For Web systems, which are accessible to any machine connected to internet, security is a critical concern. Although security testing can be automated by generating crafted inputs as an attacker would do, solutions to automate the test oracle, i.e., distinguishing correct from incorrect outputs for a given input, remain preliminary. Specifically, previous work has demonstrated the potential of metamorphic testing; indeed, security failures can be determined by metamorphic relations that turn valid inputs into malicious inputs and compare their outputs. However, without further guidance, metamorphic relations should be executed on a very large set of valid inputs, which is time consuming and makes metamorphic testing impractical. Hence, in this study, we propose AIM, an approach that automatically selects inputs to reduce testing costs while preserving vulnerability detection capabilities. AIM includes a clustering-based black box approach, identifying similar inputs based on their security properties. It also presents a novel genetic algorithm able to efficiently select diverse inputs while minimizing their total cost. Further, it contains a problem reduction component to reduce the search space and speed up the minimization process. We evaluated the effectiveness of AIM on two well-known web systems, Jenkins and Joomla. We compared AIM's results with four baselines in security testing. Overall, AIM reduced MRs execution time by 84 percent for Jenkins and 82 percent for Joomla while preserving full vulnerability detection. Furthermore, AIM outperformed all the considered baselines regarding vulnerability coverage. Although it has been tuned to work with Web system inputs, AIM could be applied to minimize metamorphic testing cost in other contexts.

翻译：对于能够被任何联网设备访问的Web系统而言，安全性是至关重要的考量因素。尽管可以通过模拟攻击者行为生成精心构造的输入来实现安全测试自动化，但测试预言（即区分给定输入的正确输出与错误输出）的自动化解决方案仍处于初步阶段。具体而言，已有研究展示了蜕变测试的潜力：通过将有效输入转化为恶意输入并比较其输出，蜕变关系可用于判定安全故障。然而，缺乏进一步指导时，蜕变关系需在极大规模的有效输入集上执行，这既耗时又使蜕变测试失去实用性。为此，本文提出AIM方法，通过自动选择输入来降低测试成本，同时保持漏洞检测能力。AIM包含一种基于聚类的黑盒方法，可根据输入的安全属性识别相似输入；同时提出一种新型遗传算法，能在最小化总成本的同时高效选择多样化输入。此外，该方法还包含问题约简组件以缩小搜索空间并加速最小化过程。我们在两个知名Web系统（Jenkins与Joomla）上评估了AIM的有效性，并将AIM结果与安全测试中的四种基线方法进行了对比。总体而言，AIM在保持完整漏洞检测能力的前提下，使Jenkins和Joomla的蜕变关系执行时间分别减少84%和82%。此外，AIM在漏洞覆盖率方面优于所有基线方法。尽管AIM针对Web系统输入进行了调优，但其原理可应用于其他场景中蜕变测试的成本最小化。