计算机科学2024,Vol.51Issue(z1) :852-858.DOI:10.11896/jsjkx.230800078

基于深度强化学习的二进制代码模糊测试方法

Fuzz Testing Method of Binary Code Based on Deep Reinforcement Learning

王栓奇 赵健鑫 刘驰 武伟 刘钊
计算机科学2024,Vol.51Issue(z1) :852-858.DOI:10.11896/jsjkx.230800078
  • NETL
  • NSTL
  • 万方数据

基于深度强化学习的二进制代码模糊测试方法

Fuzz Testing Method of Binary Code Based on Deep Reinforcement Learning

王栓奇 1赵健鑫 2刘驰 2武伟 1刘钊1
扫码查看

作者信息

  • 1. 中国兵器工业信息中心 北京 100089
  • 2. 北京理工大学计算机学院 北京 100081
  • 折叠

摘要

漏洞挖掘是计算机软件安全领域的主要研究方向,其中模糊测试是重要的动态挖掘方法.为解决二进制代码漏洞挖掘中汇编代码体积庞大导致检测既困难又耗时、模糊测试效率低下等问题,提出基于深度强化学习的二进制代码模糊测试方法.首先将模糊测试过程建模为面向强化学习的多步马尔可夫决策过程,通过构建深度强化学习模型辅助模糊测试变异策略选择,实现对变异策略的动态优化.然后设计和搭建基于深度强化学习的二进制代码模糊测试平台,利用AFL实现模糊测试环境,并使用Keras-RL2库和OpenAI Gym框架实现深度强化学习算法和强化学习环境.最后通过实验分析来验证所提方法和测试平台的有效性和适用性,实验结果显示深度强化学习模型能够辅助模糊测试过程快速覆盖更多路径,能够暴露更多漏洞缺陷,显著提高二进制代码漏洞挖掘和定位的效率.

Abstract

Vulnerability mining is the main research direction in the field of computer software security,in which fuzz testing is an important dynamic mining method.In order to solve the problems such as time-consuming and low efficiency of fuzz testing caused by the large volume of assembly code,a novel binary code vulnerability mining technology based on deep reinforcement learning is proposed.The fuzz testing process is modeled as a multi-step Markov decision-making process oriented to reinforce-ment learning.The selection of fuzz testing mutation strategy is optimized by building a deep reinforcement learning model to achieve dynamic optimization.Then design and build a binary code fuzz testing platform based on deep reinforcement learning,use AFL to implement fuzz testing environment,and use Keras RL2 library and OpenAI Gym framework to implement deep rein-forcement learning algorithm and reinforcement learning environment.Finally,the effectiveness and applicability of the proposed method and testing platform are verified through experimental analysis.Experimental results show that the deep reinforcement learning model can assist the fuzz testing process to quickly cover more paths,expose more vulnerabilities and defects,and signifi-cantly improve the efficiency of binary code vulnerability mining and location.

关键词

二进制代码/漏洞挖掘/模糊测试/深度强化学习/测试平台

Key words

Binary code/Vulnerability mining/Fuzz testing/Deep reinforcement learning/Testing platform

引用本文复制引用

基金项目

某大型工业软件研究开发项目(ZQ2020D204007)

出版年

2024
计算机科学
重庆西南信息有限公司(原科技部西南信息中心)

计算机科学

CSTPCDCSCD北大核心
影响因子:0.944
ISSN:1002-137X
参考文献量20
段落导航相关论文