计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (12): 58-65.doi: 10.11896/jsjkx.221000225

• 计算机软件 • 上一篇    下一篇

基于测试用例自动化生成的协议模糊测试方法

徐威1, 武泽慧1, 王子木2, 陆丽3   

  1. 1 数学工程与先进计算国家重点实验室 郑州 450001
    2 北京计算机技术及应用研究所 北京 100854
    3 网络空间安全技术国家地方联合工程实验室 郑州 450001
  • 收稿日期:2022-10-26 修回日期:2023-03-19 出版日期:2023-12-15 发布日期:2023-12-07
  • 通讯作者: 武泽慧(wuzehui2010@foxmail.com)
  • 作者简介:(1150220930@qq.com)
  • 基金资助:
    国家重点研发计划(2019QY0501)

Protocol Fuzzing Based on Testcases Automated Generation

XU Wei1, WU Zehui1, WANG Zimu2, LU Li3   

  1. 1 State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China
    2 Beijing Institute of Computer Technology and Applications,Beijing 100854,China
    3 National Engineering Laboratory for Cyber Science and Technology,Zhengzhou 450001,China
  • Received:2022-10-26 Revised:2023-03-19 Online:2023-12-15 Published:2023-12-07
  • About author:XU Wei,born in 1997,postgraduate.His main research interests include reverse engineering and vulnerability mi-ning.
    WU Zehui,born in 1988,Ph.D.His main research interests include software vulnerability and software-defined networking.
  • Supported by:
    National Key R & D Program of China(2019QY0501).

PDF (PC)

1181

摘要: 网络协议作为设备之间交互的规范,在计算机网络中发挥着至关重要的作用。协议实体中的漏洞会使设备遭受远程攻击,存在巨大的安全隐患。模糊测试是发现程序中安全漏洞的重要方法。在协议进行模糊测试之前需要对其进行逆向分析,在协议格式以及状态机模型的指导下生成高质量的测试用例。但上述过程中,测试用例生成需要手工构造,并且构造的测试用例难以覆盖深层次状态。针对上述问题,提出了一种自动化的测试用例生成技术。在模板中定义测试用例生成规则,基于状态迁移路径生成算法构建完备的测试路径,有效地对协议程序进行模糊测试。实验结果表明,与当前先进的协议模糊器Boofuzz相比,所提方法的有效测试用例生成数量增加了51.8%。在4个真实软件中进行测试,验证了3个已公开漏洞,同时发现了一个新的缺陷并得到了开发人员的确认。

关键词: 网络协议, 模糊测试, 测试用例生成, 协议状态探测, 漏洞挖掘

Abstract: As a specification for the interaction between devices,network protocols play an important role in computer networks.Vulnerabilities in protocol implementation can cause devices to be attacked remotely,which poses a huge security risk.Fuzzing is an important method to discover security vulnerabilities in programs.Before fuzzing of protocols,it is necessary to conduct reverse analysis on them,and generating high-quality testcases under the guidance of protocol format and state machine model.However,in the above process,testcase generation requires manual construction,and the constructed testcase is difficult to cover the deep level state.To solve these problems,this paper proposes an automated testcases generation technology.Defining testcase generation rules in the template,building complete test paths based on the state transition path generation algorithm,and effectively performing fuzzing on protocol programs.Experimental results show that compared with the current advanced protocol fuzzer Boo-fuzz,the number of effective testcases generated by the proposed method can be increased by 51.8%.It is tested in four real software to verify three open vulnerabilities.At the same time,a new flaw is found and confirmed by developers.

Key words: Network protocol, Fuzzing, Testcase generation, Protocol state detection, Vulnerability discovery

中图分类号: 

