Mainstream software applications and tools are the configurable platforms with an enormous number of parameters along with their values. Certain settings and possible interactions between these parameters may harden (or soften) the security and robustness of these applications against some known vulnerabilities. However, the large number of vulnerabilities reported and associated with these tools make the exhaustive testing of these tools infeasible against these vulnerabilities infeasible. As an instance of general software testing problem, the research question to address is whether the system under test is robust and secure against these vulnerabilities. This paper introduces the idea of ``vulnerability coverage,'' a concept to adequately test a given application for a certain classes of vulnerabilities, as reported by the National Vulnerability Database (NVD). The deriving idea is to utilize the Common Vulnerability Scoring System (CVSS) as a means to measure the fitness of test inputs generated by evolutionary algorithms and then through pattern matching identify vulnerabilities that match the generated vulnerability vectors and then test the system under test for those identified vulnerabilities. We report the performance of two evolutionary algorithms (i.e., Genetic Algorithms and Particle Swarm Optimization) in generating the vulnerability pattern vectors.

中文翻译：

---

漏洞覆盖作为充分性测试标准

主流软件应用程序和工具是具有大量参数及其值的可配置平台。这些参数之间的某些设置和可能的交互可能会加强（或削弱）这些应用程序针对某些已知漏洞的安全性和稳健性。但是，报告的大量漏洞以及与这些工具相关的漏洞使得针对这些漏洞进行详尽测试这些工具变得不可行。作为一般软件测试问题的一个实例，要解决的研究问题是被测系统是否健壮和安全地抵御这些漏洞。本文介绍了“漏洞覆盖率”的概念，这是一个充分测试给定应用程序特定类别漏洞的概念，根据国家漏洞数据库 (NVD) 的报告。派生的想法是利用通用漏洞评分系统 (CVSS) 作为一种手段来衡量进化算法生成的测试输入的适合度，然后通过模式匹配识别与生成的漏洞向量匹配的漏洞，然后对被测系统进行测试。识别的漏洞。我们报告了两种进化算法（即遗传算法和粒子群优化）在生成漏洞模式向量方面的性能。派生的想法是利用通用漏洞评分系统 (CVSS) 作为一种手段来衡量进化算法生成的测试输入的适合度，然后通过模式匹配识别与生成的漏洞向量匹配的漏洞，然后针对这些漏洞测试被测系统。识别的漏洞。我们报告了两种进化算法（即遗传算法和粒子群优化）在生成漏洞模式向量方面的性能。派生的想法是利用通用漏洞评分系统 (CVSS) 作为一种手段来衡量进化算法生成的测试输入的适合度，然后通过模式匹配识别与生成的漏洞向量匹配的漏洞，然后针对这些漏洞测试被测系统。识别的漏洞。我们报告了两种进化算法（即遗传算法和粒子群优化）在生成漏洞模式向量方面的性能。