摘要
针对大量网络协议存在种种安全漏洞,采用Fuzzy测试可以有效地进行漏洞挖掘.为了提高Fuzzy测试的效率和漏洞挖掘的成功率,设计了启发式的Fuzzy测试方法.通过对待测协议的形式化描述,抽取出协议工作过程.通过对状态转移图的分析以及Fuzzy测试的响应,智能地触发新的测试数据,提高了Fuzzy测试效率.通过对自行设计的样本协议以及两个公开协议漏洞进行测试,漏洞挖掘时间比穷举式的平均缩短了57.3%.
Aiming at various security vulnerabilities on network protocol, Fuzzy test would be an effective way to vulnerability mining. To improve the efficiency of Fuzzy test and the probability of vulnerability mining, this paper designed heuristic Fuzzy test, which was an extracted protocol working process by formal description of test protocol. By analyzing state transition diagrams and Fuzzy test responds, Heuristic Fuzzy test can intelligently trigger the new test data; improve the efficiency of Fuzzy test. Besides it has chosen a designed sam- ple protocol and two classical protocol vulnerabilities for test, the result indicated that it can save 57.3% time on average compared with brute-force type test.
出处
《柳州师专学报》
2014年第1期121-125,共5页
Journal of Liuzhou Teachers College
基金
广西教育厅课题"天线接入网中带宽高效分配方法"(ZL2014094)
关键词
协议漏洞
漏洞挖掘
启发式
FUZZY
形式化
protocol vulnerabilities
vulnerability mining
heuristic method
Fuzzy
formalization
