DEFINING VARIATION OPERATOR FOR GRAMMAR REACHABILITY SEARCH BASED VULNERABILITIES DETECTION
Abstract
In population-based search algorithm such as Evolutionary Programming (EP), the search process typically involves seeding population of first generation with randomly generated individuals, selecting parents through fitness evaluation, producing offsprings through variation of parents, and selecting parents and offsprings into next generation of candidate solutions. Obviously, the quality of the variation operator is important in leading the search process towards global optimal solution. In this paper, a high-quality variation operator is proposed. The proposed variation operator has the capacity to bias search towards optimal solutions while ensuring adequate balance between exploration and exploitation of the search space so as to facilitate discovery of optimal solutions in fewer number of generations. The proposed variation operator was used in our published work named EPSQLiFix. The proposed variation operator demonstrated high performance. Thus, it can as well be applicable in other related problem domains.
References
Ackling, T., Alexander, B. & Grunert, I. (2011, July 12–16). Evolving patches for software repair. In Proceedings of the 13th Annual Conference on GECCO. Dublin, Ireland: ACM.
Alhijawi, B., & Awajan, A. (2024). Genetic algorithms: Theory, genetic operators, solutions, and applications. Evolutionary Intelligence, 17(3), 1245-1256.
Al-Tashi, Q., Shami, T. M., Abdulkadir, S. J., Akhir, E. A. P., Alwadain, A., Alhussain, H., Alqushaibi, A., Rais, H. M. D., Muneer, A., Saad, M. B., Wu, J., & Mirjalili, S. (2023). Enhanced Multi-Objective Grey Wolf Optimizer with Lévy Flight and Mutation Operators for Feature Selection. Computer Systems Science and Engineering, 47(2), 1937–1966. https://doi.org/10.32604/csse.2023.039788
Arcuri, A. (2008, May 10 - 18). On the automation of fixing software bugs. In Proceedings of the 30th International Conference on Software Engineering. (pp. 1003-1006). Leipzig, Germany: ACM. DOI: 10.1145/1370175.1370223
Arcuri, A. (2011, June). Evolutionary repair of faulty software. Journal of Applied Soft Computing, 11 (4), 3494–3514. DOI: 10.1016/j.asoc.2011.01.023.
Dominguez-Jimenez, J. J., Estero-Botaro, A., Garcia-Domingueze, A. & Medina-Bulo, I. (2011, Octorber). Evolutionary mutation testing. Journal of Information and Software Technology, 53 (10), 1108–1123, doi: org/10.1016/j.infsof.2011.03.008.
Emmanuel, S., Okoye, I., Ezenweke, C., Shobanke, D., & Adeniyi, I. (2022). Estimating nonlinear regression parameters using particle swarm optimization and genetic algorithm. FUDMA Journal Of Sciences, 6(6), 202-213.
Floudas, C. A., & Pardalos, P. M. (2014). Recent advances in global optimization.
Halfond, W. G. J., Orso, A. & Manolios, P. (2006b, November). Using positive tainting and syntax-aware evaluation to counter sql injection attacks. In Proceedings of the of the Symposium on the Foundations of Software Engineering (FSE 2006).
Hidalgo-Herrero, M., Rabanal, P., Rodriguez, I., & Rubio, F. (2013). Comparing problem solving strategies for NP-hard optimization problems. Fundamenta Informaticae, 124(1-2), 1-25.
Jones, J. A, & Harrold, M. J. (2005, November 07-11). Empirical evaluation of the tarantula automatic fault localization technique. In Proceedings of the 20th International Conference on ASE '05. (pp. 273-282). Long Beach, CA: IEEE/ACM. doi: 10.1145/1101908.1101949.
Kumar, R., Memoria, M., Gupta, A., & Awasthi, M. (2021). Critical Analysis of Genetic Algorithm under Crossover and Mutation Rate. Proceedings - 2021 3rd International Conference on Advances in Computing, Communication Control and Networking, ICAC3N 2021, December, 976–980. https://doi.org/10.1109/ICAC3N53548.2021.9725640
Li, W., Liang, P., Sun, B., Sun, Y., & Huang, Y. (2023). Reinforcement learning-based particle swarm optimization with neighborhood differential mutation strategy. Swarm and Evolutionary Computation, 78(February), 101274. https://doi.org/10.1016/j.swevo.2023.101274
Medeiros, I., Neves, N. F., & Correia, M. (2014). Automatic detection and correction of web application vulnerabilities using data mining to predict false positives. In Proceedings of the 23rd International Conference on World Wide Web. (pp. 63-74) New York: IEEE. DOI: 10.1145/2566486.2568024.
Obunadike, G., John, A., & Ismaila, I. (2018). OPTIMIZATION OF K-MODE ALGORITHM FOR DATA MINING USING PARTICLE SWARM OPTIMIZATION. FUDMA JOURNAL OF SCIENCES, 2(3), 24-33.
Umar, K., Sultan, A. B., Zulzalil, H., Admodisastro, N., & Abdullah, M. T. (2018a, July). Formulation of SQL Injection Vulnerability Detection as Grammar Reachability Problem. In 2018 International Conference on Information and Communication Technology for the Muslim World (ICT4M) (pp. 179-184). IEEE Computer Society.
Umar, K., Sultan, A. B., Zulzalil, H., Admodisastro, N., & Abdullah, M. T. (2018b). Comparing Web Vulnerability Scanners with a New Method for SQL Injection Vulnerabilities Detection and Removal EPSQLiFix. International Journal of Engineering & Technology, 7(4.31), 40-45.
Uzunbayir, S., & Kurtel, K. (2024). EvoColony: A Hybrid Approach to Search-Based Mutation Test Suite Reduction Using Genetic Algorithm and Ant Colony Optimization. International Journal of Intelligent Systems and Applications in Engineering, 12(1), 437–449.
Wang, X., Yu, T., Arcaini, P., Yue, T., & Ali, S. (2022). Mutation-based test generation for quantum programs with multi-objective search. In GECCO 2022 - Proceedings of the 2022 Genetic and Evolutionary Computation Conference (Vol. 1, Issue 1). Association for Computing Machinery. https://doi.org/10.1145/3512290.3528869
Yan, L., Li, X., Feng, R., Feng, Z. & Hu, J. (2013, October 29th). Detection method of the second-order SQL injection in web applications. In Proceedings of the Third International Workshop on SOFL+MSVL. (pp. 154–165). Queenstown, New Zealand: Springer. DOI: 10.1007/978-3-319-04915-1_11.
Copyright (c) 2024 FUDMA JOURNAL OF SCIENCES
This work is licensed under a Creative Commons Attribution 4.0 International License.
FUDMA Journal of Sciences
