信息安全研究2024,Vol.10Issue(1):40-47,8.DOI:10.12379/j.issn.2096-1057.2024.01.07
基于静态分析和模糊测试的路由器漏洞检测方法
Router Vulnerability Detection Method Based on Static Analysis and Fuzzing
摘要
Abstract
Network attacks targeting router devices often have serious consequences.Fuzzing testing is an effective method to detect security vulnerabilities in router devices.However,without sufficient analysis of the firmware of the target device,fuzzy testing is often blind and ineffective.In this paper,we propose a method of using static analysis assisted fuzzy testing to detect vulnerabilities in router devices.Specifically,the results generated by static analysis are used to construct more effective test cases to fuzz the web interface of the router device.Our opinion is that there is a lot of useful information hidden in the router firmware.We use static analysis to extract the possible loopholes in the program code to build test cases and improve the efficiency of fuzzing.We implemented a prototype system and tested it on 46 router firmware from 4 mainstream router vendors,and found 16 vulnerabilities,4 of which were 0-day vulnerabilities.The results show that our system can detect vulnerabilities that cannot be detected by existing vulnerability detection tools compared to advanced automated vulnerability mining methods.关键词
静态分析/模糊测试/固件/漏洞挖掘/Web接口Key words
static analysis/fuzzing/firmware/vulnerability mining/Web interface分类
信息技术与安全科学引用本文复制引用
王洪义,沙乐天..基于静态分析和模糊测试的路由器漏洞检测方法[J].信息安全研究,2024,10(1):40-47,8.基金项目
国家自然科学基金面上项目(62072253) (62072253)
