Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Software Security Vulnerability Detection Method and System Based on Deep Learning Gradient Guided Mutation

A vulnerability detection and software security technology, applied in neural learning methods, software testing/debugging, error detection/correction, etc., can solve problems such as mutation

Active Publication Date: 2021-08-20
CHECC DATA CO LTD +1
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The present invention provides a method and system for detecting software security vulnerabilities guided by deep learning gradients to solve the bottleneck problem in the existing software security vulnerability mining technology

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software Security Vulnerability Detection Method and System Based on Deep Learning Gradient Guided Mutation
  • Software Security Vulnerability Detection Method and System Based on Deep Learning Gradient Guided Mutation
  • Software Security Vulnerability Detection Method and System Based on Deep Learning Gradient Guided Mutation

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0063] see Figure 1 to Figure 3 , this embodiment provides a method for detecting software security vulnerabilities using deep learning gradient-guided mutation, the method may be implemented by an electronic device, and the electronic device may be a terminal or a server. This method is a mutation-based grey-box fuzzing method, which uses program smoothing technology to calculate gradient information, and program smoothing uses deep neural network to achieve; where, program smoothing technology refers to a given program input, and the output of the program is continuous . The input of this method is the vectorized seed file, and the output is the branch information of all seeds, indicating the probability of the seed passing through each branch. The execution process includes the following steps:

[0064] S101, acquire test cases, and preprocess the acquired test cases, obtain the size of the largest test case in the test cases and the execution path of each test case in th...

no. 2 example

[0101] This embodiment provides a software security vulnerability detection system with deep learning gradient guidance mutation, the software security vulnerability detection system includes a server and a client: wherein,

[0102] Described server is used for obtaining test case, and the test case that obtains is preprocessed, obtains the size of maximum test case in test case and the execution path of each test case in the program under test; Establishes deep neural network model, described The deep neural network model comprises an input layer, an output layer and a plurality of hidden layers between the input layer and the output layer; wherein, the input dimension of the input layer is the size of the maximum test case, and the output layer's The number of output neurons is the total number of the execution path; the test case is vectorized, and the test case is used to train the deep neural network model after vectorization; gradient calculation is performed based on the...

no. 3 example

[0106] This embodiment provides an electronic device, which includes a processor and a memory; at least one instruction is stored in the memory, and the instruction is loaded and executed by the processor, so as to implement the method of the first embodiment.

[0107] The electronic device may have relatively large differences due to different configurations or performances, and may include one or more processors (central processing units, CPU) and one or more memories, wherein at least one instruction is stored in the memory, so The above instructions are loaded by the processor and perform the following steps:

[0108] S101, acquire test cases, and preprocess the acquired test cases, obtain the size of the largest test case in the test cases and the execution path of each test case in the program under test;

[0109] S102, establish a deep neural network model, the deep neural network model includes an input layer, an output layer and a plurality of hidden layers between th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for detecting software security loopholes guided by deep learning gradient variation. The method includes: obtaining test cases and performing preprocessing to obtain the size of the largest test case and the execution of each test case in the program under test. Path; establish a deep neural network model; wherein, the input dimension of the input layer is the size of the largest test case, and the number of output neurons in the output layer is the total number of execution paths; the test case is vectorized, and then the deep neural network is trained using the test case Model; Gradient calculation based on the trained deep neural network model to generate gradient information; Based on the gradient information, test cases are mutated and fuzzy tested to generate test results. The invention adopts the gradient-guided mutation technology, combined with deep learning to assist in the generation of gradient information, and can effectively solve the bottleneck problem in the mining of software security loopholes.

Description

technical field [0001] The invention relates to the technical field of software security loophole detection, in particular to a software security loophole detection method and system for mutation guided by deep learning gradients. Background technique [0002] Fuzzing has become a de facto standard technique for finding software vulnerabilities. However, even current state-of-the-art fuzzers are not very effective at finding hard-to-trigger software bugs. Currently, the existing methods are as follows: [0003] In 2020, Li Minglei of the National University of Defense Technology, through static analysis of the program under test, constructs the function call graph and control flow chart of the program under test, calculates the basic block distances and inserts them into the program under test. During fuzz testing, track and calculate the distance from each test case to the specified target through instrumentation. Based on this distance, the fuzzer computes the seed ener...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36G06F21/57G06N3/08G06N3/04
CPCG06F11/3684G06F21/577G06N3/08G06N3/045
Inventor 陈红松杜彦瑶
Owner CHECC DATA CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products