CN101388807B - Protocol robustness test generation method based on packet mutation - Google Patents

Abstract

The invention relates to a method for testing the robustness based on protocols of abnormal messages, which belongs to the testing technical field of network protocols. The method is characterized by comprising the following steps: describing the protocol specification as a non-deterministic parameterization expansion finite state machine, building robustness requests and conforming a normal testing sequence, generating single-domain abnormal massages through utilizing various variable strategies, if a deterministic variation is caused after the single-domain abnormal massages are injected, generating a single-domain compound abnormal testing example-1, if a non-deterministic variation is caused after the single-domain abnormal massages are injected, generating a single-domain compound abnormal testing example-2, then combining multi-domain abnormal massages pairwise through using the 'pairwise (pairwise combination)'method, if a deterministic variation is caused after the multi-domain abnormal massages are injected, generating a multi-domain compound abnormal example-1, and if a non-deterministic variation is caused after the multi-domain abnormal massages are injected, generating a multi-domain compound abnormal example-2. The method is suitable for various network protocols and has good versatility.

Description

Protocol robustness test generation method based on packet mutation

Technical field

The invention belongs to Internet technical field, relate in particular to the network protocol testing technical field.

Background technology

The protocol test technology be guarantee network communication protocol correct realize and the different network equipment between the important means of correct interconnection.Uniformity test, performance test and HIST are the most frequently used measuring technologies.

It is very complete that procotol can not be described, and comprises input, output and status change.How to handle the design that unspecified input depends on that agreement realizes.Simultaneously, agreement often uses " May (possibility) " statement that optional requirement is described.More than two kinds of situations realize bringing very big flexibility to agreement.Because whether the agreement of only investigating uniformity test realizes consistent with protocol specification, so wrong ability of discovery is limited.In addition, along with the scale and the complexity of network are increasing, Internet exists increasing noise, disturbance, mismatches and put and artificial attack.The requirement of network equipment reliability, fault-tolerance and fail safe is more and more higher, and the agreement robustness becomes more and more important.IEEE (Institute of Electrical and Electric Engineers) is the robustness test definition that can the test protocol realization operate as normal under invalid injection or extensive the injection.

It is a kind of effective method of testing that mistake is injected.Fuzz Testing (half random test is also referred to as fuzz testing) adopts the wrong Black-box Testing method of injecting.Concrete steps are: determine the robustness requirement, produce the test data set, inject test data, make the test judgement at last.

About existing many researchs of robustness test and practice.Although the leak that many agreements realize has been found in these test practices, all exist many deficiencies: the generation of the first, abnormality test example lacks theoretical direction; The second, the test decision mechanism needs to improve; The structure of three, abnormality test example is optimized inadequately.

At above-mentioned deficiency, the present invention proposes a kind of protocol robustness test generation method based on packet mutation.This method brief description following (can referring to Fig. 1): set up the reasonably normal checking sequence of formalized model and structure; Adopt multiple variation strategy to generate test data set; Adopt the composite test example to simplify cycle tests; Generate single domain complex anomaly test case and adopt " pairwise (combination in twos) " method to generate multiple domain complex anomaly test case.

Summary of the invention

The object of the present invention is to provide a kind of universal method that generates based on the agreement robustness test of packet mutation.

The thinking of method proposed by the invention (Fig. 1) is: protocol specification is described as a uncertain parameters extended finite state machine, set up robustness and require and construct normal checking sequence, utilize multiple variation strategy to generate the single domain exception message, if the single domain exception message causes the certainty transition after injecting, then generate single domain variation complex anomaly test case-1, if the single domain exception message causes the uncertainty transition after injecting, then generate single domain variation complex anomaly test case-2, use " pairwise (combination in twos) " method that multiple domain is made up unusually in twos then, if the multiple domain exception message causes the certainty transition after injecting, then generate multiple domain complex anomaly test case-1, if the multiple domain exception message causes the uncertainty transition after injecting, then generate multiple domain variation complex anomaly test case-2.

