A Novel Protocol Fuzz Testing Approach

In this paper we are discussing about the fuzz testing of network protocol. Compared with the general software vulnerability mining, the difficulty of using fuzz method to detect the protocol vulnerabilities is that the network protocol is a state machine, and the correctness of the input message has a strong constraint. In order to solve the problems of test message being rejected by the network protocol, a novel method is proposed by introducing the genetic algorithm into the test message generation process. Meanwhile, an improved AC algorithm is applied in the process of packet format identification. Experiments show that the proposed fuzz testing method could achieve effective results.

[1]  Wen Tang,et al.  An effective fuzz input generation method for protocol testing , 2011, 2011 IEEE 13th International Conference on Communication Technology.

[2]  Chengying Mao,et al.  Worst-input mutation approach to web services vulnerability testing based on SOAP messages , 2014 .

[3]  David E. Goldberg,et al.  Genetic algorithms and Machine Learning , 1988, Machine Learning.

[4]  Takashi Sato,et al.  An efficient digital search algorithm by using a double-array structure , 1988, Proceedings COMPSAC 88: The Twelfth Annual International Computer Software & Applications Conference.

[5]  P. Danielsson Euclidean distance mapping , 1980 .

[6]  Tatsuhiro Tsuchiya,et al.  On fault classes and error detection capability of specification-based testing , 2002, TSEM.

[7]  David Lee,et al.  Detecting Communication Protocol Security Flaws by Formal Fuzz Testing and Machine Learning , 2008, FORTE.

[8]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[9]  Jin-hua Li,et al.  Mutation Analysis for Testing Finite State Machines , 2009, 2009 Second International Symposium on Electronic Commerce and Security.

[10]  Qi-wei Li,et al.  Genetic Structure and Diversity of Parental Cultivars Involved in China Mainland Sugarcane Breeding Programs as Inferred from DNA Microsatellites , 2012 .

[11]  Glenford J. Myers,et al.  Art of Software Testing , 1979 .

[12]  Peter Oehlert,et al.  Violating Assumptions with Fuzzing , 2005, IEEE Secur. Priv..

[13]  D. Richard Kuhn Fault classes and error detection capability of specification-based testing , 1999, TSEM.