Test Data Generation for Stateful Network Protocol Fuzzing Using a Rule-Based State Machine 被引量：13

Test Data Generation for Stateful Network Protocol Fuzzing Using a Rule-Based State Machine

导出

摘要 To improve the efficiency and coverage of stateful network protocol fuzzing, this paper proposes a new method, using a rule-based state machine and a stateful rule tree to guide the generation of fuzz testing data. The method first builds a rule-based state machine model as a formal description of the states of a network protocol. This removes safety paths, to cut down the scale of the state space. Then it uses a stateful rule tree to describe the relationship between states and messages, and then remove useless items from it. According to the message sequence obtained by the analysis of paths using the stateful rule tree and the protocol specification, an abstract data model of test case generation is defined. The fuzz testing data is produced by various generation algorithms through filling data in the fields of the data model. Using the rule-based state machine and the stateful rule tree, the quantity of test data can be reduced. Experimental results indicate that our method can discover the same vulnerabilities as traditional approaches, using less test data, while optimizing test data generation and improving test efficiency. To improve the efficiency and coverage of stateful network protocol fuzzing, this paper proposes a new method, using a rule-based state machine and a stateful rule tree to guide the generation of fuzz testing data. The method first builds a rule-based state machine model as a formal description of the states of a network protocol. This removes safety paths, to cut down the scale of the state space. Then it uses a stateful rule tree to describe the relationship between states and messages, and then remove useless items from it. According to the message sequence obtained by the analysis of paths using the stateful rule tree and the protocol specification, an abstract data model of test case generation is defined. The fuzz testing data is produced by various generation algorithms through filling data in the fields of the data model. Using the rule-based state machine and the stateful rule tree, the quantity of test data can be reduced. Experimental results indicate that our method can discover the same vulnerabilities as traditional approaches, using less test data, while optimizing test data generation and improving test efficiency.

作者 Rui Ma Daguang Wang Changzhen Hu Wendong Ji Jingfeng Xue

机构地区 Beijing Key Laboratory of Software Security Engineering Technology

出处《Tsinghua Science and Technology》 SCIE EI CAS CSCD 2016年第3期352-360,共9页 清华大学学报（自然科学版（英文版）

基金 supported by the Key Project of National Defense Basic Research Program of China (No.B1120132031) supported by the Cultivation and Development Program for Technology Innovation Base of Beijing Municipal Science and Technology Commission (No.Z151100001615034)

关键词 FUZZING stateful network protocol test data generation rule-based state machine stateful rule tree fuzzing stateful network protocol test data generation rule-based state machine stateful rule tree

分类号 TP393.04 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献1

1李伟明,张爱芳,刘建财,李之棠.网络协议的自动化模糊测试漏洞挖掘方法[J].计算机学报,2011,34(2):242-255. 被引量：66

二级参考文献2

1刘立芳,霍红卫,王宝树.PHGA-COFFEE:多序列比对问题的并行混合遗传算法求解[J].计算机学报,2006,29(5):727-733. 被引量：11
2魏瑜豪,张玉清.基于Fuzzing的MP3播放软件漏洞发掘技术[J].计算机工程,2007,33(24):158-160. 被引量：28

共引文献65

1潘璠,吴礼发,杜有翔,洪征.协议逆向工程研究进展[J].计算机应用研究,2011,28(8):2801-2806. 被引量：21
2杜有翔,吴礼发,潘璠,洪征.一种基于报文序列分析的半自动协议逆向方法[J].计算机工程,2012,38(19):277-280. 被引量：5
3崔宝江,梁姝瑞,彭思维,郭祎嘉.基于节点克隆的IEEE802.15.4协议动态安全检测技术[J].清华大学学报（自然科学版）,2012,52(10):1500-1506. 被引量：1
4潘璠,洪征,杜有翔,吴礼发.基于递归聚类的报文结构提取方法[J].四川大学学报（工程科学版）,2012,44(6):137-142. 被引量：13
5张钊,唐文,温巧燕.一种基于长度语义约束的报文格式挖掘方法[J].北京邮电大学学报,2012,35(6):55-59. 被引量：4
6黎敏,余顺争.抗噪的未知应用层协议报文格式最佳分段方法[J].软件学报,2013,24(3):604-617. 被引量：16
7罗成,张玉清,王龙,刘奇旭.基于符号表达式的未知协议格式分析及漏洞挖掘[J].中国科学院研究生院学报,2013,30(2):278-284. 被引量：4
8侯莹,洪征,潘璠,吴礼发.基于模型的Fuzzing测试脚本自动化生成[J].计算机科学,2013,40(3):206-209. 被引量：7
9张钊,温巧燕,唐文.协议规范挖掘研究综述[J].计算机工程与应用,2013,49(9):1-9. 被引量：9
10郭严赞,季新生,刘彩霞,刘树新.IMS网络Diameter协议流程漏洞挖掘[J].计算机工程,2013,39(9):6-11. 被引量：2

同被引文献78

1张宝峰,张翀斌,许源.基于模糊测试的网络协议漏洞挖掘[J].清华大学学报（自然科学版）,2009(S2):2113-2118. 被引量：14
2李伟明,于俊清,艾少波.PyFuzzer:自动化高效内存模糊测试方法[J].通信学报,2013,34(S2):64-68. 被引量：3
3尹勇生,胡永华,周干民.PCI扩展ROM机制的实现方法[J].计算机工程与应用,2005,41(10):101-103. 被引量：4
4朱振华,许毅平,周曼丽.网络协议测试生成方法综述[J].计算机工程与应用,2005,41(15):172-175. 被引量：6
5王伟光,丁洪达,曾庆凯.基于形式化描述测试用例生成的研究与实现[J].计算机应用,2008,28(4):1018-1022. 被引量：4
6高峻,徐志大,李健.针对复合文档的Fuzzing测试技术[J].计算机与数字工程,2008,36(12):116-119. 被引量：8
7李伟明,张爱芳,刘建财,李之棠.网络协议的自动化模糊测试漏洞挖掘方法[J].计算机学报,2011,34(2):242-255. 被引量：66
8CHEN Kai,FENG DengGuo,SU PuRui,ZHANG YingJun.Black-box testing based on colorful taint analysis[J].Science China(Information Sciences),2012,55(1):171-183. 被引量：3
9蒲石,陈周国,祝世雄.震网病毒分析与防范[J].信息网络安全,2012(2):40-43. 被引量：43
10彭勇,江常青,谢丰,戴忠华,熊琦,高洋.工业控制系统信息安全研究进展[J].清华大学学报（自然科学版）,2012,52(10):1396-1408. 被引量：175

引证文献13

1张朋辉,田曦,楼康威.基于软硬件协同形式验证的固件漏洞分析技术[J].网络与信息安全学报,2016,2(7):59-68. 被引量：2
2Rui Ma,Shuaimin Ren,Ke Ma,Changzhen Hu,Jingfeng Xue.Semi-valid Fuzz Testing Case Generation for Stateful Network Protocol[J].Tsinghua Science and Technology,2017,22(5):458-468. 被引量：7
3李佳莉,陈永乐,李志,孙利民.基于协议状态图遍历的RTSP协议漏洞挖掘[J].计算机科学,2018,45(9):171-176. 被引量：8
4申莹珠,顾纯祥,陈熹,张协力,卢政宇.基于模型学习的OpenVPN系统脆弱性分析[J].软件学报,2019,30(12):3750-3764. 被引量：4
5张洪泽,洪征,周胜利,冯文博.基于协议状态机遍历的模糊测试优化方法[J].计算机工程与应用,2020,56(4):82-91. 被引量：7
6姜亚光,陈曦,李建彬,闫靖晨,刘曙元,李坤昌.基于LSTM的S7协议模糊测试用例生成方法[J].计算机工程,2021,47(7):183-188. 被引量：4
7李毅豪,洪征,林培鸿.基于深度优先搜索的模糊测试用例生成方法[J].计算机科学,2021,48(12):85-93. 被引量：3
8Pei-Yi Lin,Chia-Wei Tien,Ting-Chun Huang,Chin-Wei Tien.ICPFuzzer:proprietary communication protocol fuzzing by using machine learning and feedback strategies[J].Cybersecurity,2021,4(1):427-441. 被引量：2
9牛胜杰,李鹏,张玉杰.模糊测试技术研究综述[J].计算机工程与科学,2022,44(12):2173-2186. 被引量：2
10杨睿,井靖,戚旭衍,任帅.面向有状态网络协议的模糊测试优化方法[J].信息工程大学学报,2023,24(1):86-92.