The invention is characterized in:

Described method is to realize according to the following steps successively for a tested network equipment in the network operation environment:

Step (1): describe a tested agreement with a uncertain parameters extended finite state machine NPEFSM and realize:

Described NPEFSM is expressed as

Wherein:

S: finite state set, S=S _Spec, S _SpecComprise the state that defines in the protocol specification, definition S ={ s _K| k=1,2 ..., any one s _KAll be nondeterministic statement, be illustrated in exception message and inject the last current state of uncertain transition down, according to inferring s about the uncertain or fuzzy regulation of these transition in the protocol specification _KBe in which subclass of S, so, S=S _Spec=(S _Spec∪ S );

S ₀: initial condition;

· $I=\{i_1\left(\stackrel{\→}{v_1}\right),i_2\left(\stackrel{\→}{v_2}\right),...,i_k\left(\stackrel{\→}{v_k}\right)...,i_p\left(\stackrel{\→}{v_p}\right)\},$ Comprise p input; Each input

Carry a parameter vector value

1≤k≤p; Both comprise the input that defines in the protocol specification in described p the input, be designated as I _Spec, form by effective message and partial invalidity message, also comprised not clearly a large amount of inputs of definition in the protocol specification, be designated as I _Unspec, all be invalid packet;

· $O=\{o_1\left(\stackrel{\&RightArrow;}{w_1}\right),o_2\left(\stackrel{\&RightArrow;}{{\mathrm{<figure-callout\; id="2"\; label="w"\; filenames="H200810112273X01E00021.png"\; state="\{\{state\}\}">w</figure-callout>}}_2}\right),...,o_k\left(\stackrel{\&RightArrow;}{w_k}\right)...,o_q\left(\stackrel{\&RightArrow;}{w_q}\right)\},$ Comprise q output; Each output

Carry a parameter vector value

1≤k≤q;

Be for describing the variable of transition definition, using vector representation.These variablees are different with the parameter that input, output are carried;

T: transition set, T=T _Spec∪ T _Nondeter, wherein:

T _SpecBe illustrated in and provide the clearly transition of regulation in the protocol specification,

T _NondeterComprise following two kinds of transition and all cause last current state s ^*∈ S , a kind ofly be: for free position s _i, receive input i _j∈ I _Unspec, corresponding transition are not all clearly stipulated in protocol specification; There are a kind of transition in addition, although i _j∈ I _Spec, corresponding transition are not definition in protocol specification, perhaps only provides fuzzy or uncertain explanation, and specific definition is as follows:

For t ∈ T _Spec, $t=s_j\stackrel{i_j\left(\stackrel{\&RightArrow;}{v}\right)/o_j\left(\stackrel{\&RightArrow;}{w}\right)/P(\stackrel{\&RightArrow;}{X},i_j\left(\stackrel{\&RightArrow;}{v}\right))/A(\stackrel{\&RightArrow;}{X},i_j\left(\stackrel{\&RightArrow;}{v}\right),o_j\left(\stackrel{\&RightArrow;}{w}\right))}{\&RightArrow;}{s}_k,$ S wherein _j∈ S _Spec, s _k∈ S _Spec $i_j\left(\stackrel{\&RightArrow;}{v}\right)\&Element;I_{\mathrm{spec}};$ $o_j\left(\stackrel{\&RightArrow;}{w}\right)\&Element;O$ Perhaps

Be sky, wherein s and s ^*Be respectively the initial condition and the last current state of these transition; Be the input and output of carrying parameter;

Be based on asserting of variable set and input; Action

Be based on the operation of current variate-value, input, and act on variate-value and output;

For t ∈ T _Nondeter, $t=s_j\stackrel{i_j\left(\stackrel{\&RightArrow;}{v}\right)/-/\mathrm{true}/-}{\&RightArrow;}{s}_{?k},$ S wherein _j∈ S _Spec, s _K∈ S $i_j\left(\stackrel{\&RightArrow;}{v}\right)\&Element;I;$ Output and action

Unknown or uncertain, with "-" expression; Assert and be always true true;

Step (2): set up robustness successively according to the following steps and require and set up normal checking sequence, described robustness requires to be meant that state and behavior still keep the coherence request of normal and protocol compliant standard after invalid packet injects:

Step (2.1) is set up normal checking sequence _ 1:

Suppose

Be an invalid packet and $i_j\left(\stackrel{\&RightArrow;}{v}\right)\&Element;I_{\mathrm{spec}},$

