Although the security testing of Web systems can be automated by generating crafted inputs, solutions to automate the test oracle, i.e., vulnerability detection, remain difficult to apply in practice. Specifically, though previous work has demonstrated the potential of metamorphic testing, security failures can be determined by metamorphic relations that turn valid inputs into malicious inputs, metamorphic relations are typically executed on a large set of inputs, which is time-consuming and thus makes metamorphic testing impractical. We propose AIM, an approach that automatically selects inputs to reduce testing costs while preserving vulnerability detection capabilities. AIM includes a clustering-based black-box approach, to identify similar inputs based on their security properties. It also relies on a novel genetic algorithm to efficiently select diverse inputs while minimizing their total cost. Further, it contains a problem-reduction component to reduce the search space and speed up the minimization process. We evaluated the effectiveness of AIM on two well-known Web systems, Jenkins and Joomla, with documented vulnerabilities. We compared AIM's results with four baselines involving standard search approaches. Overall, AIM reduced metamorphic testing time by 84% for Jenkins and 82% for Joomla, while preserving the same level of vulnerability detection. Furthermore, AIM significantly outperformed all the considered baselines regarding vulnerability coverage.

翻译：尽管通过生成构造性输入可实现Web系统安全测试的自动化，但自动化测试预言（即漏洞检测）的解决方案在实践中仍难以应用。具体而言，尽管先前研究已证明蜕变测试的潜力——通过将有效输入转化为恶意输入的蜕变关系来判定安全故障，但蜕变关系通常需在大量输入集上执行，这一过程耗时严重，导致蜕变测试难以实际应用。本文提出AIM方法，通过自动选择输入在保持漏洞检测能力的同时降低测试成本。AIM包含基于聚类的黑盒方法，可根据安全属性识别相似输入；同时采用新型遗传算法高效选择多样化输入并最小化总成本；此外还引入问题归约组件以缩减搜索空间并加速最小化进程。我们在两个已知漏洞的典型Web系统（Jenkins与Joomla）上评估AIM的有效性，并与四种基于标准搜索方法的基线进行对比。总体而言，AIM将Jenkins的蜕变测试时间降低84%，Joomla降低82%，同时保持同等漏洞检测水平。此外，在漏洞覆盖率方面AIM显著优于所有对比基线。