Intelligent Method for Mutation of Input Cases with Feedback

Abstract

Relevance. Fuzzing is one of the effective ways to improve the software reliability and is included in the mandatory list of research carried out at the stage of qualification testing according to national standard GOST R 56939-2016. The use of standard mutators reduces the fuzzing process to brute force, which negatively affects the time of incorrect program behavior detection. In this regard, it is important to rationalize the selection of input data, which takes into account the data corpus specifics, as well as the context describing the software response under test and allowing to determine the mutations at the next iteration of testing. Purpose of the research is to increase the efficiency of fuzzing by intellectualizing the standard mutator using neural networks, which takes into account the syntactic and semantic features of the input corpus and uses program feedback.Methods. The methods of analysis and synthesis, theory of algorithms, discrete and computational mathematics, machine learning were used.Result. The advantages and disadvantages of the standard module for AFL fuzzer’s input corpus mutation are considered. The justification of neural network choice with LSTM-architecture as a mechanism that realizes the intelligent control of input corpora’s’ generation and transformation is given. The proposed mutation method is described, which implies the integration of decision making mechanism on the amount and format of necessary mutations to increase the code coverage into the standard mutator, as well as the subsequent refinement of input data by shell-code to check the operability of the fragment that caused abnormal software’s behavior. The scheme of the mutation module is presented, which includes a component of input corporas conversion for generation of program execution traces and a component aimed at concept confirmation and re-call of abnormal software behavior using the generated shell-code.Novelty. Unlike the known ones, the proposed method uses feedback, fixing the software reaction, when forming the data mutation strategy, which determines the scientific novelty of the obtained results.Significance. The proposed solution allows reducing the program testing time while maintaining the code coverage. The results obtained in the research are universal and, in the future, can be used in white, black and gray box fuzzing methods.