If $s_i\stackrel{i_j\left(\stackrel{\&RightArrow;}{v}\right)/o_j\left(\stackrel{\&RightArrow;}{w}\right)/P(\stackrel{\&RightArrow;}{X},i_j\left(\stackrel{\&RightArrow;}{v}\right))/A(\stackrel{\&RightArrow;}{X},i_j\left(\stackrel{\&RightArrow;}{v}\right),o_j\left(\stackrel{\&RightArrow;}{w}\right))}{\&RightArrow;}{s}_j,$ s _i∈S _spec，s _j∈S _spec； $o_j\left(\stackrel{\&RightArrow;}{w}\right)\&Element;O$ Perhaps

Be sky, according to s _jThe state verification sequence structure normally verify sequence,

Step (2.2) is set up normal checking sequence _ 2:

Suppose Be an invalid packet and $i_j\left(\stackrel{\&RightArrow;}{v}\right)\&Element;I,$ If $s_i\stackrel{i_j\left(\stackrel{\&RightArrow;}{v}\right)/-/\mathrm{true}/-}{\&RightArrow;}{s}_{?k},$ s _i∈ S _Spec, s _K∈ S And $s_{?k}\&Element;S_k\&SubsetEqual;S_{\mathrm{spec}},$ According to s _KThe state recognition sequence structure normally verify sequence,

Step (2.3) is set up normal checking sequence _ 2-1 approximate substitution and is normally verified sequence _ 2:

Because the complex structure of state recognition sequence replaces normal checking sequence _ 2 so need to set up normal checking sequence _ 2-1,

At first transition (as Fig. 3) are forced in definition:

Suppose $S^{,}\&SubsetEqual;S_{\mathrm{spec}}$ And s _j∈ S _Spec,

$(\&ForAll;s\&Element;S^{,})\&RightArrow;s_j$ Be to force transition, and if only if, exists $i_j\left(\stackrel{\&RightArrow;}{v}\right)\&Element;I,$ Make $\&ForAll;s\&Element;S^{,},$ $s\stackrel{i_j\left(\stackrel{\&RightArrow;}{v}\right)/-/\mathrm{true}/-}{\&RightArrow;}{s}_j,$

Utilize and force transition can set up normal checking sequence _ 2-1:

After invalid packet injected, last current state was s _K∈ S And $s_{?k}\&Element;S_k=\left\{s_{\mathrm{ki}}\right|i=\mathrm{1,2},...\}\&SubsetEqual;S_{\mathrm{spec}},$ Force if exist

Transition: (s _K∈ S _k) → s _j, by message injection this transition of triggering and according to s _jThe state verification sequence structure normally verify sequence;

Step (3): at first only the territory of message at input makes a variation, and other thresholding all is legal, and corresponding test case is a single domain variation complex anomaly test case, if the transition after unusual the injection are to determine transition T _Spec, being called single domain variation complex anomaly test case-1, it is as follows that it generates step:

Step (3.1) initialization: define a test group TestGroup about effective message pdu _PduAnd be initially sky,

Effective message pdu={f of step (3.2) input ₁, f ₂...., f _l...., f _N, comprise N territory, wherein pdu.f altogether _lCorresponding unusual thresholding is M, uses $E_{f_l}=\{e_1,{\mathrm{<figure-callout\; id="2"\; label="e"\; filenames="H200810112273X01E00021.png"\; state="\{\{state\}\}">e</figure-callout>}}_2,...e_M\}$ F is supposed in expression _lSpan be: f _i∈ [minimum value, maximum], then these unusual thresholdings comprise { minimum value, minimum value+1, minimum value+2* (maximum-minimum value)/n, minimum value+3* (maximum-minimum value)/n ..., maximum-1, maximum }, wherein n divides parameter, is formulated by setting person; Also will define other exception message in addition: each territory of message removes a plurality of exception messages that the back generates successively, and each exception message only has a territory to be removed, and other territory remains unchanged; A plurality of exception messages that each territory replace to be generated by the territory of double byte, and each exception message only has a territory to be replaced, and other territory remains unchanged;

Step (3.3) defines one about pdu.f _lTest case

And be initially sky, preserve territory pdu.f _lEffective thresholding;

