CN110401581A - Industry control agreement fuzz testing case generation method based on flow retrospect - Google Patents

Industry control agreement fuzz testing case generation method based on flow retrospect Download PDF

Info

Publication number
CN110401581A
CN110401581A CN201910660498.7A CN201910660498A CN110401581A CN 110401581 A CN110401581 A CN 110401581A CN 201910660498 A CN201910660498 A CN 201910660498A CN 110401581 A CN110401581 A CN 110401581A
Authority
CN
China
Prior art keywords
message
test
test case
field
protocol
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910660498.7A
Other languages
Chinese (zh)
Other versions
CN110401581B (en
Inventor
徐向华
邵帅
王然
程宗毛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dianzi University
Original Assignee
Hangzhou Dianzi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dianzi University filed Critical Hangzhou Dianzi University
Priority to CN201910660498.7A priority Critical patent/CN110401581B/en
Publication of CN110401581A publication Critical patent/CN110401581A/en
Application granted granted Critical
Publication of CN110401581B publication Critical patent/CN110401581B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion

Abstract

The invention discloses a kind of industry control agreement fuzz testing case generation methods based on flow retrospect.Steps are as follows by the present invention: step 1. configuration file is read;The relevant protocol massages of step 2. test protocol extract;The filling of step 3. test case template, generates test case script;By being parsed to real traffic, extracting application of electronic report layer data, message data, which is converted to Python code, to be indicated, is injected into test case template, and test case script is generated, on the basis of not needing manual compiling test case, fuzz testing is quickly carried out;The combination of specific aim and randomness is carried out using the test case of multiple and different types simultaneously to test target device.The present invention carries out the combination of specific aim and randomness using the test case of multiple and different types to test target device, effectively increases the coverage rate of test.This method is suitable for the automatic test of existing industry control protocol bug excavation and the research and development of industry control agreement.

