Computer Science

Computer Science ›› 2021, Vol. 48 ›› Issue (12): 85-93.doi: 10.11896/jsjkx.200800178

• Computer Software • Previous Articles     Next Articles

Fuzzing Test Case Generation Method Based on Depth-first Search

LI Yi-hao, HONG Zheng, LIN Pei-hong   

  1. Command and Control Engineering College,Army Engineering University of PLA,Nanjing 210000,China
  • Received:2020-08-27 Revised:2020-09-25 Online:2021-12-15 Published:2021-11-26
  • About author:LI Yi-hao,born in 1996,postgraduate.His main research interests include cyberspace security and protocol reverse engineering.
    HONG Zheng,born in 1979,Ph.D,associate professor.His main research in-terests include cyberspace security and protocol reverse engineering.
  • Supported by:
    National Key R&D Program of China (2017YFB0802900).

PDF (PC)

891

Abstract: Fuzzing test is an important method to exploit network protocol vulnerability.Existing fuzzing test methods have some problems such as incomplete path coverage and low efficiency.To solve these problems,this paper proposes a depth-first search based fuzzing test case sgeneration method.The method transforms the state machine into a directed acyclic graph to obtain the state transition paths,and increases the proportion of test cases in the testing messages to improve the fuzzing efficiency.The method includes five stages:merging state transition,eliminating loops,searching state transition paths,marking the same state transitions,and test case guidance based fuzzing test.Firstly,the state transitions which have the same start states and end states are merged.Secondly,according to the depth-first search,the loops in the graph are found,and the state machine is converted into a directed acyclic graph by deleting the edges of the loops.Thirdly,the directed acyclic graph is analyzed for the full path from the initial state to the end state,and the original state machine graph is supplemented with the removed edges using Floyd algorithm to construct the complete test paths,so as to ensure that each state transition in the state machine can be fully tested.Fourthly,repeated state transitions are marked to avoid repeated test of similar state transitions and reduce testing redundancy.Finally,test cases for state transitions are generated,and test cases which may guide the state transition are distributed evenly over the repetitive state transitions to carry out fuzzing test on the target.Experimental results show that the proposed method can achieve higher proportion of valid test cases.

Key words: Depth first search, Fuzzing test, Protocol state machine, Stateful protocol, Vulnerability discovery

CLC Number: 

  • TP398.08
[1]ZHANG X,LI Z J.Survey of Fuzz Testing Technology[J].Computer Science,2016,43(5):1-8,26.
[2]ZHANG H Z,HONG Z,ZHOU S L,et al.A fuzzing optimization method based on protocol state migration traversal[J].Computer Engineering and Applications,2019,56(4):82-91.
[3]Oulu University Secure Programming Group.The PROTOS Project[EB/OL].[2020-08-09].https://www.ee.oulu.fi/research/ouspg/Protos.
[4]EDDINGTON M.PeachFuzzer[EB/OL].[2020-08-09].https://sourceforge.net/projects/peachfuzz.
[5]GitHub.Sulley[EB/OL].(2013-06-11)[2020-08-09].https://github.com/OpenRCE/sulley.
[6]Spike fuzzing platform [EB/OL].[2017-08-11].http://www.immunitysec.com/resourcesfreesoftware.shtml.
[7]SONG C,YU B,ZHOU X,et al.SPFuzz:A Hierarchical Sche- duling Framework for Stateful Network Protocol Fuzzing[J].IEEE Access,2019,7:18490-18499.
[8]LI J L,CHEN Y L,LI Z,et al.Mining RSTP Protocol Vulnerabilities Based on Traversal of Protocol State Graph[J].Compu-ter Science,2018,45(9):171-176.
[9]MA R,WANG D,HU C,et al.Test data generation for stateful network protocol fuzzing using a rule-based state machine[J].Tsinghua Science and Technology,2016,21(3):352-360.
[10]RONG F,CHANG Y.Machine Learning for Black-Box Fuzzing of Network Protocols[C]//Proceedings of the International Conference on Information and Communications Security.2017:621-632.
[11]ZHANG S D,ZHANG L Y.Vulnerability Mining for Network Protocols Based on Fuzzing[C]//Proceedings of the 2014 2nd International Conference on Systems and Informatics.2014:644-648.
[12]HUANG Y,ZOU Q W,FAN K F.Fuzzing test-based vulnerability mining for industrial control network protocol[J].Journal on Communications,2018,39(S2):181-188.
[13]WANG G B,ZHAO J L,CUI B J.Fuzzing method based on field filter and packet repair for GTPv2 protocol[J].Internet of Things,2019,8(100104):1-7.
[14]ZHANG W Y,ZHANG L,MAO J L,et al.An Automated Method of Unknown Protocol Fuzzing Test[J].Computer Science,2020,43(4):653-667.
[15]NEMINATH H,JONATHAN S.Detecting TCP ACK storm attack:a state transition modelling approach[J].IET Networks,2018,7(6):429-434.
[16]BOSSERT G,HIET G,HENIN T.Modelling to simulate botnet command and control protocols for the valuation of network intrusion detection systems[C]//2011 Conference on Network and Information System Security (SAR-SSI).La Rochelle:IEEE,2011:1-8.
[17]ZUO X F,SHEN W J.An Improved Algorithm for Multiple Shortest Path Problem Based on Floyd Algorithm[J].Compu-ter Science,2017,44(5):232-234,267.
[18]MA R,REN S,MA K,et al.Semi-valid Fuzz Testing Case Ge- neration for Stateful Network Protocol[J].Tsinghua Science and Technology,2017,22(5):458-468.
[1] HU Zhi-hao, PAN Zu-lie. Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing [J]. Computer Science, 2022, 49(5): 318-324.
[2] ZHANG Ya-feng, HONG Zheng, WU Li-fa, ZHOU Zhen-ji and SUN He. Protocol State Based Fuzzing Method for Industrial Control Protocols [J]. Computer Science, 2017, 44(5): 132-140.
[3] CHENG Cheng and ZHOU Yan-hui. Findding XSS Vulnerabilities Based on Fuzzing Test and Genetic Algorithm [J]. Computer Science, 2016, 43(Z6): 328-331.
[4] WANG Chen, WU Li-fa, HONG Zheng, ZHENG Cheng-hui and ZHUANG Hong-lin. Domain-specific Algorithm of Protocol State Machine Active Inference [J]. Computer Science, 2015, 42(12): 233-239.
[5] . Model Based Automatic Fuzzing Script Generation [J]. Computer Science, 2013, 40(3): 206-209.
[6] . [J]. Computer Science, 2009, 36(4): 159-162.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.