Step (3.4) will be " from s ₀To s _iThe state homing sequence " add to In;

Step (3.5) is for each $e_k\&Element;E_{f_l},$ Carry out following steps: e _kAssignment is given pdu.f _l, " invalid packet injection " added to as a cycle tests

In, then " from s _jTo s _iThe state homing sequence " also add to

In;

Step (3.6) is with state s _iThe checking sequence is added to

In;

Step (3.7)

Add TestGroup to _PduIn;

Step (3.8) is given the effective value of step 3.3 preservation assignment again by variation territory pdu.f _l

Step (3.9) is for each territory f _l∈ pdu, all carry out respectively from step 3.3 to step 3.8 the institute in steps;

Step (4): for single domain variation complex anomaly test case, if the transition after unusual the injection are uncertain transition T _Nondeter, being called single domain variation complex anomaly test case-2, it is as follows that it generates step:

Step (4.1) initialization: define a test group TestGroup about effective message pdu _PduAnd be initially sky,

Effective message pdu={f of step (4.2) input ₁, f ₂...., f _l...., f _N, comprise N territory, wherein pdu.f altogether _lCorresponding unusual thresholding is M, uses $E_{f_l}=\{e_1,{\mathrm{<figure-callout\; id="2"\; label="e"\; filenames="H200810112273X01E00021.png"\; state="\{\{state\}\}">e</figure-callout>}}_2,...e_M\}$ F is supposed in expression _lSpan be: f _i∈ [minimum value, maximum], then these unusual thresholdings comprise { minimum value, minimum value+1, minimum value+2* (maximum-minimum value)/n, minimum value+3* (maximum-minimum value)/n ..., maximum-1, maximum }, wherein n divides parameter, is formulated by setting person; Also will define other exception message in addition: each territory of message removes a plurality of exception messages that the back generates successively, and each exception message only has a territory to be removed, and other territory remains unchanged; A plurality of exception messages that each territory replace to be generated by the territory of double byte, and each exception message only has a territory to be replaced, and other territory remains unchanged;

Step (4.3) defines one about pdu.f _lTest case

And be initially sky, preserve territory pdu.f _lEffective thresholding;

Step (4.4) will be " from s ₀To s _iThe state homing sequence " add to

In;

Step (4.5) is for each $e_k\&Element;E_{f_l},$ Carry out following steps: e _kAssignment is given pdu.f _l, " invalid packet injection " added to as a cycle tests

In, " utilizing and force transition s _K→ s _jSet up from s _KTo s _jThe state homing sequence " add to

In, then " from s _jTo s _iThe state homing sequence " also add to

In;

Step (4.6) is with " state s _iThe checking sequence " add to

In;

Step (4.7)

Add TestGroup to _PduIn;

Step (4.8) is given the effective value of step 4.3 preservation assignment again by variation territory pdu.f _l

Step (4.9) is for each territory f _l∈ pdu, all carry out respectively from step 4.3 to step 4.8 the institute in steps;

Step (5): a plurality of territories of exception message of input are made a variation simultaneously, and corresponding test case is a multiple domain variation complex anomaly test case, if the transition after unusual the injection are to determine transition T _Spec, being called multiple domain variation complex anomaly test case-1, it is as follows that it generates step:

Step (5.1) initialization: define a test group TestGroup about effective message pdu _PduAnd be initially sky;

Effective message pdu={f of step (5.2) input ₁, f ₂...., f _l...., f _N, comprising N territory altogether, the unusual thresholding set in each territory generates in step 3.2 or step 4.2; F={F ₁, F ₂... F _M), for any l, 1≤l≤M, $F_l\&SubsetEqual;\mathrm{PDU},$ F _lBe the combination in several territories, compound mode is formulated by the tester, and then the M value can be determined;

Step (5.3) defines one about F _lTest case

And be initially sky; Preserve pdu.F _lIn effective thresholding in each territory;

Step (5.4) will be " from s ₀To s _iThe state homing sequence " add to In;

Step (5.5) utilizes existing pairwise algorithm to make up F _lIn the thresholding in each territory generate the exceptional value set

For each $E_k\&Element;E_{F_l},$ Carry out following steps: E _kAssignment is given pdu.F _l, " invalid packet injection " sequence is added to