Description

Industry control agreement fuzz testing case generation method based on flow retrospect
Technical field
The present invention relates to industrial network security fields, fuzzy in particular to a kind of industry control agreement based on flow retrospect Method for generating test case.
Background technique
Industrial control system is the important component of each infrastructure, with computer and the hair of network technology Exhibition, more and more Internet technologies be applied to wherein, industrial control system face Traditional control security threat while, Many network attacks from internet are encountered by, these attacks are many by the loophole to industrial control protocols, obtain industry control System core information has become even by the safety of the operation of network-control industrial control system equipment, therefore industry control agreement For the focus of attention of national information safety.
Fuzz testing is a kind of supermatic Black-box Testing technology, is usually used in occurring in the realization of excavating equipment protocol stack Loophole.Fuzz testing is by largely inputting random data, without that can find journey into internal system or acquisition source code Sequence realize on deficiency, but it is such test be blindness because industrial control equipment parse these input when, if do not met Protocol specification, equipment can directly reset connection, then such test can only rest on the primary stage of protocol status.
For such problems, many fuzz testing technologies by message template generate test case, such as Kitty, The network protocol testings frame such as Sulley provides field using frame after manual analysis protocol interaction and protocol definition Agreement is defined, then frame defines generation test packet by these and is sent to target device progress fuzz testing, so that test The message of generation can be parsed by equipment, and hence into deeper test path, but this kind of fuzz testing technical disadvantages exist In writing test case according to every test path, need to spend a large amount of manpowers on use-case is write, it is difficult to improve test effect Rate.
To sum up, to solve the above-mentioned problems, this patent proposes to be generated according to real traffic retrospect intelligence reusable Test case script can efficiently be found under the integrality that the correctness and industry control protocol conversation for keeping protocol format are established The loophole of industry control agreement.
Summary of the invention
Aiming at the problems existing in the prior art, the present invention provides a kind of industry control agreement fuzz testing based on flow retrospect Message data is converted to Python by being parsed to real traffic, extracting application of electronic report layer data by case generation method Language codes indicate, are injected into test case template, generate test case script, are not needing manual compiling test case On the basis of, quickly carry out fuzz testing.Meanwhile the group of specific aim and randomness is carried out using the test case of multiple and different types It closes to test target device, effectively increases the coverage rate of test.This method is suitable for existing industry control protocol bug and digs The automatic test of pick and the research and development of industry control agreement.
The present invention provides a kind of industry control agreement fuzz testing case generation method based on flow retrospect, including following step It is rapid:
Step 1. configuration file is read;
The relevant protocol massages of step 2. test protocol extract;
The filling of step 3. test case template, generates test case script;
By being parsed to real traffic, extracting application of electronic report layer data, message data is converted into Python Code indicates, is injected into test case template, test case script is generated, on the basis for not needing manual compiling test case On, quickly carry out fuzz testing;Come simultaneously using the combination that the test case of multiple and different types carries out specific aim and randomness Target device is tested;
Configuration file in the step 1 uses JSON format, includes field: the message file path of capture PcapPath, the field fields for needing to carry out fuzz testing.
It is using incoming that the step 2, which extracts the relevant protocol massages method of test protocol to existing protocol massages file, The message file path of PCAP format reads protocol information;It is specific as follows:
Step 2-1. obtains transportation level, the application of each message using open source analytic message tool, analytic message file The agreement tree of layer;The field of each agreement can be resolvable to for open source library Scapy in corresponding type object, simultaneously The message that payload field is increased for quoting upper layer protocol data result, after finally output parsing to each agreement;
Step 2-2. judges the agreement and transportation level flag bit of application layer, filters uncorrelated message, extracts test Association message.
The step 3 test case template fill method can traverse extracted protocol massages, be converted into code Indicate, inject test case template, finally obtain test case script, wherein each script can isolated operation, for this The test of class message, it is no longer necessary to which manual compiling test case is implemented as follows:
Message is converted to Python code and indicated by step 3-1.;Traversal protocols message first, because in step 2-1 In obtained transportation level, the application layer protocol tree of each message, it is every to the recursive traversal of each message from bottom to top Layer protocol;
Step 3-2. calls transfer function that each layer protocol is converted to Python code;Transfer function is according to agreement Field type is different, uses different conversion methods:
(1) it is directed to list type-word section, traverses each element for including in field, recursive call transfer function finally makes It is indicated with the code that bracket includes each element;
(2) it is directed to character string type field, each character of field is converted into hexadecimal representation, reuses single quotation marks Include transformation result;
(3) for the field specified in test profile, corresponding ambiguity function is selected according to field type, for word Serial type field is accorded with, ambiguity function constructs field value using spcial character, while constructing the character string more than field length limitation To detect Overflow Vulnerability;For integer field, random value and boundary value are generated using the ambiguity function within the scope of field length;In After selecting ambiguity function, the Python code of RandFunc () expression is converted to, what is selected before wherein RandFunc is is fuzzy Function;
(4) object formation letter is finally merged into each of which field recursive call transfer function for object type field Number code, wherein the transformation result of field is incoming as constructed fuction parameter;
The message data that step 3-3. indicates Python code exports, and enters step 3-4;
Step 3-4. indicates protocol massages code obtained in step 3-3, is injected into test case template;
Graph model, section therein is linked in sequence into according to the test related protocol message extracted in step 2 in step 3-5. Point is each message for needing to send;Finally file will be written after the code injection test case template of graph model, is tested Use-case script file.
The test case template of the step 3 includes: the dependence of open source projects Kitty, and sends fuzz testing message Tool-class, and message is connected into the code of graph model.
The method that protocol massages are converted to Python code of the step 3 includes: to intercept protocol massages first Payload more than transportation level, payload here include multi-layer protocol, for example Siemens S7 agreement includes TPKT association View, COTP agreement, Siemens S7Comm agreement, then to each layer protocol of agreement tree recursive traversal, for current Protocol layer, traversal protocols field, being converted into corresponding code according to field type indicates.
The present invention is based on the industry control agreement fuzz testing case generation methods of flow retrospect, using above technical scheme, with The prior art is compared, and is had the advantage that
Compared to the fuzz testings tool such as Kitty, Sulley, use flow file and easy configuration file as defeated Enter, automatically generate the industry control protocol test script that may be reused, reduce many and diverse h coding, improves testing efficiency. Wherein more deepen comprising true configuration information so that can completely establish protocol conversation in test process in flow file Carry out fuzz testing with entering.It is executed by being combined to test case script, effectively increases test coverage.
Detailed description of the invention
Fig. 1 is that the industry control agreement fuzz testing case generation method traced the present invention is based on flow grabs true environment flow Embodiment schematic diagram.
Fig. 2 is the reality of the industry control agreement fuzz testing case generation method Test cases technology traced the present invention is based on flow Illustration is applied to be intended to.
Fig. 3 is that the present invention is based on the industry control agreement fuzz testing case generation method overall flow figures that flow traces.
Fig. 4 is that the present invention is based on the industry control agreement fuzz testing case generation method configuration file formats that flow traces to show Example.
Fig. 5 is that the present invention is based on the industry control agreement fuzz testing case generation method industry control protocol analysis that flow traces to obtain Tree exemplary diagram.
Fig. 6 is that the data message of the industry control agreement fuzz testing case generation method capture traced the present invention is based on flow exists The result example parsed in Wireshark.
Fig. 7 is independent for the industry control agreement fuzz testing case generation method test case script traced the present invention is based on flow Run the schematic diagram of test.
Fig. 8 is that the industry control agreement fuzz testing case generation method test case group row traced the present invention is based on flow is to appoint The schematic diagram of business operation.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, completely describes to the technical solution in the present invention.
The present invention devises a kind of industry control agreement fuzz testing case generation method based on flow retrospect.It needs before testing Industry control protocol massages are obtained, as shown in Figure 1, packet catcher is positioned in an up between machine and tested industrial control equipment, capture communication The protocol massages of chain road.Wherein packet capturing equipment can be the interchanger of unlatching port mirror image or use on host computer The packet catchers such as Wireshark, Tcpdump, Scapy finally obtain data message file.Later as shown in Figure 2 by capture Data message file and configuration file construct test case script using the method for the present invention as input.
Method for generating test case embodiment is described below.Test case scenario generation method shown in Fig. 3 executes following step It is rapid:
Step 1 reads the configuration file that user fills in.As shown in figure 4, configuration file uses JSON format, include field: The message file path pcapPath of capture, the field fields for needing to carry out fuzz testing.Finally enter step 2.
The message file of step 2 pair capture matches, and extracts and tests the protocol-dependent message of industry control, enters step 3
Specifically steps are as follows for execution for above-mentioned steps 2:
Step 2.1 is obtained each using open source analytic message tool, such as Wireshark, Scapy, analytic message file The agreement tree of the transportation level of a message, application layer.The tree of Siemens S7 agreement as shown in Figure 5, Transmission Control Protocol Upper layer is TPKT agreement, COTP agreement, Siemens S7comm agreement respectively, and the field of each agreement can be resolvable to hold Corresponding type object in the Scapy of source library, while payload field is increased for quoting upper layer protocol data to each agreement As a result, the message after last output parsing.
Step 2.2 judges application layer protocol and transportation level flag bit, because having mixed ratio inside existing message FIN, SYN, ACK control message of such as TCP and the protocol massages of other application layer, these messages will affect protocol status Variation extracts test association message, enters step 3 so needing to filter these uncorrelated messages.
Step 3 is filled test case template according to the agreement related data message of extraction, obtains directly transporting Capable test case Python script, enters step 4.
Steps are as follows for the specific execution of above-mentioned steps 3:
Message is converted to Python code and indicated by step 3.1.Traversal protocols message first, because in step 2.1 In obtained transportation level, the application layer protocol tree of each message, it is every to the recursive traversal of each message from bottom to top Layer protocol.
Step 3.2 calls transfer function that each layer protocol is converted to Python code.Transfer function is according to agreement Field type is different, uses different conversion methods:
(1) it is directed to list type-word section, traverses each element for including in field, recursive call transfer function finally makes It is indicated with the code that bracket includes each element;
