fuzzing cannot quickly and effectively generate high-quality seed sets and the mutated test cases cannot reach deeper paths and trigger security vulnerabilities, this paper proposes an attention mechanism-based generative adversarial network (GAN) seed generation approach for vulnerability mining, which can learn the characteristics and distribution of high-quality test samples during the testing process and generate high-quality seeds for fuzzing. The proposed method improves the GAN by introducing fully connected neural networks to balance the competitive adversarial process between discriminators and generators and incorporating attention mechanisms, greatly improving the quality of generated seeds. Our experimental results show that the seeds generated by the proposed method have significant improvements in coverage, triggering unique crashes and other indicators and improving the efficiency of AFL fuzzing.

mathematics

Zhiguo Shi,Liren Zou,Dapeng Tong,Mingqian Wang

DOI: https://doi.org/10.4028/www.scientific.net/amm.321-324.2952

2013-01-01

Applied Mechanics and Materials

Abstract:With people pay more and more attention to component software testing, the generation of test case is as one of the important works of software testing, it becomes a hotspot inevitably. For component software testing, making combination of the testing method based on model and testing method based on Genetic Algorithm, this paper proposes a generating method of test case which based on UML (Unified Modeling Language) activity diagram and Genetic Algorithm, and gives the overall design and implementation steps of the method. Then this paper applies the proposed method to model the adding table business in catering management system, and design test case. The example verifies the feasibility and validity of the method.