摘要
随着互联网的发展,暴露的安全漏洞不断增多。随着人工智能的不断发展,用深度学习的方法来进行漏洞检测成为热门研究。但是,这类方法相较于传统的模糊测试等方法误报较多,且由于模型可能会学习到较多的训练集上的特征,泛化性较差。因此,提出一种通过相似性漏洞检测和定向模糊测试相结合的方法,通过切片程序定位敏感点并获得代码切片,用于模型训练和检测,从而用模型检测的结果来指导模糊测试。实验结果表明,提出的方法具有良好的效果。
With the development of the Internet,more and more security vulnerabilities have been exposed.With the development of artificial intelligence,vulnerability detection using deep learning method has become a hot research field.However,compared with the traditional fuzzy testing methods,this kind of method will have more false positives,and because the model may learn more features on the training set,the generalization will be poor.In this paper,a method combining similarity vulnerability detection and directed fuzzy testing is proposed.The sensitive points are located by slicing program and code slices are obtained for model training and detection.The results of model checking are used to guide fuzzy testing.Experimental results indicate that the proposed method has good effect.
作者
宁馨
易平
NING Xin;YI Ping(Shanghai Jiao Tong University,Shanghai 200240,China)
出处
《通信技术》
2021年第2期430-436,共7页
Communications Technology
基金
国家重点研发计划(No.2019YFB1405000,2017YFB0802900)。
关键词
漏洞检测
深度学习
代码切片
模糊测试
vulnerability detection
deep learning
code slice
fuzzing