(2) it is directed to character string type field, each character of field is converted into hexadecimal representation, reuses single quotation marks Include transformation result;
(3) for the field specified in test profile, corresponding ambiguity function is selected according to field type, for word Accord with serial type field, ambiguity function using such as 0, the spcial characters such as n, %d construct field value, while constructing long more than field The character string of limitation is spent to detect Overflow Vulnerability;For integer field, using the ambiguity function within the scope of field length generate with Machine value and boundary value.After selecting ambiguity function, the Python code of RandFunc () expression is converted to, wherein RandFunc For the ambiguity function selected before.
(4) object formation letter is finally merged into each of which field recursive call transfer function for object type field Number code, wherein the transformation result of field is incoming as constructed fuction parameter.
The message data that step 3.3 indicates Python code exports, and enters step 3.2.
Step 3.4 indicates protocol massages code obtained in step 3.3, is injected into test case template.
Graph model, section therein is linked in sequence into according to the test related protocol message extracted in step 2 in step 3.5 Point is each message for needing to send.Finally file will be written after the code injection test case template of graph model, is tested Use-case script file.
Since Siemens S7 agreement is a kind of common industrial control equipment agreement, the Siemens S7 really to capture below It is embodiment that protocol traffic, which generates test case script, is illustrated to inventive method:
Step 1 reads configuration file, and configuration file is as shown in figure 4, include Siemens S7 protocol traffic file path PcapPath and protocol fields fields in need of test.
Step 2 uses open source software Wireshark analysis protocol flow, each message is converted to as shown in Figure 5 Then agreement tree judges application layer protocol and transportation level flag bit, because mixing inside existing message For example the protocol massages of the control message such as FIN, SYN, ACK of TCP and other application layer, these messages will affect agreement shape State variation, needs to filter these uncorrelated messages, extracts test association message.
Step 3 is filled test case template using the agreement related data message of extraction, obtains directly transporting Capable test case Python script.In conjunction with attached drawing 6, detailed description is converted to the process of Python code expression, such as schemes Shown COTP agreement establishes the result that request connection message (COTPCR) of session parses in Wireshark.Work as transfer function In when traversing COTP agreement by TPKT agreement, traversal COTP agreement request connection (COTPConnect Request) first Message field (MFLD): length, pdu type, destination reference, source reference, class option, parameters.Because automatic evaluation again after length field is filled by other fields, does not need designated value;And Parameters field is list type, need recurrence conversion the inside each element, wherein field type COTPOption by Parameter code, parameter length, parameter field composition, are converted further according to their type, His field does not need to be converted in the code of generation, finally because identical as the type object default value of protocol fields The Python code for obtaining protocol massages as follows indicates:
Packet0=TPKT ()/COTPCR (Parameters=[COTPOption (Parameter
=' x0a '), COTPOption (Parameter
=' x01 x00 ', ParameterCode
=193), COTPOption (Parameter
=' x01 x01 ', ParameterCode=194)])
Wherein type of message COTPCR, TPKT, COTPOption is come using the field description class that Open Framework Scapy is provided Composition.
It is injected into test case template after related protocol message is converted to code expression, obtains test case script text Part, shown in following code:
Wherein packetiIt (i=0,1,2) is that the protocol massages extracted in Fig. 6 real traffic file are converted to code expression Object afterwards connects namely for establishing COTP agreement, establishes the connection of S7Comm agreement, data is written to target device.4th Option when capable parser is for handling operation, IP address, the port of target opening including nominative testing target, needs are fuzzy The number fuzz_count of the change and time-out time timeout of target response.In 16-19 row according to protocol massages sequence, Message is connected into graph model using the ModelGraph class of Kitty frame.Subsequent code for establish with target device it Between connection, blurring message is then sent to target device according to agreement graph model.
In the present invention, according to the test case script that existing flow file automatically generates, two kinds of test methods can be used: One kind on host using IP address of equipment, port numbers, fuzz testing number as the direct Run Script of parameter, as shown in Figure 7;Separately One is tasks of establishing to carry out layout for multiple test case scripts, and combined sequence, which can be, targetedly to be selected, can also be with It is random combine, as shown in figure 8, task performer can sequentially execute the test case after layout.
Each test script at runtime, initially sets up the connection between target device, then traverses in test script The agreement graph model of definition sequentially sends the blurring protocol massages of each node of graph model to target device, passes through monitoring Device monitors the data message sent and equipment state, if target saves data message without response.
In conclusion the present invention is based on the industry control agreement fuzz testing case generation methods of flow retrospect, by true Protocol massages file is parsed, is extracted, and the traversal every layer protocol of message is converted to code expression, is injected into test case template Construct test case script.Relative to existing test method, it is no longer necessary to which hand-coding test case, test generated are used Case script can be facilitated the same protocol stack of test different target, test case writing difficulty is greatly reduced, is subtracted with isolated operation Time required for few fuzz testing preparation stage effectively increases wherein combining multiple test cases carrys out test target equipment Test coverage.It is based on true protocol massages simultaneously, completely establishes application layer conversation, solves existing test method test depth Inadequate problem.
Embodiments of the present invention are elaborated above in conjunction with attached drawing, but the present invention is not limited to above-mentioned implementations Mode within the knowledge of a person skilled in the art can also be without departing from the purpose of the present invention It makes a variety of changes.

