A Model-Based Behavioral Fuzzing Approach for Network Service

Abstract

Network services face various security challenges such as targeted attacks exploiting security vulnerabilities. Fuzz testing plays an important role in security testing of network service. However, current fuzzing approaches focus on protocol syntax and packet structure, more than multi-phase behavioral interactions between client and server of network service. This paper presents a model-based behavioral fuzzing approach to discover vulnerabilities of network services, which supports state-aware and multi-phase fuzz testing. Based on the model-based fuzzing framework, a finite state machine model EXT-NSFSM is proposed to manipulate the fuzzing process and guarantee the validation of fuzz test cases. The approach is implemented and then is experimented on several network services of DBMS and FTP. The test result has proved effectiveness of this approach.