计算机科学 ›› 2021, Vol. 48 ›› Issue (12): 85-93.doi: 10.11896/jsjkx.200800178
李毅豪, 洪征, 林培鸿
LI Yi-hao, HONG Zheng, LIN Pei-hong
摘要: 模糊测试是挖掘网络协议漏洞的重要方法之一。现有的模糊测试方法存在覆盖路径不完全、效率低下等问题。为了解决这些问题,文中提出了基于深度优先搜索的模糊测试用例生成方法,该方法将状态机转换成有向无回路图,以获得状态迁移路径,并通过提高测试用例在发送报文中的占比来提升模糊测试效率。该方法主要包括合并状态迁移、消除循环路径、搜索状态迁移路径、标记重复状态迁移和基于测试用例引导的模糊测试5个阶段。在合并状态迁移阶段,将首尾状态相同的状态迁移进行合并。在消除循环路径阶段,根据深度优先搜索判断图中的循环,并通过删除边将状态机转换成有向无回路图。在搜索状态迁移路径阶段,搜索有向无回路图从初始状态到终止状态的全路径,并对原状态机图使用Floyd算法补充被去除的边构造测试路径,以确保充分测试状态机中的每一个状态迁移。在标记重复状态迁移阶段,对重复状态迁移进行标记,避免对重复的状态迁移进行反复测试,以缩减测试的冗余。在基于测试用例引导的模糊测试阶段,生成针对状态迁移的测试用例,并将测试用例均匀分发到重复的状态迁移上,其中的部分测试用例能够起到引导状态迁移的作用,对被测目标进行模糊测试。实验结果表明,所提方法能够取得更高的有效测试用例比例。
中图分类号:
[1]ZHANG X,LI Z J.Survey of Fuzz Testing Technology[J].Computer Science,2016,43(5):1-8,26. [2]ZHANG H Z,HONG Z,ZHOU S L,et al.A fuzzing optimization method based on protocol state migration traversal[J].Computer Engineering and Applications,2019,56(4):82-91. [3]Oulu University Secure Programming Group.The PROTOS Project[EB/OL].[2020-08-09].https://www.ee.oulu.fi/research/ouspg/Protos. [4]EDDINGTON M.PeachFuzzer[EB/OL].[2020-08-09].https://sourceforge.net/projects/peachfuzz. [5]GitHub.Sulley[EB/OL].(2013-06-11)[2020-08-09].https://github.com/OpenRCE/sulley. [6]Spike fuzzing platform [EB/OL].[2017-08-11].http://www.immunitysec.com/resourcesfreesoftware.shtml. [7]SONG C,YU B,ZHOU X,et al.SPFuzz:A Hierarchical Sche- duling Framework for Stateful Network Protocol Fuzzing[J].IEEE Access,2019,7:18490-18499. [8]LI J L,CHEN Y L,LI Z,et al.Mining RSTP Protocol Vulnerabilities Based on Traversal of Protocol State Graph[J].Compu-ter Science,2018,45(9):171-176. [9]MA R,WANG D,HU C,et al.Test data generation for stateful network protocol fuzzing using a rule-based state machine[J].Tsinghua Science and Technology,2016,21(3):352-360. [10]RONG F,CHANG Y.Machine Learning for Black-Box Fuzzing of Network Protocols[C]//Proceedings of the International Conference on Information and Communications Security.2017:621-632. [11]ZHANG S D,ZHANG L Y.Vulnerability Mining for Network Protocols Based on Fuzzing[C]//Proceedings of the 2014 2nd International Conference on Systems and Informatics.2014:644-648. [12]HUANG Y,ZOU Q W,FAN K F.Fuzzing test-based vulnerability mining for industrial control network protocol[J].Journal on Communications,2018,39(S2):181-188. [13]WANG G B,ZHAO J L,CUI B J.Fuzzing method based on field filter and packet repair for GTPv2 protocol[J].Internet of Things,2019,8(100104):1-7. [14]ZHANG W Y,ZHANG L,MAO J L,et al.An Automated Method of Unknown Protocol Fuzzing Test[J].Computer Science,2020,43(4):653-667. [15]NEMINATH H,JONATHAN S.Detecting TCP ACK storm attack:a state transition modelling approach[J].IET Networks,2018,7(6):429-434. [16]BOSSERT G,HIET G,HENIN T.Modelling to simulate botnet command and control protocols for the valuation of network intrusion detection systems[C]//2011 Conference on Network and Information System Security (SAR-SSI).La Rochelle:IEEE,2011:1-8. [17]ZUO X F,SHEN W J.An Improved Algorithm for Multiple Shortest Path Problem Based on Floyd Algorithm[J].Compu-ter Science,2017,44(5):232-234,267. [18]MA R,REN S,MA K,et al.Semi-valid Fuzz Testing Case Ge- neration for Stateful Network Protocol[J].Tsinghua Science and Technology,2017,22(5):458-468. |
[1] | 黄松, 杜金虎, 王兴亚, 孙金磊. 以太坊智能合约模糊测试技术研究综述 Survey of Ethereum Smart Contract Fuzzing Technology Research 计算机科学, 2022, 49(8): 294-305. https://doi.org/10.11896/jsjkx.220500069 |
[2] | 胡志濠, 潘祖烈. 基于QRNN的网络协议模糊测试用例过滤方法 Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing 计算机科学, 2022, 49(5): 318-324. https://doi.org/10.11896/jsjkx.210300281 |
[3] | 李明磊, 黄晖, 陆余良, 朱凯龙. SymFuzz:一种复杂路径条件下的漏洞检测技术 SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions 计算机科学, 2021, 48(5): 25-31. https://doi.org/10.11896/jsjkx.200600128 |
[4] | 郑建云, 庞建民, 周鑫, 王军. 基于约束推导式的增强型二进制漏洞挖掘 Enhanced Binary Vulnerability Mining Based on Constraint Derivation 计算机科学, 2021, 48(3): 320-326. https://doi.org/10.11896/jsjkx.200700047 |
[5] | 赵赛, 刘昊, 王雨峰, 苏航, 燕季薇. Android组件间通信的模糊测试方法 Fuzz Testing of Android Inter-component Communication 计算机科学, 2020, 47(11A): 303-309. https://doi.org/10.11896/jsjkx.200100122 |
[6] | 李佳莉, 陈永乐, 李志, 孙利民. 基于协议状态图遍历的RTSP协议漏洞挖掘 Mining RTSP Protocol Vulnerabilities Based on Traversal of Protocol State Graph 计算机科学, 2018, 45(9): 171-176. https://doi.org/10.11896/j.issn.1002-137X.2018.09.028 |
[7] | 锁延锋,王少杰,秦宇,李秋香,丰大军,李京春. 工业控制系统的安全技术与应用研究综述 Summary of Security Technology and Application in Industrial Control System 计算机科学, 2018, 45(4): 25-33. https://doi.org/10.11896/j.issn.1002-137X.2018.04.004 |
[8] | 张亚丰,洪征,吴礼发,周振吉,孙贺. 基于状态的工控协议Fuzzing测试技术 Protocol State Based Fuzzing Method for Industrial Control Protocols 计算机科学, 2017, 44(5): 132-140. https://doi.org/10.11896/j.issn.1002-137X.2017.05.024 |
[9] | 程诚,周彦晖. 基于模糊测试和遗传算法的XSS漏洞挖掘 Findding XSS Vulnerabilities Based on Fuzzing Test and Genetic Algorithm 计算机科学, 2016, 43(Z6): 328-331. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.078 |
[10] | 张雄,李舟军. 模糊测试技术研究综述 Survey of Fuzz Testing Technology 计算机科学, 2016, 43(5): 1-8. https://doi.org/10.11896/j.issn.1002-137X.2016.05.001 |
[11] | 李 洋,文中华,伍小辉,劳佳琪. 求最小期望权值强循环规划解 Solving Strong Cyclic Planning with Minimal Expectation Weight 计算机科学, 2015, 42(4): 217-220. https://doi.org/10.11896/j.issn.1002-137X.2015.04.044 |
[12] | 王辰,吴礼发,洪征,郑成辉,庄洪林. 一种基于域知识的协议状态机主动推断算法 Domain-specific Algorithm of Protocol State Machine Active Inference 计算机科学, 2015, 42(12): 233-239. |
[13] | 余莹,李肯立,郑光勇. 一种基于GPU集群的深度优先并行算法设计与实现 Implementation of Depth First Search Parallel Algorithm on Cluster of GPUs 计算机科学, 2015, 42(1): 82-85. https://doi.org/10.11896/j.issn.1002-137X.2015.01.019 |
[14] | 张亚军,李舟军,廖湘科,蒋瑞成,李海峰. 自动化白盒模糊测试技术研究 Survey of Automated Whitebox Fuzz Testing 计算机科学, 2014, 41(2): 7-10. |
[15] | 侯莹,洪征,潘增,吴礼发. 基于模型的Fuzzing测试脚本自动化生成 Model Based Automatic Fuzzing Script Generation 计算机科学, 2013, 40(3): 206-209. |
|