Claims (3)

1. the industry control agreement fuzz testing case generation method based on flow retrospect, it is characterised in that specific step is as follows:
Step 1. configuration file is read;
The relevant protocol massages of step 2. test protocol extract;
The filling of step 3. test case template, generates test case script;
By being parsed to real traffic, extracting application of electronic report layer data, message data is converted into Python code It indicates, is injected into test case template, generate test case script, on the basis of not needing manual compiling test case, Quickly carry out fuzz testing;The combination of specific aim and randomness is carried out come to mesh using the test case of multiple and different types simultaneously Marking device is tested;
Configuration file in the step 1 uses JSON format, includes field: the message file path pcapPath of capture, Need to carry out the field fields of fuzz testing.
2. the industry control agreement fuzz testing case generation method based on flow retrospect according to right 1, it is characterised in that: step It is the message file using incoming PCAP format that 2 pairs of existing protocol massages files, which extract the relevant protocol massages method of test protocol, Protocol information is read in path;It is specific as follows:
Step 2-1. is using open source analytic message tool, analytic message file, obtains the transportation level of each message, application layer Agreement tree;The field of each agreement can be resolvable to as corresponding type object in open source library Scapy, while to every The message that a agreement increases payload field for quoting a layer protocol data result, after finally output parsing;
Step 2-2. judges the agreement and transportation level flag bit of application layer, filters uncorrelated message, and it is related to extract test Message.
3. the industry control agreement fuzz testing case generation method based on flow retrospect according to right 2, it is characterised in that: step 3 test case template fill methods can traverse extracted protocol massages, be converted into code expression, inject test case mould Version, finally obtain test case script, wherein each script can isolated operation no longer needed for the test to such message Manual compiling test case is wanted, is implemented as follows:
Message is converted to Python code and indicated by step 3-1.;Traversal protocols message first, because in step 2-1 Through obtaining the transportation level of each message, application layer protocol tree, every layer of the recursive traversal of each message from bottom to top is assisted View;
Step 3-2. calls transfer function that each layer protocol is converted to Python code;Transfer function is according to protocol fields Type is different, uses different conversion methods:
(1) it is directed to list type-word section, traverses each element for including in field, recursive call transfer function, finally in use Bracket includes that the code of each element indicates;
(2) it is directed to character string type field, each character of field is converted into hexadecimal representation, reusing single quotation marks includes Transformation result;
(3) for the field specified in test profile, corresponding ambiguity function is selected according to field type, for character string Type-word section, ambiguity function construct field value using spcial character, while constructing the character string more than field length limitation to examine Survey Overflow Vulnerability;For integer field, random value and boundary value are generated using the ambiguity function within the scope of field length;It is selecting After ambiguity function, the Python code of RandFunc () expression is converted to, the fuzzy letter selected before wherein RandFunc is Number;
(4) for object type field is finally merged into each of which field recursive call transfer function Object constructors generation Code, wherein the transformation result of field is incoming as constructed fuction parameter;
The message data that step 3-3. indicates Python code exports, and enters step 3-4;
Step 3-4. indicates protocol massages code obtained in step 3-3, is injected into test case template;
Graph model is linked in sequence into according to the test related protocol message extracted in step 2 in step 3-5., and node therein is Each message for needing to send;Finally file will be written after the code injection test case template of graph model, obtains test case Script file.
CN201910660498.7A 2019-07-22 2019-07-22 Industrial control protocol fuzzy test case generation method based on flow tracing Active CN110401581B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910660498.7A CN110401581B (en) 2019-07-22 2019-07-22 Industrial control protocol fuzzy test case generation method based on flow tracing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910660498.7A CN110401581B (en) 2019-07-22 2019-07-22 Industrial control protocol fuzzy test case generation method based on flow tracing

Publications (2)

Publication Number Publication Date
CN110401581A true CN110401581A (en) 2019-11-01
CN110401581B CN110401581B (en) 2020-12-01

Family

ID=68325319

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910660498.7A Active CN110401581B (en) 2019-07-22 2019-07-22 Industrial control protocol fuzzy test case generation method based on flow tracing

Country Status (1)