二级引证文献37

1李佳莉,陈永乐,李志,孙利民.基于协议状态图遍历的RTSP协议漏洞挖掘[J].计算机科学,2018,45(9):171-176. 被引量：8
2李兴华,钟成,陈颖,张会林,翁健.车联网安全综述[J].信息安全学报,2019,4(3):17-33. 被引量：33
3姜文,刘立康.基于Peach Fuzz的媒体网关安全测试[J].计算机技术与发展,2020,30(5):88-93.
4荆琛,傅晓彤,董伟,赵云飞.基于Q-学习算法的有状态网络协议模糊测试方法研究[J].电子技术应用,2020,46(4):49-52. 被引量：4
5李明琪,张磊,杨哲慜.面向智能路由器远程管理应用的漏洞检测工具[J].计算机应用与软件,2020,37(7):266-274. 被引量：1
6李文轩,尚文利,和晓军,陈春雨,曾鹏.基于改进变异树的工控协议模糊测试用例生成方法[J].计算机应用研究,2020,37(12):3662-3666. 被引量：2
7郭兆,魏长江.基于模型检验的需求不一致研究[J].计算机工程与设计,2021,42(1):127-135. 被引量：1
8毕兴,唐朝京.基于模型检测的TLS协议实现库安全性分析[J].系统工程与电子技术,2021,43(3):839-846. 被引量：6
9张弛,司徒凌云,王林章.物联网固件安全缺陷检测研究进展[J].信息安全学报,2021,6(3):141-158. 被引量：5
10姜亚光,陈曦,李建彬,闫靖晨,刘曙元,李坤昌.基于LSTM的S7协议模糊测试用例生成方法[J].计算机工程,2021,47(7):183-188. 被引量：4

1童国凡.Modeling FMS Using Rule-based Object-oriented Petri Net[J].High Technology Letters,1998,4(1):11-16.
2李健俊,俞先永,刘鹏,姜学峰.广域网整合中Stateful NAT、OSPF双进程相结合的设计与应用[J].计算机系统应用,2010,19(3):133-136. 被引量：2
3华硕P8H77-M PRO主板测试[J].电脑迷,2013(2):18-18.
4蔡光跃,董恩清.遗传算法和蚁群算法在求解TSP问题上的对比分析[J].计算机工程与应用,2007,43(10):96-98. 被引量：28
5潘月秋.如何利用Motif开发GUI[J].经济技术协作信息,2001(2):31-31.
6掌上投影时代[J].科技新时代,2009(1):27-27.
7秦丹阳,Jia Shuang,Yang Songxiang,Wang Erfu,Ding Qun.Research on stateful public key based secure data aggregation model for wireless sensor networks[J].High Technology Letters,2017,23(1):38-47. 被引量：2
8李晓鹏,刘佳.浅论网络计算机安全隐患及漏洞挖掘技术[J].数字技术与应用,2014,32(1):182-183. 被引量：2
9张现周,公伟贵,谭勇刚,任振忠,郭笑天.Quantum key distribution series network protocol with M-classical Bobs[J].Chinese Physics B,2009,18(6):2143-2148. 被引量：3
10Ping Li.Research on the Computer Network Protocol Test Model based on Genetic and Random Walk Algorithm[J].International Journal of Technology Management,2016(8):39-42.

Tsinghua Science and Technology

2016年第3期

浏览历史

内容加载中请稍等...