  • TP393
[1]MOHURLE S,PATIL M.A brief study of wannacry threat:Ransomware attack 2017[J].International Journal of Advanced Research in Computer Science,2017,8(5):1938-1940.
[2]MILLER B P,FREDRIKSEN L,SO B.An empirical study of the reliability of UNIX utilities[J].Communications of the ACM,1990,33(12):32-44.
[3]SCHUMILO S,ASCHERMANN C,GAWLIK R,et al.{kAFL}:{Hardware-Assisted} Feedback Fuzzing for {OS} Kernels[C]//26th USENIX Security Symposium(USENIX Security 17).2017:167-182.
[4]ZHAO W,XIE F,PENG Y,et al.Security testing methods and techniques of industrial control devices[C]//2013 Ninth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.IEEE,2013:433-436.
[5]ASHRAF I,MA X,JIANG B,et al.GasFuzzer:Fuzzing ethe-reum smart contract binaries to expose gas-oriented exception security vulnerabilities[J].IEEE Access,2020,8:99552-99564.
[6]MICHAEL E.PEACH FUZZER[EB/OL].(2021-03-30)[2022-10-13].https://peachtech.gitlab.io/peach-fuzzer-community.
[7]JOSHUA P.Boofuzz.[EB/OL].(2022-2-12)[2022-10-13].https://github.com/jtpereyda/bo-ofuzz.
[8]PHAM V T,BÖHME M,ROYCHOUDHURY A.AFLNet:a greybox fuzzer for network protocols[C]//2020 IEEE 13th International Conference on Software Testing,Validation and Ve-rification(ICST).IEEE,2020:460-465.
[9]ANDREW S,SVIATOSLAV S,NIKOLAY K,et al.aiohttp[EB/OL].(202-9-16)[2022-10-13].https://github.com/aio-libs/aiohttp.
[10]HAWKES B.Project zero five years of ‘make 0day hard'[EB/OL].(2019-07-15)[2022-10-13].https://i.blackhat.com/USA-19/Thursday/us-19-Hawkes-Project-Zero-Five-Years-Of-Make-0day-Hard.pdf.
[11]ZALEWSKI M.American fuzzy lop[EB/OL].(2014-08-08)[2022-10-13].http://lcamtuf.coredump.cx/afl.
[12]MAX M,FRANCISCO O,JULIAN V,et al.Libfuzzer[EB/OL].(2021-12-19)[2022-10-13].https://github.com/Dor1s/libfuzzer-workshop.
[13]ANESTIS B,DAVID C,KAMIL R,et al.Honggfuzz[EB/OL].(2021-12-19)[2022-10-13].https://github.com/google/honggfuzz.
[14]NEVES N,ANTUNES J,CORREIA M,et al.Using attack injection to discover new vulnerabilities[C]//International Conference on Dependable Systems and Networks(DSN'06).IEEE,2006:457-466.
[15]NATELLA R.Stateafl:Greybox fuzzing for stateful networkservers[J].Empirical Software Engineering,2022,27(7):1-31.
[16]ZOU Y H,BAI J J,ZHOU J,et al.{TCP-Fuzz}:Detecting Memory and Semantic Bugs in {TCP} Stacks with Fuzzing[C]//2021 USENIX Annual Technical Conference(USENIX ATC 21).2021:489-502.
[17]NEWSOME J,BRUMLEY D,FRANKLIN J,et al.Replayer:Automatic protocol replay by binary analysis[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.2006:311-321.
[18]LIN Z,ZHANG X,XU D.Automatic reverse engineering of data structures from binary execution[C]//Proceedings of the 11th Annual Information Security Symposium.2010.
[19]MA R,ZHENG H,WANG J,et al.Automatic protocol reverse engineering for industrial control systems with dynamic taint analysis[J].Frontiers of Information Technology & Electronic Engineering,2022,23(3):351-360.
[20]BOSSERT G,GUIHÉRY F,HIET G.Towards automated protocol reverse engineering using semantic information[C]//Proceedings of the 9th ACM Symposium on Information,Computer and Communications Security.2014:51-62.
[21]LEITA C,MERMOUD K,DACIER M.Scriptgen:an automated script generation tool for honeyd[C]//21st Annual Computer Security Applications Conference(ACSAC'05).IEEE,2005.
[22]CUI W,KANNAN J,WANG H J.Discoverer:Automatic Protocol Reverse Engineering from Network Traces[C]//USENIX Security Symposium.2007:1-14.
[23]KLEBER S,VAN DER HEIJDEN R W,KARGL F.Messagetype identification of binary network protocols using continuous segment similarity[C]//IEEE Conference on Computer Communications(INFOCOM 2020).IEEE,2020:2243-2252.
[24]LUO J Z,YU S Z.Position-based automatic reverse engineering of network protocols[J].Journal of Network and Computer Applications,2013,36(3):1070-1077.
[25]KARIM F,MAJUMDAR S,DARABI H,et al.LSTM fully convolutional networks for time series classification[J].IEEE Access,2017,6:1662-1669.
[26]NEEDLEMAN S B,WUNSCH C D.A general method applicable to the search for similarities in the amino acid sequence of two proteins[J].Journal of Molecular Biology,1970,48(3):443-453.
[27]LÁDI G,BUTTYÁN L,HOLCZER T.GrAMeFFSI:GraphAnalysis Based Message Format and Field Semantics Inference For Binary Protocols,Using Recorded Network Traffic[J].Infocommunications Journal,2020,12(2):25-33.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发