Country Link
CN (1) CN110401581B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111427307A (en) * 2020-04-22 2020-07-17 国网浙江省电力有限公司 Industrial control abnormity detection method, device and equipment
CN111488731A (en) * 2020-04-15 2020-08-04 深圳前海环融联易信息科技服务有限公司 File generation method and device, computer equipment and storage medium
CN111913877A (en) * 2020-07-03 2020-11-10 中国科学院信息工程研究所 Fuzzy test method and device for text configuration file
CN112181856A (en) * 2020-11-02 2021-01-05 浙江中控技术股份有限公司 Encrypted industrial control protocol testing method and device
CN112235244A (en) * 2020-09-10 2021-01-15 北京威努特技术有限公司 Construction method of abnormal message, detection method, device and medium of industrial control network equipment
CN112433948A (en) * 2020-11-30 2021-03-02 上海天旦网络科技发展有限公司 Simulation test system and method based on network data analysis
CN112565026A (en) * 2021-02-20 2021-03-26 支付宝(杭州)信息技术有限公司 Test frame generation method, device and equipment
CN113032241A (en) * 2019-12-09 2021-06-25 腾讯科技(深圳)有限公司 Test data processing method and device and storage medium
CN114157461A (en) * 2021-11-22 2022-03-08 绿盟科技集团股份有限公司 Industrial control protocol data stream processing method, device, equipment and storage medium
CN115001829A (en) * 2022-06-07 2022-09-02 中国软件评测中心(工业和信息化部软件与集成电路促进中心) Protocol vulnerability mining method, device, equipment and storage medium
CN115242676A (en) * 2022-07-28 2022-10-25 度小满科技(北京)有限公司 Software system capacity pressure testing method and device, electronic equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090204591A1 (en) * 2008-02-11 2009-08-13 Rauli Kaksonen Method and arrangement for test case creation
US20100281460A1 (en) * 2009-05-01 2010-11-04 Microsoft Corporation Whitebox Trace Fuzzing
CN102087631A (en) * 2011-03-09 2011-06-08 中国人民解放军国发科学技术大学 Method for realizing fuzzing of software on the basis of state protocol
CN103853650A (en) * 2012-11-28 2014-06-11 西门子公司 Test case generating method and device for fuzz testing
CN105721255A (en) * 2016-04-14 2016-06-29 北京工业大学 Industrial control protocol vulnerability mining system based on fuzzy test
EP3109763A1 (en) * 2015-06-24 2016-12-28 Tata Consultancy Services Limited Method and system for generating functional test cases for software systems
CN109597767A (en) * 2018-12-19 2019-04-09 中国人民解放军国防科技大学 Genetic variation-based fuzzy test case generation method and system
CN109634870A (en) * 2018-12-20 2019-04-16 国家计算机网络与信息安全管理中心 A kind of script management method of industrial control system agreement fuzz testing

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090204591A1 (en) * 2008-02-11 2009-08-13 Rauli Kaksonen Method and arrangement for test case creation
US20100281460A1 (en) * 2009-05-01 2010-11-04 Microsoft Corporation Whitebox Trace Fuzzing
CN102087631A (en) * 2011-03-09 2011-06-08 中国人民解放军国发科学技术大学 Method for realizing fuzzing of software on the basis of state protocol
CN103853650A (en) * 2012-11-28 2014-06-11 西门子公司 Test case generating method and device for fuzz testing
EP3109763A1 (en) * 2015-06-24 2016-12-28 Tata Consultancy Services Limited Method and system for generating functional test cases for software systems
CN105721255A (en) * 2016-04-14 2016-06-29 北京工业大学 Industrial control protocol vulnerability mining system based on fuzzy test
CN109597767A (en) * 2018-12-19 2019-04-09 中国人民解放军国防科技大学 Genetic variation-based fuzzy test case generation method and system
CN109634870A (en) * 2018-12-20 2019-04-16 国家计算机网络与信息安全管理中心 A kind of script management method of industrial control system agreement fuzz testing

