(武汉大学国家网络安全学院 武汉 中国 430072;武汉大学空天信息安全与可信计算教育部重点实验室 武汉 中国 430072)
关键词:  软件漏洞  模糊测试  敏感区域  神经网络
Sensitive Region Prediction based on Neural Network in Fuzzy Test Algorithm Research
ZHANG Yichen,ZHAO Lei,JIN Yinshan
School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China;Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education, Wuhan University, Wuhan 430072 China
Software vulnerabilities are the root cause of computer security problems. Due to highly efficiency and easy expansion, fuzzy test becomes the most widely used vulnerabilities detection technology. However, previous fuzzy test technology can not deal with highly-structed problems, and has low efficiency on blinding mutation. For these problems, this paper proposes a fuzzy test algorithm based on sensitive region prediction via Neural Network. This method takes the phenomenon of small changing of some regions causing great change on software behavior as starting point. We use the conception of sensitive region and use Neural Network which has great performance on learning data features to detect these regions. After sensitive region detection, this paper uses enhanced learning strategy and optimizes the mutation strategy which improve efficiency and depth of detection. In order to verify the validity of the proposed method, this study was conducted on the programs dealing with three widely used format file as PNG, TIFF and XML, and itshows 8%~20% improvement on fuzzing test coverage which verifies the validity and feasibility of proposed method.
Key words:  software vulnerability  fuzzy test  sensitive region  neural network