Обзор исследований по применению методов машинного обучения для повышения эффективности фаззинг-тестирования

Александр Васильевич Козачок; Василий Иванович Козачок; Наталья Сергеевна Осипова; Дмитрий Владимирович Пономарев

doi:10.17308/sait.2021.4/3800

Authors

V. Kozachok Academy of the Federal Guard Service of the Russian Federation https://orcid.org/0000-0002-6501-2008 (unauthenticated)
Vasiliy I. Kozachok Academy of the Federal Guard Service of the Russian Federation https://orcid.org/0000-0001-5384-2269 (unauthenticated)
Natalya S. Osipova Academy of the Federal Guard Service of the Russian Federation https://orcid.org/0000-0002-4878-0865 (unauthenticated)
Dmitriy V. Ponomarev LLC NTS «Phobos-NT» https://orcid.org/0000-0003-4912-500X (unauthenticated)

DOI:

https://doi.org/10.17308/sait.2021.4/3800

Keywords:

information security, software vulnerabilities, fuzzing testing, machine learning

Abstract

This article provides a detailed overview of existing research on the application of machine learning methods to improve the efficiency of fuzzing testing. Fuzzing testing technology was invented in 1988 but has been largely forgotten over time. Two important trends in the development of the modern software industry allow you to look at this technology in a new way. On the one hand, with the constant increase in the volume and complexity of software, any automatic error detection and quality control tools can be useful and in demand. On the other hand, the continuous growth of the performance of modern computing systems makes it possible to effectively solve more and more complex computing problems. Improving the efficiency of fuzzing testing is an urgent problem in the field of information security, which is confirmed by the guidance documents of the Federal Service for Technical and Export Control of Russia on safe software development. By integrating fuzzing testing into the code development process, you can identify bugs and vulnerabilities at an early stage of development. The article discusses the key problems characteristic of various types of existing fuzzers, as well as presents the existing options for overcoming them and their disadvantages. The article also discusses the current approaches to the application of machine learning methods at various stages of fuzzing testing with real examples of the work of foreign scientists. A comparative analysis of existing works on this topic was made and conclusions were drawn that clearly demonstrate the increase in fuzzing efficiency when using machine learning methods. Fuzzing efficiency was assessed in two directions: the effectiveness of using machine learning for fuzzing, and also improving the ability to detect vulnerabilities. The article also proposes topical directions for the implementation of machine learning methods in order to increase the efficiency of fuzzing testing.

Author Biographies

V. Kozachok, Academy of the Federal Guard Service of the Russian Federation

DSc in Technical Sciences, associate professor, employee, Academy of the Federal Guard Service of the Russian Federation
Vasiliy I. Kozachok, Academy of the Federal Guard Service of the Russian Federation

DSc in Social Science, employee, Academy of the Federal Guard Service of the Russian Federation
Natalya S. Osipova, Academy of the Federal Guard Service of the Russian Federation

employee, Academy of the Federal Guard Service of the Russian Federation
Dmitriy V. Ponomarev, LLC NTS «Phobos-NT»

technical director, LLC NTS «Phobos-NT»