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113032241A (en) * 2019-12-09 2021-06-25 腾讯科技(深圳)有限公司 Test data processing method and device and storage medium
CN113032241B (en) * 2019-12-09 2024-02-13 腾讯科技(深圳)有限公司 Test data processing method, device and storage medium
CN111488731A (en) * 2020-04-15 2020-08-04 深圳前海环融联易信息科技服务有限公司 File generation method and device, computer equipment and storage medium
CN111488731B (en) * 2020-04-15 2023-09-29 深圳前海环融联易信息科技服务有限公司 File generation method, device, computer equipment and storage medium
CN111427307A (en) * 2020-04-22 2020-07-17 国网浙江省电力有限公司 Industrial control abnormity detection method, device and equipment
CN111427307B (en) * 2020-04-22 2021-08-24 国网浙江省电力有限公司 Industrial control abnormity detection method, device and equipment
CN111913877A (en) * 2020-07-03 2020-11-10 中国科学院信息工程研究所 Fuzzy test method and device for text configuration file
CN112235244A (en) * 2020-09-10 2021-01-15 北京威努特技术有限公司 Construction method of abnormal message, detection method, device and medium of industrial control network equipment
CN112235244B (en) * 2020-09-10 2023-03-24 北京威努特技术有限公司 Construction method of abnormal message, detection method, device and medium of industrial control network equipment
CN112181856B (en) * 2020-11-02 2022-04-22 浙江中控技术股份有限公司 Encrypted industrial control protocol testing method and device
CN112181856A (en) * 2020-11-02 2021-01-05 浙江中控技术股份有限公司 Encrypted industrial control protocol testing method and device
CN112433948A (en) * 2020-11-30 2021-03-02 上海天旦网络科技发展有限公司 Simulation test system and method based on network data analysis
CN112565026B (en) * 2021-02-20 2021-06-04 支付宝(杭州)信息技术有限公司 Test frame generation method, device and equipment
CN112565026A (en) * 2021-02-20 2021-03-26 支付宝(杭州)信息技术有限公司 Test frame generation method, device and equipment
CN114157461A (en) * 2021-11-22 2022-03-08 绿盟科技集团股份有限公司 Industrial control protocol data stream processing method, device, equipment and storage medium
CN114157461B (en) * 2021-11-22 2023-08-01 绿盟科技集团股份有限公司 Industrial control protocol data stream processing method, device, equipment and storage medium
CN115001829A (en) * 2022-06-07 2022-09-02 中国软件评测中心(工业和信息化部软件与集成电路促进中心) Protocol vulnerability mining method, device, equipment and storage medium
CN115242676A (en) * 2022-07-28 2022-10-25 度小满科技(北京)有限公司 Software system capacity pressure testing method and device, electronic equipment and storage medium
CN115242676B (en) * 2022-07-28 2023-10-03 度小满科技(北京)有限公司 Software system capacity pressure testing method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN110401581B (en) 2020-12-01

Similar Documents

Publication Publication Date Title
CN110401581A (en) Industry control agreement fuzz testing case generation method based on flow retrospect
CN110505111B (en) Industrial control protocol fuzzy test method based on flow playback
CN102087631B (en) Method for realizing fuzzing of software on the basis of state protocol
DE102012216841A1 (en) Method for performing security tests relative to protocol implementations for e.g. connecting distributedly arranged computers in communication industry, involves performing fuzz testing relative protocol implementation using applications
US8150862B2 (en) Multiple related event handling based on XML encoded event handling definitions
US8694448B2 (en) Method and apparatus for providing an adaptive parser
CN106888209A (en) A kind of industry control bug excavation method based on protocol status figure extreme saturation
CN109818970A (en) A kind of data processing method and device
US9271159B2 (en) Methods, systems, and computer readable media for testing a diameter routing node
CN107707549A (en) A kind of device and method automatically extracted using feature
KR100811468B1 (en) System and method for ensuring stability of server application by load test
CN105071991B (en) The test method of the IP connectivity of multiple fire walls
CN111698110A (en) Network equipment performance analysis method, system, equipment and computer medium
CN108989301A (en) A kind of network flow data index method, equipment and storage medium indexed more
CN102104609B (en) Method for analyzing safety defect of network protocol
CN116094850A (en) Network protocol vulnerability detection method and system based on system state tracking graph guidance
Acosta et al. Network data curation toolkit: cybersecurity data collection, aided-labeling, and rule generation
CN113760753B (en) QUIC protocol testing method based on gray box blurring technology
CN110798371A (en) Testing method of private communication protocol
Marchetto et al. A framework for user-friendly verification-oriented VNF modeling
CN103618641A (en) Data packet detecting and monitoring system based on multiple-core network processor and capable of being deployed fast
CN113420298A (en) PHP Web application program vulnerability detection method based on PHP extension and storage medium thereof
McQuistin et al. Investigating Automatic Code Generation for Network Packet Parsing
CN108366040A (en) A kind of logical code detection method, device and the electronic equipment of programmable fire wall
CN114221808B (en) Security policy deployment method and device, computer equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant