Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (12): 58-65.doi: 10.11896/jsjkx.221000225

• Computer Software • Previous Articles     Next Articles

Protocol Fuzzing Based on Testcases Automated Generation

XU Wei1, WU Zehui1, WANG Zimu2, LU Li3   

  1. 1 State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China
    2 Beijing Institute of Computer Technology and Applications,Beijing 100854,China
    3 National Engineering Laboratory for Cyber Science and Technology,Zhengzhou 450001,China
  • Received:2022-10-26 Revised:2023-03-19 Online:2023-12-15 Published:2023-12-07
  • About author:XU Wei,born in 1997,postgraduate.His main research interests include reverse engineering and vulnerability mi-ning.
    WU Zehui,born in 1988,Ph.D.His main research interests include software vulnerability and software-defined networking.
  • Supported by:
    National Key R & D Program of China(2019QY0501).

PDF (PC)

1203

Abstract: As a specification for the interaction between devices,network protocols play an important role in computer networks.Vulnerabilities in protocol implementation can cause devices to be attacked remotely,which poses a huge security risk.Fuzzing is an important method to discover security vulnerabilities in programs.Before fuzzing of protocols,it is necessary to conduct reverse analysis on them,and generating high-quality testcases under the guidance of protocol format and state machine model.However,in the above process,testcase generation requires manual construction,and the constructed testcase is difficult to cover the deep level state.To solve these problems,this paper proposes an automated testcases generation technology.Defining testcase generation rules in the template,building complete test paths based on the state transition path generation algorithm,and effectively performing fuzzing on protocol programs.Experimental results show that compared with the current advanced protocol fuzzer Boo-fuzz,the number of effective testcases generated by the proposed method can be increased by 51.8%.It is tested in four real software to verify three open vulnerabilities.At the same time,a new flaw is found and confirmed by developers.

Key words: Network protocol, Fuzzing, Testcase generation, Protocol state detection, Vulnerability discovery

CLC Number: 