In, then " from s _jTo s _iThe state homing sequence " add to

In;

Step (5.6) is with " state s _iThe checking sequence " add to

In;

Step (5.7)

Add TestGroup to _PduIn;

Step (5.8) is given the effective value of step 5.3 preservation assignment again by variation territory combination pdu.F _l

Step (5.9) is for each territory combination F _l∈ F, carry out respectively from step 5.3 to step 5.8 the institute in steps,

Step (6): for multiple domain variation complex anomaly test case, if the transition after unusual the injection are uncertain transition T _Nondeter, being called multiple domain variation complex anomaly test case-2, it is as follows that it generates step:

Step (6.1) initialization: define a test group TestGroup about effective message pdu _PduAnd be initially sky;

Effective message pdu={f of step (6.2) input ₁, f ₂...., f _l...., f _N, comprising N territory altogether, the unusual thresholding set in each territory generates in step 3.2 or step 4.2; F={F ₁, F ₂... F _M, for any l, 1≤l≤M, $F_l\&SubsetEqual;\mathrm{PDU};$ F _lBe the combination in several territories, compound mode is formulated by the tester, and then the M value can be determined;

Step (6.3) defines one about F _lTest case

And be initially sky; Preserve pdu.F _lIn effective thresholding in each territory;

Step (6.4) will be " from s ₀To s _iThe state homing sequence " add to

In;

Step (6.5) is utilized existing pairwise algorithm combination F _lIn the thresholding in each territory generate the exceptional value set

For each $E_k\&Element;E_{F_l},$ Carry out following steps: E _kAssignment is given pdu.F _l, " invalid packet injection " sequence is added to

In, " utilizing and force transition s _K→ s _jSet up from s _KTo s _jThe state homing sequence " add to

In, then " from s _jTo s _iThe state homing sequence " add to

In;

Step (6.6) is with " state s _iThe checking sequence " add to

In;

Step (6.7)

Add TestGroup to _PduIn;

Step (6.8) is given the effective value of step 6.3 preservation assignment again by variation territory combination pdu.F _l

Step (6.9) is for each territory combination F _l∈ F, carry out respectively from step 6.3 to step 6.8 the institute in steps.

Utilize method of the present invention can generate agreement robustness test case.Table 2 (seeing below literary composition) has been showed the agreement robustness test set at OSPFv2 (open type shortest path priority protocol version 2).

This shows that the present invention has reached intended purposes.

Description of drawings

Fig. 1. flow chart of the present invention

Fig. 2. a part NPEFSM model at the OSPFv2 agreement;

Fig. 3. force the transition diagram;

Fig. 4. two kinds of single domain variation complex anomaly test case structure charts, wherein Fig. 4 (a) is single domain variation complex anomaly test case-1, Fig. 4 (b) is single domain variation complex anomaly test case-2.

Embodiment

Test generation method of the present invention has following steps successively:

(1) with the protocol system specification description is a uncertain parameters extended finite state machine model;

(2) set up robustness and require and set up normal checking sequence;

(3) generation of single domain variation complex anomaly test case, specific algorithm is introduced later in detail;

(4) generation of multiple domain variation complex anomaly test case, specific algorithm is introduced later in detail.

Below, will relevant step be elaborated:

(1) formalized model

FSM (Finite state machine: finite state machine) be widely used for describing procotol.But most of protocol specifications comprise variable and based on the operation of these variablees.Simultaneously, the parameter influence that carries of some input is to asserting and moving.Therefore the finite state machine of parametrization expansion is used to simulate protocol specification.The robustness test needs to inject a large amount of invalid datas, because most invalid packets and their processing rule do not have clear and definite regulation in protocol specification, the status change under these invalid packets inject is uncertain often.So, need to use the finite state machine of uncertain parametrization expansion to be the protocol specification modeling.[definition 1] uncertain parameters extended finite state machine NPEFSM of NPEFSM (Nondeterministic Parameterized Extended Finite State Machine) is expressed as

S: finite state set, S=S _Spec, S _SpecComprise the state that defines in the protocol specification, definition S ={ s _K| k=1,2 ..., any one s _KAll be nondeterministic statement, be illustrated in exception message and inject the last current state of uncertain transition down, according to inferring s about the uncertain or fuzzy regulation of these transition in the protocol specification _KBe in which subclass of S, so, S=S _Spec=(S _Spec∪ S );

