现代电子技术2016,Vol.39Issue(13):84-87,92,5.DOI:10.16652/j.issn.1004-373x.2016.13.021
基于模糊测试的网络协议漏洞挖掘研究
Research on network protocol vulnerability discovery based on fuzz testing
张开便 1董振华 1李喜艳1
作者信息
- 1. 郑州成功财经学院,河南 巩义 451200
- 折叠
摘要
Abstract
Since the network application programs are developed rapidly,and the requirement of network protocol security is continually improveed,the fuzz testing has become the research hotspot. On the basis of summarizing the current research di⁃rection,the identification method and test case generation of network protocol are researched emphatically. The heuristic fuzz testing framework based on parameter weight is proposed according to heuristic search algorithm and probability weights. The existing fuzz testing and vulnerability mining tool Peach is selected for extension,in which the heuristic input tracking technolo⁃gy based on parameter weight is adopted by the data generation module;IDAPRO is used to extract the function′s heuristic fac⁃tor to form the heuristic rules,and then the heuristic rules are used to guide the test case generation process;the transmission order of test cases is determined based on parameter weight. Finally,the commonly⁃used FTP protocol was verified with develop⁃ment tools. The test results verify that the heuristic fuzz testing framework based on parameter weight achieved the expected effect.关键词
网络协议漏洞挖掘/模糊测试/启发式测试用例生成/PeachKey words
network protocol vulnerability discovery/fuzz testing/heuristic test case generation/Peach分类
信息技术与安全科学引用本文复制引用
张开便,董振华,李喜艳..基于模糊测试的网络协议漏洞挖掘研究[J].现代电子技术,2016,39(13):84-87,92,5.