  • TP393
[1]MOHURLE S,PATIL M.A brief study of wannacry threat:Ransomware attack 2017[J].International Journal of Advanced Research in Computer Science,2017,8(5):1938-1940.
[2]MILLER B P,FREDRIKSEN L,SO B.An empirical study of the reliability of UNIX utilities[J].Communications of the ACM,1990,33(12):32-44.
[3]SCHUMILO S,ASCHERMANN C,GAWLIK R,et al.{kAFL}:{Hardware-Assisted} Feedback Fuzzing for {OS} Kernels[C]//26th USENIX Security Symposium(USENIX Security 17).2017:167-182.
[4]ZHAO W,XIE F,PENG Y,et al.Security testing methods and techniques of industrial control devices[C]//2013 Ninth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.IEEE,2013:433-436.
[5]ASHRAF I,MA X,JIANG B,et al.GasFuzzer:Fuzzing ethe-reum smart contract binaries to expose gas-oriented exception security vulnerabilities[J].IEEE Access,2020,8:99552-99564.
[6]MICHAEL E.PEACH FUZZER[EB/OL].(2021-03-30)[2022-10-13].https://peachtech.gitlab.io/peach-fuzzer-community.
[7]JOSHUA P.Boofuzz.[EB/OL].(2022-2-12)[2022-10-13].https://github.com/jtpereyda/bo-ofuzz.
[8]PHAM V T,BÖHME M,ROYCHOUDHURY A.AFLNet:a greybox fuzzer for network protocols[C]//2020 IEEE 13th International Conference on Software Testing,Validation and Ve-rification(ICST).IEEE,2020:460-465.
[9]ANDREW S,SVIATOSLAV S,NIKOLAY K,et al.aiohttp[EB/OL].(202-9-16)[2022-10-13].https://github.com/aio-libs/aiohttp.
[10]HAWKES B.Project zero five years of ‘make 0day hard'[EB/OL].(2019-07-15)[2022-10-13].https://i.blackhat.com/USA-19/Thursday/us-19-Hawkes-Project-Zero-Five-Years-Of-Make-0day-Hard.pdf.
[11]ZALEWSKI M.American fuzzy lop[EB/OL].(2014-08-08)[2022-10-13].http://lcamtuf.coredump.cx/afl.
[12]MAX M,FRANCISCO O,JULIAN V,et al.Libfuzzer[EB/OL].(2021-12-19)[2022-10-13].https://github.com/Dor1s/libfuzzer-workshop.
[13]ANESTIS B,DAVID C,KAMIL R,et al.Honggfuzz[EB/OL].(2021-12-19)[2022-10-13].https://github.com/google/honggfuzz.
[14]NEVES N,ANTUNES J,CORREIA M,et al.Using attack injection to discover new vulnerabilities[C]//International Conference on Dependable Systems and Networks(DSN'06).IEEE,2006:457-466.
[15]NATELLA R.Stateafl:Greybox fuzzing for stateful networkservers[J].Empirical Software Engineering,2022,27(7):1-31.
[16]ZOU Y H,BAI J J,ZHOU J,et al.{TCP-Fuzz}:Detecting Memory and Semantic Bugs in {TCP} Stacks with Fuzzing[C]//2021 USENIX Annual Technical Conference(USENIX ATC 21).2021:489-502.
[17]NEWSOME J,BRUMLEY D,FRANKLIN J,et al.Replayer:Automatic protocol replay by binary analysis[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security.2006:311-321.
[18]LIN Z,ZHANG X,XU D.Automatic reverse engineering of data structures from binary execution[C]//Proceedings of the 11th Annual Information Security Symposium.2010.
[19]MA R,ZHENG H,WANG J,et al.Automatic protocol reverse engineering for industrial control systems with dynamic taint analysis[J].Frontiers of Information Technology & Electronic Engineering,2022,23(3):351-360.
[20]BOSSERT G,GUIHÉRY F,HIET G.Towards automated protocol reverse engineering using semantic information[C]//Proceedings of the 9th ACM Symposium on Information,Computer and Communications Security.2014:51-62.
[21]LEITA C,MERMOUD K,DACIER M.Scriptgen:an automated script generation tool for honeyd[C]//21st Annual Computer Security Applications Conference(ACSAC'05).IEEE,2005.
[22]CUI W,KANNAN J,WANG H J.Discoverer:Automatic Protocol Reverse Engineering from Network Traces[C]//USENIX Security Symposium.2007:1-14.
[23]KLEBER S,VAN DER HEIJDEN R W,KARGL F.Messagetype identification of binary network protocols using continuous segment similarity[C]//IEEE Conference on Computer Communications(INFOCOM 2020).IEEE,2020:2243-2252.
[24]LUO J Z,YU S Z.Position-based automatic reverse engineering of network protocols[J].Journal of Network and Computer Applications,2013,36(3):1070-1077.
[25]KARIM F,MAJUMDAR S,DARABI H,et al.LSTM fully convolutional networks for time series classification[J].IEEE Access,2017,6:1662-1669.
[26]NEEDLEMAN S B,WUNSCH C D.A general method applicable to the search for similarities in the amino acid sequence of two proteins[J].Journal of Molecular Biology,1970,48(3):443-453.
[27]LÁDI G,BUTTYÁN L,HOLCZER T.GrAMeFFSI:GraphAnalysis Based Message Format and Field Semantics Inference For Binary Protocols,Using Recorded Network Traffic[J].Infocommunications Journal,2020,12(2):25-33.
[1] ZHUANG Yuan, CAO Wenfang, SUN Guokai, SUN Jianguo, SHEN Linshan, YOU Yang, WANG Xiaopeng, ZHANG Yunhai. Network Protocol Vulnerability Mining Method Based on the Combination of Generative AdversarialNetwork and Mutation Strategy [J]. Computer Science, 2023, 50(9): 44-51.
[2] ZHAO Mingmin, YANG Qiuhui, HONG Mei, CAI Chuang. Smart Contract Fuzzing Based on Deep Learning and Information Feedback [J]. Computer Science, 2023, 50(9): 117-122.
[3] DU Hao, WANG Yunchao, YAN Chenyu, LI Xingwei. Test Cases Generation Techniques for Root Cause Location of Fault [J]. Computer Science, 2023, 50(7): 10-17.
[4] YANG Yahui, MA Rongkuan, GENG Yangyang, WEI Qiang, JIA Yan. Black-box Fuzzing Method Based on Reverse-engineering for Proprietary Industrial Control Protocol [J]. Computer Science, 2023, 50(4): 323-332.
[5] HE Jie, CAI Ruijie, YIN Xiaokang, LU Xuanting, LIU Shengli. Detection of Web Command Injection Vulnerability for Cisco IOS-XE [J]. Computer Science, 2023, 50(4): 343-350.
[6] HUANG Song, DU Jin-hu, WANG Xing-ya, SUN Jin-lei. Survey of Ethereum Smart Contract Fuzzing Technology Research [J]. Computer Science, 2022, 49(8): 294-305.
[7] HU Zhi-hao, PAN Zu-lie. Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing [J]. Computer Science, 2022, 49(5): 318-324.
[8] WANG Tian-yuan, WU Shu-hong, LI Zhao-ji, XIN Hao-guang, LI Xuan, CHEN Yong-le. PGNFuzz:Pointer Generation Network Based Fuzzing Framework for Industry Control Protocols [J]. Computer Science, 2022, 49(10): 310-318.
[9] LI Yi-hao, HONG Zheng, LIN Pei-hong. Fuzzing Test Case Generation Method Based on Depth-first Search [J]. Computer Science, 2021, 48(12): 85-93.
[10] ZHANG Ya-feng, HONG Zheng, WU Li-fa, ZHOU Zhen-ji and SUN He. Protocol State Based Fuzzing Method for Industrial Control Protocols [J]. Computer Science, 2017, 44(5): 132-140.
[11] CHENG Cheng and ZHOU Yan-hui. Findding XSS Vulnerabilities Based on Fuzzing Test and Genetic Algorithm [J]. Computer Science, 2016, 43(Z6): 328-331.
[12] JIANG Peng,CHEN Xin and LI Xuan-dong. Method to Automatic Testcase Generation toward Safety Critical Scenarios of Cyber-physical Systems [J]. Computer Science, 2014, 41(11): 124-127.
[13] . Model Based Automatic Fuzzing Script Generation [J]. Computer Science, 2013, 40(3): 206-209.
[14] LI Chang-rong and WU Di. Research on Application of Network Protocol Parsing Class System Based on Multi-core Optimization [J]. Computer Science, 2013, 40(11): 85-88.
[15] ZHENG Qian-bing,ZHU Pei-dong,WANG Yong-wen,XU Ming. Research on Network Protocol Enhancing Mechanisms Based on Online Social Networks [J]. Computer Science, 2011, 38(6): 81-83.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.