S ₀: initial condition;

· $I=\{i_1\left(\stackrel{\&RightArrow;}{v_1}\right),i_2\left(\stackrel{\&RightArrow;}{{\mathrm{<figure-callout\; id="2"\; label="v"\; filenames="H200810112273X01E00021.png"\; state="\{\{state\}\}">v</figure-callout>}}_2}\right),...,i_k\left(\stackrel{\&RightArrow;}{v_k}\right)...,i_p\left(\stackrel{\&RightArrow;}{v_p}\right)\},$ Comprise p input; Each input

Carry a parameter vector value

1≤k≤p; Both comprise the input that defines in the protocol specification in described p the input, be designated as I _Spec, form by effective message and partial invalidity message, also comprised not clearly a large amount of inputs of definition in the protocol specification, be designated as I _Unspec, all be invalid packet;

· $O=\{o_1\left(\stackrel{\&RightArrow;}{w_1}\right),o_2\left(\stackrel{\&RightArrow;}{{\mathrm{<figure-callout\; id="2"\; label="w"\; filenames="H200810112273X01E00021.png"\; state="\{\{state\}\}">w</figure-callout>}}_2}\right),...,o_k\left(\stackrel{\&RightArrow;}{w_k}\right)...,o_q\left(\stackrel{\&RightArrow;}{w_q}\right)\},$ Comprise q output; Each output

Carry a parameter vector value

1≤k≤q;

Be for describing the variable of transition definition, using vector representation.These variablees are different with the parameter that input, output are carried;

T: transition set, T=T _Spec∪ T _Nondeter, wherein:

T _SpecBe illustrated in and provide the clearly transition of regulation in the protocol specification,

T _NondeterComprise following two kinds of transition and all cause last current state s ^*∈ S , a kind ofly be: for free position s _i, receive input i _j∈ I _Unspec, corresponding transition are not all clearly stipulated in protocol specification; There are a kind of transition in addition, although i _j∈ I _Spec, corresponding transition are not definition in protocol specification, perhaps only provides fuzzy or uncertain explanation, and specific definition is as follows:

For t ∈ Tspec, $t=s_j\stackrel{i_j\left(\stackrel{\&RightArrow;}{v}\right)/o_j\left(\stackrel{\&RightArrow;}{w}\right)/P(\stackrel{\&RightArrow;}{X},i_j\left(\stackrel{\&RightArrow;}{v}\right))/A(\stackrel{\&RightArrow;}{X},i_j\left(\stackrel{\&RightArrow;}{v}\right),o_j\left(\stackrel{\&RightArrow;}{w}\right))}{\&RightArrow;}{s}_k,$ S wherein _j∈ S _Spec, s _k∈ S _Spec $i_j\left(\stackrel{\&RightArrow;}{v}\right)\&Element;I_{\mathrm{spec}};$ $o_j\left(\stackrel{\&RightArrow;}{w}\right)\&Element;O$ Perhaps

Be sky, wherein s and s ^*Be respectively the initial condition and the last current state of these transition;

Be the input and output of carrying parameter;

Be based on asserting of variable set and input; Action

Be based on the operation of current variate-value, input, and act on variate-value and output;

For t ∈ T _Nondeter, $t=s_j\stackrel{i_j\left(\stackrel{\&RightArrow;}{v}\right)/-/\mathrm{true}/-}{\&RightArrow;}{s}_{?k},$ S wherein _j∈ S _Spec, s _K∈ S $i_j\left(\stackrel{\&RightArrow;}{v}\right)\&Element;I$ Output and action are unknown or uncertain, with "-" expression; Assert and be always true true;

Example 1: Fig. 2 has showed the part NPEFSM model of OSPFv2, asserts and moves major part and all omitted.Transition provide at table 1 for example.Input and output are parameterized data description messages (DDP).First parameter of DDP is DD sequence number (being designated as seq), and another parameter is I/M/MS (being designated as Ims).Assert the inspection that has comprised the DD sequence number, the inspection of I/M/MS and other affirmation or inspection.

Transition of table 1:OSPFv2 for example

Title (Name)	T Exchange-Exchange(T Exchange-exchange)
		Initial state (Start State)	Exchange (exchange)
Final states (End State)	Exchange (exchange)
		Input (Input)	Description message: DDP (Seq1, Ims1)
Output (Output)	Description message: DDP (Seq2, Ims2)
		Variable (Variables)	y，...
Assert (Predicate)	(Seq1＝＝y)&&(Ims1＝＝011)&&...
		Action (Action)	Seq2＝y；y＝Seq1+1；...

The uncertainty of some transition in this model is described in addition.If DDP.LSAHeader.LinkStateID in data exchange process (link describe Link State that the head of the declaration of Link State in the message comprises number)=" FFFFFFFF ", this has just caused syntax error, the grammer of whether checking this territory among the LSAheader in the message (Link State declaration head) after receiving this DDP message does not immediately offer some clarification in protocol specification, if tested agreement realizes checking immediately the grammer in this territory, will trigger " SeqNumberMismatch (sequence numbers) ", otherwise exchanges data goes on always, is found (probably finding) up to this mistake when LSA (Link State declaration) asks.In this example, s _K∈ S _k={ s _K1=" Exstart (before beginning exchange) ", s _K2=" Exchange (exchange) " } and t _j∈ T _Nondeter(can with reference to figure 3).

(2) test generation method

Test generation method comprises that single domain complex anomaly test case generates and multiple domain complex anomaly test case generates.At first, set up normal checking sequence, and utilize multiple variation strategy to generate a large amount of invalid packets, generate the complex anomaly test case of single domain and multiple domain then from the NPEFSM model.

Normal checking sequence has been discussed clear in front, is omitted herein.

Below will introduce the composite test example generating algorithm of single domain and multiple domain variation in detail, and progressively explain in detail:

1. single domain variation complex anomaly test case generates

Only the territory of message at input makes a variation, and other thresholding all is legal, and corresponding test case is a single domain variation complex anomaly test case, if the transition after the single domain exception message injects are to determine transition T _Spec, be called single domain variation complex anomaly test case-1, if the transition after the single domain exception message injects are non-definite transition T _Nondeter, be called single domain variation complex anomaly test case-2.Below be the generating algorithm of single domain complex anomaly test case-1, please referring to the structure (as Fig. 4 (a)) of single domain complex anomaly test case-1.

If an effective message originally is pdu={f ₁, f ₂...., f _N.Following step will generate the test group TestGroup at pdu _PduAnd

Similarly, can obtain the algorithm of single domain composite test example-2, be omitted herein according to the structure (as Fig. 4 (b)) of single domain composite test example-2.

2. multiple domain variation complex anomaly test case generates

A plurality of territories of exception message of input are made a variation simultaneously, and corresponding test case is a multiple domain variation complex anomaly test case, if the transition after the multiple domain exception message injects are to determine transition T _Spec, be called multiple domain variation complex anomaly test case-1, if the transition after the multiple domain exception message injects are uncertain transition T _Nondeter, be called multiple domain variation complex anomaly test case-2.

Multiple domain variation composite test example-1 and single domain variation composite test example-1 similar, but injection is the multiple domain exception message.Algorithm 2 has provided multiple domain variation composite test example-1 generating algorithm.

Algorithm 2 the 4th row has called pairwise (F _{L, Q}).The input of this algorithm has two: F _lBe the combination of several elements, another one input Q has comprised the value set (suppose to have N element, each element all has a value set) of each element.The output of this algorithm is the set (each vector is the N dimensional vector, the value of a corresponding N element) of several vectors.The pairwise algorithm can guarantee to have covered per two element values combination (can referring to example 2).The detailed process of this algorithm can be consulted relevant pairwise research document.

Similarly, can generate corresponding algorithm according to the structure of multiple domain composite test example-2, multiple domain variation composite test example-2 and single domain variation composite test example-2 similar, but injection is the multiple domain exception message.

