基于多模态表征的移动应用GUI模糊测试框架

GUI模糊测试在提升移动应用可靠性和兼容性方面发挥着关键作用.然而,现有的GUI模糊测试方法大多效率较低,主要原因是这些工作过于粗粒度,仅基于单一模态的特征来整体理解GUI页面,应用状态的过度抽象使得许多细节信息被忽略,导致对GUI状态及小部件的理解不足.为了解决上述问题,本文提出了一种基于多模态表征的移动应用GUI模糊测试框架GUIFuzzer.该框架通过考虑多模态特征,如视觉特征、布局上下特征以及细粒度的元属性特征,来联合推断GUI小部件的语义,然后训练一个多层次奖励驱动的深度强化学习模型来优化GUI事件选择策略,提高模糊测试的效率.我们在大量的真实应用上对所提框架进行评估.实验结果表明,与现有的竞争性基线相比,GUIFuzzer显著地提升了模糊测试的覆盖率.我们还对特定目标的定制化搜索即敏感API触发进行了案例研究,进一步验证了GUIFuzzer框架的实用性.

A GUI Fuzzing Framework for Mobile Apps Based on Multi-modal Representation

GUI fuzzing plays a crucial role in enhancing the reliability and compatibility of mobile apps. However, most existing GUI fuzzing methods are inefficient, mainly because they are coarse-grained, relying solely on single-modal features to understand the GUI pages holistically. The excessive abstraction of app states leads to the neglect of many details, resulting in an insufficient understanding of GUI states and widgets. To address this issue, we propose a GUI fuzzing framework called GUIFuzzer for mobile apps based on multi-modal representation. This framework leverages multi-modal features, such as visual features, layout context features, and fine-grained meta-attribute features, to jointly infer the semantics of GUI widgets. Then, it trains a multi-level reward-driven deep reinforcement learning model to optimize the GUI event selection strategy, thus improving the efficiency of fuzz testing. We evaluate the proposed framework on a large number of real apps. The experimental results show that GUIFuzzer significantly improves the coverage of fuzz testing compared with existing competitive baselines. We also conduct a case study on customized search for specific targets, namely sensitive API triggering, which further demonstrates the practicality of the GUIFuzzer framework.