有状态网络协议实现的快速模糊测试方法

2021 2nd International Conference on Computer Communication and Network Security (CCNS) Pub Date : 2021-07-01 DOI:10.1109/CCNS53852.2021.00023

Wu Biao, Tang Chaojing, Zhang Bin

{"title":"有状态网络协议实现的快速模糊测试方法","authors":"Wu Biao, Tang Chaojing, Zhang Bin","doi":"10.1109/CCNS53852.2021.00023","DOIUrl":null,"url":null,"abstract":"Fuzzing the network protocol implementation is difficult. One reason for that is the randomly generated network packet data cannot satisfy strict protocol specifications to reach the next state; the other reason is that due to the interaction between server and client, executing a test case assumes a large proportion of time on synchronizing both sides. This paper proposes a fuzzer FFuzz that can speed up the execution of test cases for server fuzzing and accurately mutate specific protocol fields through semantic mutation. By changing the way of sending data packets, multiple data packets are integrated and sent to the server to reduce the interaction time and use the Fork Server mechanism to speed up the fuzzing test. Experiment shows that compared with other state-of-the-art fuzzers, this method increases the execution speed of test cases by 70%, at the same time, code coverage has also been increased by at least 2%.","PeriodicalId":142980,"journal":{"name":"2021 2nd International Conference on Computer Communication and Network Security (CCNS)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"FFUZZ: A Fast Fuzzing Test Method for Stateful Network Protocol Implementation\",\"authors\":\"Wu Biao, Tang Chaojing, Zhang Bin\",\"doi\":\"10.1109/CCNS53852.2021.00023\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Fuzzing the network protocol implementation is difficult. One reason for that is the randomly generated network packet data cannot satisfy strict protocol specifications to reach the next state; the other reason is that due to the interaction between server and client, executing a test case assumes a large proportion of time on synchronizing both sides. This paper proposes a fuzzer FFuzz that can speed up the execution of test cases for server fuzzing and accurately mutate specific protocol fields through semantic mutation. By changing the way of sending data packets, multiple data packets are integrated and sent to the server to reduce the interaction time and use the Fork Server mechanism to speed up the fuzzing test. Experiment shows that compared with other state-of-the-art fuzzers, this method increases the execution speed of test cases by 70%, at the same time, code coverage has also been increased by at least 2%.\",\"PeriodicalId\":142980,\"journal\":{\"name\":\"2021 2nd International Conference on Computer Communication and Network Security (CCNS)\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 2nd International Conference on Computer Communication and Network Security (CCNS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCNS53852.2021.00023\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 2nd International Conference on Computer Communication and Network Security (CCNS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCNS53852.2021.00023","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

模糊化网络协议的实现是很困难的。其中一个原因是随机生成的网络分组数据不能满足严格的协议规范，无法到达下一个状态;另一个原因是，由于服务器和客户机之间的交互，执行测试用例需要在同步双方上花费大量时间。本文提出了一种模糊器FFuzz，它可以加快服务器模糊测试用例的执行速度，并通过语义突变准确地改变特定的协议字段。通过改变数据包的发送方式，将多个数据包集成发送到服务器端，减少交互时间，并利用Fork server机制加快模糊测试速度。实验表明，与其他最先进的fuzzers相比，该方法将测试用例的执行速度提高了70%，同时代码覆盖率也提高了至少2%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

FFUZZ: A Fast Fuzzing Test Method for Stateful Network Protocol Implementation

Fuzzing the network protocol implementation is difficult. One reason for that is the randomly generated network packet data cannot satisfy strict protocol specifications to reach the next state; the other reason is that due to the interaction between server and client, executing a test case assumes a large proportion of time on synchronizing both sides. This paper proposes a fuzzer FFuzz that can speed up the execution of test cases for server fuzzing and accurately mutate specific protocol fields through semantic mutation. By changing the way of sending data packets, multiple data packets are integrated and sent to the server to reduce the interaction time and use the Fork Server mechanism to speed up the fuzzing test. Experiment shows that compared with other state-of-the-art fuzzers, this method increases the execution speed of test cases by 70%, at the same time, code coverage has also been increased by at least 2%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 2nd International Conference on Computer Communication and Network Security (CCNS)

自引率

0.00%

发文量