期刊文献+

基于强化学习多算法组合模型的智能化模糊测试技术

Intelligent Fuzzing Technology Based on Combination Model of Multiple Reinforcement Learning Algorithms
下载PDF
导出
摘要 随着物联网技术的发展,物联网智能终端得到普及。当前物联网终端固件中存在大量安全漏洞,使用人工的方法对物联网终端设备进行漏洞检测存在极大不便性。目前多采用基于遗传算法的智能化模糊测试技术,使用随机变异数据对待测固件进行自动化测试。针对现有基于遗传算法的模糊测试技术存在的效率低下问题,提出了一种基于多强化学习算法组合的智能化模糊测试模型。该模型利用强化学习算法优化模糊测试变异算子选择策略,通过对不同测试用例智能化选择不同变异算子的方式提高了模糊测试代码覆盖率。通过在LAVA数据集上进行对比实验,综合比较了DDQN、DDPG、TRPO及PPO算法在模型中的表现情况,并与传统模糊测试方法进行比较,结果表明在模糊测试环境下,对于不同的目标程序,不同算法性能存在显著差异,同时基于强化学习的模糊测试方法明显优于传统模糊测试方法,证明了所提模型的可用性及有效性。 With the development of Internet of things technology,intelligent terminals of the Internet of things have gained popularity.At present,there are many security vulnerabilities in the firmware of the Internet of things terminal,and it is very inconvenient to use manual methods to detect the vulnerabilities of the Internet of things terminal equipment.The intelligent fuzzing technology based on genetic algorithms is mainly used,and the firmware to be tested is automatically tested using random variation data.Aiming at the low efficiency of the existing fuzzing technology based on genetic algorithms,this paper proposes an intelligent fuzzing model based on multiple reinforcement learning algorithms.In this model,reinforcement learning algorithms are used to optimize the mutation operator selection strategy of fuzzing and the code coverage of fuzzing is improved by intelligently selecting different mutation operators for different test cases.This paper compares the performance of DDQN,DDPG,TRPO,and PPO algorithms in the model through comparative experiments on LAVA datasets and traditional fuzzing methods.The results show that in the fuzzing environment,there are significant differences in the performance of different algorithms for different target programs and the fuzzing method based on reinforcement learning is obviously superior to the traditional fuzzing method,proving the proposed model’s availability and effectiveness.
作者 许爱东 徐培明 尚进 孙钦东 XU Aidong;XU Peiming;SHANG Jin;SUN Qindong(China Southern Power Grid CSG Electric Power Research Institute,Guangzhou 510663,China;Guangdong Provincial Key Laboratory of Power System Network Security,Guangzhou 510663,China;School of Cyber Security,Xi’an Jiaotong University,Xi’an 710049,China)
出处 《计算机工程与应用》 CSCD 北大核心 2024年第20期284-292,共9页 Computer Engineering and Applications
基金 广东省电力系统网络安全企业重点实验室开放基金(2021-78)。
关键词 物联网终端 强化学习 模糊测试 漏洞发现 Internet of things terminal reinforcement learning fuzzing vulnerability discovery
  • 相关文献

参考文献5

二级参考文献15

  • 1岳彩松,李建华,银鹰.基于Fuzz的MS Office漏洞检测[J].信息安全与通信保密,2007,29(9):111-113. 被引量:4
  • 2刘驰.基于协议分析的漏洞挖掘技术研究[D].北京邮电大学,2011.
  • 3Kim, Hyoung Chun, Young Han Choi and Dong Hoon Lee. Efficient File Fuzz Testing Using Automated Analysis of Binary File Format[J]. Journal of Systems Architecture,2011 (3): 259-268.
  • 4Sutton, Michael and Adam Greene. The Art of File Fore, at Fuzzing[C]. Blackhat USA Conference, 2005.
  • 5梁晓兵.面向二选制程序漏洞挖掘的相关技术研究[D].北京:北京邮电大学,2012.
  • 6张种斌.基于模型检测技术的软件漏洞挖掘方法研究[J].计济南山东大学,2006.
  • 7Luo, Cheng, Yuqing Zhang, Long Wang and Qixu Liu. Automatic Network Protocol Analysis and Vulnerability Discovery Based on Symbolic Expression[J]. Journal of the Graduate School of the Academy of Sciences, 21)13,(2): 278-284.
  • 8Hwang, Seong Oun. Finding Vulnerabilities in Binary Codes Using Tainting/Fuzzing Analysis[J]. In Convergence and Hybrid Information Technology, edited by G. Lee, D. Howard, D. Slezak and Y. S. Hong, 310, 2012(277-286).
  • 9Zhang, Dazhi, Donggang Liu, Yu Lei, David Kung, Christoph Csallner, Nathaniel Nystroin and Wenhua Wang. Simfuzz: Test Case Similarity Directed Deep Fuzzing[J]. Journal of Systems and Software, 2012,(1): 102-111.
  • 10高峻,徐志大,李健.针对复合文档的Fuzzing测试技术[J].计算机与数字工程,2008,36(12):116-119. 被引量:8

共引文献84

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部