Case generation method for semi-legalized fuzz test of network protocol based on finite-state machine

A technology of finite state machine and fuzz testing, which is applied in the direction of software testing/debugging, etc., can solve the problems of insufficient intelligence of test case sets, space growth, and low efficiency of test case sets, so as to avoid redundant test cases, improve quality, The effect of reducing size

Active Publication Date: 2015-11-25
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF8 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The existing test case reduction technology is more aimed at the source code of the program. Such a method is not suitable for network protocol fuzz testing, such as using the invariant of the program to indent the test case. Its prerequisite is to obtain the program source code, which is impossible to achieve in the process of network protocol fuzzing; in terms of improving the quality and efficiency of the generated test case sets, although the formed network protocol fuzzer can perform network protocol fuzzing, but in the testing process due to Using hard-coded methods, such as Peach, ProtoFuzz, etc., resulting in a test case set that is not intelligent enough
In addition, mechanical random mutation will generate a large number of redundant test cases, resulting in inefficient test case sets, and there is a problem that the space of test case sets may experience "explosive" growth

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Case generation method for semi-legalized fuzz test of network protocol based on finite-state machine
  • Case generation method for semi-legalized fuzz test of network protocol based on finite-state machine
  • Case generation method for semi-legalized fuzz test of network protocol based on finite-state machine

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] Embodiment 1. A semi-legalized fuzzy test case generation method based on a finite state machine network protocol includes the following steps:

[0034] Step 1: In the network protocol based on the finite state machine, analyze the protocol interaction process according to the network protocol specification, and construct the network protocol model based on the finite state machine:

[0035] The network protocol model based on finite state machine is P fsm = 0 ,S,M,F,L> ,among them:

[0036] S 0 Represents the initial state of the state set of the finite state machine;

[0037] S={s 0 ,s 1 ,s 2 ,...,s n-1 }, represents the state set of the entire finite state machine, where s 0 ~s n-1 Represents n states;

[0038] M={m 0 ,m 1 ,m 2 ,...,M m-1 }, represents the set of protocol messages that cause the state transition of the finite state machine, where m 0 ~m m-1 Represents m protocol messages;

[0039] F is the state transition function, representing the state transition path (s i ,...

Embodiment 2

[0052] Embodiment 2. According to the above steps in embodiment 1, it can be seen that when the fuzz test sequence of the network protocol state machine is generated for different test sequences, all the state transition paths in the test sequence must go through the semi-legal algorithm, so that As a result, the same state transition path exists between different test sequences. When the semi-legal algorithm constructs the malformed protocol message of the state transition path, too many redundant fuzzing test sequences are generated, resulting in an excessively large number of test sets and test time. Extend the shortcomings such as low quality of the generated test set. In order to avoid this situation, it is necessary to "mark" the state transition path of the network protocol state machine. When generating the fuzz test sequence, determine whether to perform the fuzz test on this state transition path according to the marker, so as to reduce the generated fuzziness. The pu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a case generation method for a semi-legalized fuzz test of a network protocol based on a finite-state machine. The case generation method comprises following steps: analyzing a protocol interaction process based on the network protocol of the finite-state machine and according to a network protocol specification and constructing a network protocol model based on the finite-state machine; establishing the complete test sequence aimed at the finite-state machine, wherein the test sequence is a set composed of all state transition paths of the finite-state machine; constructing a message set of deformity agreements after variation in protocol messages md; sequentially selecting one of the message set of deformity agreements from md as a md used for substituting the complete test sequence in order to obtain one fuzz test sequence related to md so that p fuzz test sequences related to md can be obtained; and finally obtaining all fuzz test sequences from m0 to m(n-1) as cases for the fuzz test. The case generation method is utilized such that cases, with finer granularity, for the fuzzy test of the network protocol can be obtained.

Description

Technical field [0001] The invention belongs to the technical field of network protocol fuzz testing, and specifically relates to a method for generating a network protocol semi-legalized fuzz test case based on a finite state machine. Background technique [0002] Network protocol fuzzing is the most interesting type of fuzzing for security researchers, not only because the vulnerabilities found usually have a higher level of risk, but also because network protocols are widely used in Internet communications, once they are discovered Vulnerabilities, the scope of threats will be very wide. The method of generating network protocol fuzzing test cases is a very critical link in the process of fuzzing. The generation and selection of test cases directly affect the quality of fuzzing. [0003] In terms of fuzzing testing, the invention patent "Method, Apparatus and System for Fuzzing Testing" with application number CN201110391886.3 proposes to input multiple test cases into the targ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
Inventor 胡昌振马锐纪文东薛静锋胡晶晶
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap