基于深度强化学习的二进制代码模糊测试方法  

作　　者：王栓奇 赵健鑫 刘驰 武伟 刘钊 WANG Shuanqi;ZHAO Jianxin;LIU Chi;WU Wei;LIU Zhao(Information Center of China North Industries Group Corporation,Beijing 100089,China;School of Computer Science,Beijing Institute of Technology,Beijing 100081,China)

机构地区：[1]中国兵器工业信息中心,北京100089 [2]北京理工大学计算机学院,北京100081

出　　处：《计算机科学》2024年第S01期852-858,共7页Computer Science

基　　金：某大型工业软件研究开发项目(ZQ2020D204007)。

摘　　要：漏洞挖掘是计算机软件安全领域的主要研究方向,其中模糊测试是重要的动态挖掘方法。为解决二进制代码漏洞挖掘中汇编代码体积庞大导致检测既困难又耗时、模糊测试效率低下等问题,提出基于深度强化学习的二进制代码模糊测试方法。首先将模糊测试过程建模为面向强化学习的多步马尔可夫决策过程,通过构建深度强化学习模型辅助模糊测试变异策略选择,实现对变异策略的动态优化。然后设计和搭建基于深度强化学习的二进制代码模糊测试平台,利用AFL实现模糊测试环境,并使用Keras-RL2库和OpenAI Gym框架实现深度强化学习算法和强化学习环境。最后通过实验分析来验证所提方法和测试平台的有效性和适用性,实验结果显示深度强化学习模型能够辅助模糊测试过程快速覆盖更多路径,能够暴露更多漏洞缺陷,显著提高二进制代码漏洞挖掘和定位的效率。Vulnerability mining is the main research direction in the field of computer software security,in which fuzz testing is an important dynamic mining method.In order to solve the problems such as time-consuming and low efficiency of fuzz testing caused by the large volume of assembly code,a novel binary code vulnerability mining technology based on deep reinforcement learning is proposed.The fuzz testing process is modeled as a multi-step Markov decision-making process oriented to reinforcement learning.The selection of fuzz testing mutation strategy is optimized by building a deep reinforcement learning model to achieve dynamic optimization.Then design and build a binary code fuzz testing platform based on deep reinforcement learning,use AFL to implement fuzz testing environment,and use Keras RL2 library and OpenAI Gym framework to implement deep reinforcement learning algorithm and reinforcement learning environment.Finally,the effectiveness and applicability of the proposed method and testing platform are verified through experimental analysis.Experimental results show that the deep reinforcement learning model can assist the fuzz testing process to quickly cover more paths,expose more vulnerabilities and defects,and significantly improve the efficiency of binary code vulnerability mining and location.

关 键 词：二进制代码 漏洞挖掘 模糊测试 深度强化学习 测试平台 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]