Efficient protocol client vulnerability mining method and system

A vulnerability discovery and client-side technology, applied in the transmission system, electrical components, etc., can solve the problems of inability to streamline data packet collection, lack of versatility, timeout limit, etc., to improve the ability to resist zero-day vulnerability attacks, enhance The ability to hide vulnerabilities, the effect of improving efficiency and accuracy

Active Publication Date: 2018-07-27
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF6 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The patent for fuzz testing of the industrial control protocol Modbus is CN105721230A. This patent first divides the Modbus protocol domain into static and dynamic parts through expert knowledge, and the dynamic part uses the abnormal variation tree method to construct the test data set. However, the granularity of the patent division is relatively coarse and cannot Realize fine-grained testing; only test the server side, and cannot test the client connected to it; and only for the public Modbus protocol, the method is not universal
The patent for fuzzy testing method of industrial control protocol based on protocol state is CN105763392A, which includes protocol state machine extraction, message sequence library construction, protocol state guidance, test case sending and storage, heartbeat-based abnormality monitoring, and abnormality-causing Test message positioning, but this patent requires a large number of data packet samples to accurately extract the protocol state machine, cannot effectively identify the protocol, and cannot achieve effective testing of the client
[0004] To sum up, there are generally four problems in the existing vulnerability discovery for protocol clients: (1) Universality
Insufficient support for client protocols, most tools can only be tested for public protocols, and cannot be universal; (2) timeout limit
Some communication protocols have obvious session periodicity and short session duration, which makes some test tools unable to respond to client requests in a timely manner; (3) takes a long time
The number of malformed data packets in the current test tool is too large, and it is impossible to streamline the collection of data packets and test efficiently; (4) Inefficiency
The mutation of the whole data field causes a large number of invalid data packets to be rejected in the early data packet simple verification, and cannot reach the internal processing logic of the client

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Efficient protocol client vulnerability mining method and system
  • Efficient protocol client vulnerability mining method and system
  • Efficient protocol client vulnerability mining method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the present invention will be described in detail below in conjunction with the accompanying drawings.

[0030] Such as figure 1 As shown, the efficient protocol client vulnerability discovery system of the present invention first analyzes the protocol data packets, and divides the protocol packets into four types: session-related data fields, data packet length data fields, fixed data fields, Fuzzy test the data domain, and obtain the data domain boundary and data content of the protocol, and then use different processing methods for different data domains according to the obtained data domain division: session-related data domain, according to the rules of the specific protocol under test. Change; packet length data field, obtained by recalculation in the constructed test packet; fixed data field, which remains unchanged in all data packets; fuzzy test...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an efficient protocol client vulnerability mining method and system. The method includes the following steps: protocol structure identification; test data packet generation; test engine; test agent; and test target monitoring, wherein the protocol structure identification is to perform automatic analysis on a protocol data packet based on a gene sequence comparison algorithm in bioinformatics and divide the data packet structure into a session-related data domain, a data packet length data domain, a fixed data domain and a fuzzy test data domain; the test data packet generation is to adopt different processing methods to generate a test data packet based on the data packet structure obtained in the foregoing part; the test engine calls related programs, and the test agent monitors the state of a vulnerability mining system; and the test target monitoring is to save configuration site information for triggering protocol client vulnerabilities, position the datapacket that causes an exception, and finally trigger the type of vulnerability that is triggered. The scheme of the invention is high in test efficiency and accuracy, can discover security vulnerabilities as early as possible, and can take corresponding security remedies.

Description

technical field [0001] The present invention relates to the field of computer network security, and more specifically, to an efficient method and system for discovering loopholes in protocol clients. Background technique [0002] With the increasing popularity of the network, a large number of clients access the network, resulting in an explosive growth in the number of clients, which brings great convenience to daily life, but also poses great security risks. Need a tool that can efficiently test the protocol client, discover the vulnerabilities in the client in time, and take corresponding security remedial measures. The current fuzz testing is mainly concentrated on the server side, resulting in a blind spot in the discovery of client software security vulnerabilities. If a single vulnerability is discovered, it could affect a significant number of client devices. If the vulnerability cannot be discovered in time, once it is exploited by an attacker, it will cause huge ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/14H04L63/1425H04L63/1433H04L69/22H04L67/01
Inventor 周晓军王利明徐震陈凯
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap