Computer Science ›› 2022, Vol. 49 ›› Issue (5): 318-324.doi: 10.11896/jsjkx.210300281

• Information Security • Previous Articles     Next Articles

Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing

HU Zhi-hao, PAN Zu-lie   

  1. College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China
    Anhui Province Key Laboratory of Cyberspace Security Situation Awareness and Evaluation,Hefei 230037,China
  • Received:2021-03-29 Revised:2021-07-14 Online:2022-05-15 Published:2022-05-06
  • About author:HU Zhi-hao,born in 1997,postgraduate.His main research interests include network security and fuzzing test.
    PAN Zu-lie,born in 1976,Ph.D,professor.His main research interests include network security,vulnerability disco-very and computer science.
  • Supported by:
    National Key R & D Program of China(2017YFB0802900).

Abstract: At present,targets of network protocol fuzzing tend to be large protocol entities,and traditional testcase filtering me-thods are mainly based on the running status information of the test object.The larger the test object,the longer it takes to execute a single testcase.Therefore,in view of the problems of long invalid execution time and low efficiency in traditional testcase filtering methods for network protocol fuzzing,a testcase filtering method based on QRNN for network protocol fuzzing is proposed according to strong abilities of recurrent neural network models to process and predict sequence data.The method can automatically filter invalid testcases by learning structural characteristics of the network protocol,including the value range of fields and constraint relationships between fields,and reduce the number of testcases executed by the protocol entity.Experimental results show that,compared with traditional testcase filtering methods for network protocol fuzzing,the proposed method can effectively reduce the time cost of network protocol vulnerability discovery and dramatically improve the efficiency of network protocol fuzzing.

Key words: Testcase filtering, QRNN, Network protocol, Fuzzing test, Deep learning

CLC Number: 

  • TP393
[1]LI J,ZHAO B,ZHANG C.Fuzzing:asurvey[J].Cybersecurity,2018,1(1):1-13.
[2]COHEN M B,SNYDER J,ROTHERMEL G.Testing acrossconfigurations:implications for combinatorial testing[J].ACM SIGSOFT Software Engineering Notes,2006,31(6):1-9.
[3]LIANG H,PEI X,JIA X,et al.Fuzzing:State ofthe art[J].IEEE Transactions on Reliability,2018,67(3):1199-1218.
[4]PEACHTEC.Peach[EB/OL].(2017-10-06)[2021-04-17].http://www.peachfuzzer.com/products/peach-platform.
[5]Beyond Security.beSTORM[EB/OL].(2021-04-17)[2021-04-17].https://beyondsecurity.com/solutions/bestorm.html.
[6]PHAM V T,BÖHME M,ROYCHOUDHURY A.AFLNet:agreybox fuzzer for network protocols[C]//2020 IEEE 13th International Conference onSoftware Testing,Validation and Verification(ICST).IEEE,2020:460-465.
[7]LI M L,HUANG H,LU Y L.Test Case Generation Technology Based on Symbol Divideand Conquer Area for Vulnerability Mining[J].Netinfo Security,2020,20(5):39-46.
[8]GONG W,ZHANG G,ZHOU X.Learn to Accelerate Identif-ying New Test Cases in Fuzzing[C]//International Conference on Security,Pri-vacy and Anonymity in Computation,Communication and Storage.Cham:Springer,2017:298-307.
[9]KARAMCHETI S,MANN G,ROSENBERG D.ImprovingGrey-Box Fuzzing by Modeling Program Behavior[J].arXiv:1811.08973,2018.
[10]ZONG P,LV T,WANG D,et al.Fuzzguard:Filteringout un-reachable inputs in directed grey-box fuzzing through deep learning[C]//29th Security Symposium (USENIX).2020:2255-2269.
[11]ZHANG X,LI Z J.Surveyof Fuzz TestingTechnology[J].Computer Science,2016,43(5):1-8,26.
[12]JIANG Y G,CHEN X,LI J B,et al.A FuzzyTest Case Generation Method based on LSTM for S7 Protocol[J].Computer Engineering,2021,47(7):183-188.
[13]ZALEWSKI M.American fuzzy lop[EB/OL].(2017-11-05)[2021-04-17].https://github.com/mirrorer/afl.
[14]LCAMTUF.AFL fuzzing strategies[EB/OL].(2014-08-08)[2021-04-17].https://lcamtuf.blogspot.jp/2014/08/binary-fuzzing-strategies-what-works.html.
[15]SCHMIDHUBER J.Gradient Flow in RecurrentNets:the Difficulty of Learning Long-Term Dependencies[M]//Wiley-IEEE Press,2001.
[16]HOCHREITER S,SCHMIDHUBER J.Long Short-Term Me-mory[J].Neural Computation,1997,9(8):1735-1780.
[17]BRADBURY J,MERITY S,XIONG C,et al.Quasi-recu-rrent neural networks[J].arXiv:1611.01576,2016.
[18]LOU Y X,YUAN W H,PENG R Q.Speech EnhancementMethod Based on Quasi Recurrent Neural Network[J].Computer Engineering,2020,46(4):316-320.
[19]WANG Y,JIA P,LIU L,et al.A systematic reviewof fuzzingbased on machine learning techniques[J].PLoS ONE,2020,15(8):e0237749.
[20]QIU X P.Neural Networks and Deep Learning[M].Beijing:China Machine Press,2020.
[21]ZHOU Y H.Research on Network Protocol Vulnerability Mining Method Based on Deep Learning[D].Chengdu:University of Electronic Science and Technology of China,2020.
[22]XU L L,CHI D X.Machine learning classification strategy for imbalanced data sets[J].Computer Engineeringand Applications,2020,56(24):12-27.
[23]BIND 9[EB/OL].(2004-01-28)[2021-04-17].https://www.isc.org/bind/.
[1] DONG Qi-da, WANG Zhe, WU Song-yang. Feature Fusion Framework Combining Attention Mechanism and Geometric Information [J]. Computer Science, 2022, 49(5): 129-134.
[2] ZHONG Jiang, YIN Hong, ZHANG Jian. Academic Knowledge Graph-based Research for Auxiliary Innovation Technology [J]. Computer Science, 2022, 49(5): 194-199.
[3] JIAO Xiang, WEI Xiang-lin, XUE Yu, WANG Chao, DUAN Qiang. Automatic Modulation Recognition Based on Deep Learning [J]. Computer Science, 2022, 49(5): 266-278.
[4] GAO Yue, FU Xiang-ling, OUYANG Tian-xiong, CHEN Song-ling, YAN Chen-wei. EEG Emotion Recognition Based on Spatiotemporal Self-Adaptive Graph ConvolutionalNeural Network [J]. Computer Science, 2022, 49(4): 30-36.
[5] YAO Xiao-ming, DING Shi-chang, ZHAO Tao, HUANG Hong, LUO Jar-der, FU Xiao-ming. Big Data-driven Based Socioeconomic Status Analysis:A Survey [J]. Computer Science, 2022, 49(4): 80-87.
[6] CAO He-xin, ZHAO Liang, LI Xue-feng. Technical Research of Graph Neural Network for Text-to-SQL Parsing [J]. Computer Science, 2022, 49(4): 110-115.
[7] DOU Zhi, WANG Ning, WANG Shi-jie, WANG Zhi-hui, LI Hao-jie. Sketch Colorization Method with Drawing Prior [J]. Computer Science, 2022, 49(4): 195-202.
[8] LI Peng, YI Xiu-wen, QI De-kang, DUAN Zhe-wen, LI Tian-rui. Heating Strategy Optimization Method Based on Deep Learning [J]. Computer Science, 2022, 49(4): 263-268.
[9] MIAO Xu-peng, ZHOU Yue, SHAO Ying-xia, CUI Bin. GSO:A GNN-based Deep Learning Computation Graph Substitutions Optimization Framework [J]. Computer Science, 2022, 49(3): 86-91.
[10] WANG Mei-ling, LIU Xiao-nan, YIN Mei-juan, QIAO Meng, JING Li-na. Deep Learning Recommendation Algorithm Based on Reviews and Item Descriptions [J]. Computer Science, 2022, 49(3): 99-104.
[11] CHEN Shi-cong, YUAN De-yu, HUANG Shu-hua, YANG Ming. Node Label Classification Algorithm Based on Structural Depth Network Embedding Model [J]. Computer Science, 2022, 49(3): 105-112.
[12] WEN Cheng-yu, FANG Wei-dong, CHEN Wei. Object Initialization in Multiple Object Tracking:A Review [J]. Computer Science, 2022, 49(3): 152-162.
[13] ZHANG Shu-meng, YU Zeng, LI Tian-rui. Transferable Emotion Analysis Method for Cross-domain Text [J]. Computer Science, 2022, 49(3): 218-224.
[14] DENG Wei-bin, ZHU Kun, LI Yun-bo, HU Feng. FMNN:Text Classification Model Fused with Multiple Neural Networks [J]. Computer Science, 2022, 49(3): 281-287.
[15] LI Hao, CAO Shu-yu, CHEN Ya-qing, ZHANG Min. User Trajectory Identification Model via Attention Mechanism [J]. Computer Science, 2022, 49(3): 308-312.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] LIU Yu-cheng, Richard·DING, ZHANG Ying-chao. Research on Pan-real-time Problem of Medical Detection Based on BPNNs Recognition Algorithm[J]. Computer Science, 2018, 45(6): 301 -307 .
[2] LI Shan-shan, CHEN Li, ZHANG Yong-xin and YUAN Ya-ting. Fuzzy Edge Detection Algorithm Based on RPCA[J]. Computer Science, 2018, 45(5): 273 -279 .
[3] WEI Xing-jia, ZHANG Jing-hua,LIU Zeng-fang,LU Dian-jun. Identity Based Aggregate Signature Scheme with Forward Security[J]. Computer Science, 2018, 45(6A): 387 -391 .
[4] GAO Peng, LIU Yun-jiang, GAO Wei-ting, LI Man, CHEN Juan. Double Thresholds DMM Cooperative Spectrum Sensing Algorithm Based on Credibility[J]. Computer Science, 2018, 45(9): 166 -170 .
[5] CUI Tie-jun, LI Sha-sha and WANG Lai-gui. Multi-attribute Decision Making Model Based on Attribute Circle and Application of Reliability Analysis[J]. Computer Science, 2017, 44(5): 111 -115 .
[6] LIU Jin-shuo, JIANG Zhuang-yi, XU Ya-bo, DENG Juan and ZHANG Lan-xin. Multithread and GPU Parallel Schema on Patch-based Multi-view Stereo Algorithm[J]. Computer Science, 2017, 44(2): 296 -301 .
[7] XIONG Cong-cong, HAO Lu-meng, WANG Dan and DENG Xue-chen. Group Search Optimizer Based on Differential Strategies[J]. Computer Science, 2017, 44(2): 250 -256 .
[8] YANG Dan, CHEN Mo and SHEN De-rong. Time-aware Entity Integration Framework in Heterogeneous Information Spaces[J]. Computer Science, 2017, 44(2): 112 -116 .
[9] DU Yi, HE Yang and HONG Mei. Application of Probabilistic Model Checking in Dynamic Power Management[J]. Computer Science, 2018, 45(1): 261 -266 .
[10] ZHANG Hu, WU Yong-ke, YANG Zhi-zhuo and LIU Quan-ming. Community Detection Method Based on Multi-layer Node Similarity[J]. Computer Science, 2018, 45(1): 216 -222 .