| As the Internet technology gathers momentum,various software has become an indispensable ingredient of folks’ daily lives,software security issues have attracted extensive attention from security researchers worldwide in recent years,and have led to many major incidents.Fuzzy testing is one of the most effective methods in software vulnerability mining and has become a research hotspot in the security domain in latest years.However,traditional fuzzy testing methods usually use a fixed type of variation operator\stack size,and select the variation operator\stack size based on a fixed probability,without taking into account the dynamic changes in the efficiency of different variation operators\stack size during fuzzy testing,which seriously affects the overall efficiency of fuzzy testing.To address the above problems,this paper proposes a fuzzy testing variational operator scheduling optimization strategy,which mainly includes an improved artificial bee colony algorithm and variational operator/stack size adjustment method.Specific improvements were made as follows.An improved artificial bee colony algorithm is proposed to dynamically adjust the variation operator\stack size selection probability in use,and an adaptation degree value calculation method and a bee colony search method are proposed for the variation scheduling target scenario.Among them,the adaptation degree value calculation method integrates the colony homogeneous fuzzy difficulty and the recent colony efficiency,so that the adaptation degree value becomes a scale for the horizontal and vertical comparison of the colony efficiency.A colony search method is proposed for fuzzy test scenarios where colony exploitation is greater than exploration,which appropriately attenuates the randomness of exploration,accelerates the convergence of the solution set,and reduces the probability of fuzzy test random exploration to exploit inefficient honey sources.A method of dynamically selecting variation operators\stack size is proposed to improve the effectiveness of fuzzy test variation generation test cases.The variation operator adjustment method actively discards long-term inefficient solutions and restarts the eliminated variation operators at the right time;the stack size adjustment method discards inefficient solutions at the right time and uses heuristic search to select new stack sizes in the solution space.These adjustment methods can effectively solve the problem that traditional fuzzy testers select inefficient variation operators\stack size to generate a large number of redundant use cases.A fuzzy testing system Trends AFL is designed and implemented based on the above proposed strategy,and experiments are conducted to compare it with more popular fuzzy testers in real programs.The results show that the above strategy can improve the number of path coverage and the number of unique crashes of fuzzy tests,which validates the efficiency and excellence of the strategy proposed in this paper.Finally,a single control experiment is designed for the improvement in variation operator\stack size,respectively,to validate the usefulness of the improved method. |
PDF Full Text Request