Intelligent Method for Mutation of Input Cases with Feedback

Cover Page

Cite item

Full Text

Abstract

Relevance. Fuzzing is one of the effective ways to improve the software reliability and is included in the mandatory list of research carried out at the stage of qualification testing according to national standard GOST R 56939-2016. The use of standard mutators reduces the fuzzing process to brute force, which negatively affects the time of incorrect program behavior detection. In this regard, it is important to rationalize the selection of input data, which takes into account the data corpus specifics, as well as the context describing the software response under test and allowing to determine the mutations at the next iteration of testing. Purpose of the research is to increase the efficiency of fuzzing by intellectualizing the standard mutator using neural networks, which takes into account the syntactic and semantic features of the input corpus and uses program feedback.Methods. The methods of analysis and synthesis, theory of algorithms, discrete and computational mathematics, machine learning were used.Result. The advantages and disadvantages of the standard module for AFL fuzzer’s input corpus mutation are considered. The justification of neural network choice with LSTM-architecture as a mechanism that realizes the intelligent control of input corpora’s’ generation and transformation is given. The proposed mutation method is described, which implies the integration of decision making mechanism on the amount and format of necessary mutations to increase the code coverage into the standard mutator, as well as the subsequent refinement of input data by shell-code to check the operability of the fragment that caused abnormal software’s behavior. The scheme of the mutation module is presented, which includes a component of input corporas conversion for generation of program execution traces and a component aimed at concept confirmation and re-call of abnormal software behavior using the generated shell-code.Novelty. Unlike the known ones, the proposed method uses feedback, fixing the software reaction, when forming the data mutation strategy, which determines the scientific novelty of the obtained results.Significance. The proposed solution allows reducing the program testing time while maintaining the code coverage. The results obtained in the research are universal and, in the future, can be used in white, black and gray box fuzzing methods.

About the authors

N. N. Samarin

Research Institute «Kvant»

Email: samarin_nik@mail.ru
ORCID iD: 0009-0007-4911-8471
SPIN-code: 6697-8926

A. V. Tulinova

Research Institute «Kvant»

Email: yarmak.av@ibks.spbstu.ru
ORCID iD: 0000-0002-7121-6031
SPIN-code: 2176-0939

References

  1. Muduli S.K., Roy S. Satisfiability modulo fuzzing: a synergistic combination of SMT solving and fuzzing // Proceedings of the ACM on Programming Languages. 2022. Vol. 6. Iss. OOPSLA2. PP. 1236−1263. doi: 10.1145/3563332. EDN:VUQLTQ
  2. Liu Z., Qian P., Yang J., Liu L., Xu X., He Q., et. al. Rethinking Smart Contract Fuzzing: Fuzzing with Invocation Ordering and I mportant Branch Revisiting // IEEE Transactions on Information Forensics and Security. 2023. Vol. 18. PP. 1237−1251. doi: 10.1109/tifs.2023.3237370. EDN:ZWKGJS
  3. Ерышов В.Г. Фаззинг тестирование. Классификация современных средств фаззинга // Сборник избранных статей по материалам научных конференций ГНИИ "Нацразвитие" Международные научные конференции (Санкт-Петербург, Россия, 26–31 августа 2021 года). СПб.: ГНИИ «Нацразвитие», 2021. С. 287−289. doi: 10.37539/AUG298.2021.94.77.007. EDN:QZILPI
  4. Situ L.-Y., Zuo Z.-Q., Guan L., Wang L.-Z., Li X.-D., Shi J., et. al. Vulnerable Region-Aware Greybox Fuzzing // Journal of Computer Science and Technology. 2021. Vol. 36. Iss. 5. PP. 1212−1228. doi: 10.1007/s11390-021-1196-0. EDN:PAPPKT
  5. Kim S.J., Shon T. Field classification-based novel fuzzing case generation for ICS protocols // The Journal of Supercomputing. 2018. Vol. 74. Iss. 9. PP. 4434−4450. doi: 10.1007/s11227-017-1980-3. EDN:TLEZVS
  6. Wei W., Li X., Zhang B., Li L., Damaševičius R., Scherer R. LSTM-SN: complex text classifying with LSTM fusion social network // The Journal of Supercomputing. 2023. Vol. 79. Iss. 9. PP. 9558−9583. doi: 10.1007/s11227-022-05034-w. EDN:TSXGJI
  7. Bayram F., Aupke P., Bestoun S.A., Kassler A., Theocharis A., Forsman J. DA-LSTM: A dynamic drift-adaptive learning framework for interval load forecasting with LSTM networks // Engineering Applications of Artificial Intelligence. 2023. Vol. 123. P. 106480. doi: 10.1016/j.engappai.2023.106480. EDN:WOXZSB
  8. Pierre A.A., Akim S.A., Semenyo A.K., Babiga B. Peak Electrical Energy Consumption Prediction by ARIMA, LSTM, GRU, ARIMA-LSTM and ARIMA-GRU Approaches // Energies. 2023. Vol. 16. Iss. 12. P. 4739. doi: 10.3390/en16124739. EDN:RKROHA
  9. Singh P., Kumar Ch., Kumar A. Next-LSTM: a novel LSTM-based image captioning technique // International Journal of System Assurance Engineering and Management. 2023. Vol. 14. Iss. 4. PP. 1492−1503. doi: 10.1007/s13198-023-01956-7. EDN:QUOVUU
  10. Wen X., Li W. Wen X. Time Series Prediction Based on LSTM-Attention-LSTM Model // IEEE Access. 2023. Vol. 11. PP. 48322−48331. doi: 10.1109/access.2023.3276628. EDN:ZAABGZ
  11. Ding T., Fu J., Shen R. Research on Multidimensional Mutation Strategy Method of Fuzzing Test // Proceedings of the 40th Chinese Control Conference (CCC, Shanghai, China 26–28 July 2021). Shanghai: IEEE, 2021. PP. 8639−8644. doi: 10.23919/CCC52363.2021.9550435. EDN:MJGBJG
  12. Manès V.J.M., Han H., Han C., Cha S.K., Egele M., Woo M. The Art, Science, and Engineering of Fuzzing: A Survey // IEEE Transactions on Software Engineering. 2021. Vol. 47. Iss. 11. PP. 2312−2331. doi: 10.1109/TSE.2019.2946563. EDN:ZDDKFN


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

This website uses cookies

You consent to our cookies if you continue to use our website.

About Cookies