| With the blowout development of the Internet,the computer program has changed from the traditional stand-alone mode to the networking mode,The network server program acts as the background data provider of these networking applications,and the network server has become an important part of the Internet ecosystem that is not available.Once the loopholes in the network server program are used by criminals,it will cause a lot of losses to the government and enterprise network platform.Grey box fuzzy testing technology has been used in vulnerability mining of network server programs.It is of great practical significance to improve the efficiency of vulnerability mining of network server programs.In the vulnerability mining scenario oriented to network server,the existing grey box fuzzy testing tools,because the network server has a module to parse the format of protocol messages,lead to inefficient growth of the overall path coverage of grey box fuzzy testing,which further leads to the bottleneck of the validity value identification of test cases.In the seed mutation process,the existing fuzzy test tools select the scheduling mutation operator by random,which results in a low number of effective test cases.In this paper,the value recognition methods of various test cases and the selection scheduling strategy of mutation operator adjusted by the value of test cases are studied in the scenario of network server program,and a set of grey box fuzzy test system for network server program is designed and implemented.The main research results are as follows:(1)In the scenario of network server program,the value recognition of test cases is stuck in the bottleneck in the test feedback stage of grey box fuzzy testing,this paper proposes a test case value recognition enhancement strategy based on multiple value identification indicators.In this paper,the traditional value identification criteria for valid test cases are retained,that is,test cases that cause program crashes and test cases that cover new path branches are identified as valuable test cases.In this paper,in the grey box fuzzy test scenario of network server program,the message format compliance of test cases is used as the value identification index of test cases.The value recognition index of the message format compliance of test cases is used to identify the value of test cases when the grey box fuzzy testing tool is stuck in the bottleneck of path branch exploring,which enhances the test case value recognition ability of the grey box fuzzy tester in the test feedback stage in the network server scenario.(2)In order to increase the number of effective test cases generated by grey box fuzzy testing in the mutation stage,this paper proposes a mutation operator scheduling algorithm based on reinforcement learning algorithm and test case value.In this paper,the scheduling of mutation operator is regarded as a decision problem of multi-arm slot machine in reinforcement learning.The value of test cases is used to calculate the reward value of each mutation operator action,and then the expected value of mutation operator is calculated through the reward value and scheduling frequency.In this paper,the fuzzy RVMO-AFL is implemented by using the mutation operator scheduling algorithm based on reinforcement learning algorithm and test case value.(3)In order to meet the demand of platform-based grey box fuzzy test for network server,this paper designs and implements a grey box fuzzy test system for network server.Based on browser-server(B-S)architecture,the system provides grey box fuzzy test service of network server program through the form of web page.The system includes input module,preprocessing module,dynamic test module,result display module and control module.The system uses Redis,MySQL and Minio for data storage and file storage,and Docker technology for unified environment deployment. |
PDF Full Text Request