Example 2:pairwise algorithm example

Suppose F={f ₁, f ₂, f ₃, f ₄, all there are score values (hexadecimal representation) such as 4 boundary values (hexadecimal representation) and 2 in each territory, promptly $q_{f_1}=q_{f_4}=\{\mathrm{00,01,7}F,\mathrm{FE},\mathrm{FF}\};$ ${\mathrm{<figure-callout\; id="2"\; label="q\; f"\; filenames="H200810112273X01E00021.png"\; state="\{\{state\}\}">q</figure-callout>}}_{f_{}}=\{\mathrm{0000,0001,7}\mathrm{FFF},\mathrm{FFFE},\mathrm{FFFF}\};$ $q_{f_3}=\{\mathrm{000000,000001},$ $7\mathrm{FFFFF},\mathrm{FFFFFE},\mathrm{FFFFFF}\}.$ The result that utilization pairwise algorithm gets is as follows:

$E_{\mathrm{pairwise}}\left(F(f_1,{\mathrm{<figure-callout\; id="2"\; label="f"\; filenames="H200810112273X01E00021.png"\; state="\{\{state\}\}">f</figure-callout>}}_2,f_3,f_4)\right)=\left(\begin{array}{c}{T}_1\\ T_2\\ T_3\\ R_4\\ ...\\ T_{32}\end{array}\right)=\begin{array}{}\left|\begin{array}{cccc}{f}_1& f_2& f_3& f_4\\ 00& 0000& 000000& 00\\ 00& 0001& 000001& 01\\ 00& 7\mathrm{FFF}& 7\mathrm{FFFFF}& 7F\\ 00& \mathrm{FFFE}& \mathrm{FFFFFE}& \mathrm{FE}\\ 00& \mathrm{FFFF}& \mathrm{FFFFFF}& \mathrm{FF}\\ 01& 0000& 000001& 7F\\ 01& 0001& 000000& \mathrm{FE}\\ ...& ...& ...& ...\\ 00& \mathrm{FFFF}& 000000& 7F\end{array}\right|\end{array}$

32 exception messages have been generated as can be seen.

(3) experiment

The OSPFv2 agreement comprises 5 kinds of message: Hello, Database Description Packet (DDP: database description packet), Link State Request (LSR: the database request message), the Link State update) and Link State Acknowledgment (Ack: the link state acknowledgment message) Link State Update (LSU:.Also defined 5 kinds of Link StateAdvertisements (LSAs: the Link State declaration), comprising: router lsa, Network-LSAs, the 3rd class summary lsa, the 4th class summary lsa, Autonomy System-External LSA.The state that the OSPFv2 state machine comprises has Init (initialization), 2-way (two-way), Exstart (beginning), Exchange (exchange), Full several states such as (fully).

Adopt above method, generated single domain and multiple domain complex anomaly test set, be respectively 130 and 67 test cases, showed the test set of OSPFv2 as table 2 at OSPFv2.

Table 2:OSPFv2 single domain and the set of multiple domain composite test example

This shows that the present invention has reached intended purposes.

Claims (1)

1. based on the protocol robustness test generation method of packet mutation, it is characterized in that described method is to realize according to the following steps successively for a tested network equipment in the network operation environment:

Step (1): describe a tested agreement with a uncertain parameters extended finite state machine NPEFSM and realize:

Described NPEFSM is expressed as＜S, s ₀, I, O,

T 〉, wherein:

● S: finite state set, S=S _Spec, S _SpecComprise the state that defines in the protocol specification, definition S ={ s _K| k=1,2 ..., any one s _KAll be nondeterministic statement, be illustrated in exception message and inject the last current state of uncertain transition down, according to inferring s about the uncertain or fuzzy regulation of these transition in the protocol specification _KBe in which subclass of S, so, S=S _Spec=(S _Spec∪ S );

● s ₀: initial condition;

● Comprise p input; Each input

Carry a parameter vector value

1≤k≤p; Both comprise the input that defines in the protocol specification in described p the input, be designated as I _Spec, form by effective message and partial invalidity message, also comprised not clearly a large amount of inputs of definition in the protocol specification, be designated as I _Unspec, all be invalid packet;

●

Comprise q output; Each output Carry a parameter vector value 1≤k≤q;

●

Be for the variable of description transition definition, use vector representation, these variablees are different with the parameter that input, output are carried;

● T: transition set, T=T _Spec∪ T _Nondeter, wherein:

T _SpecBe illustrated in and provide the clearly transition of regulation in the protocol specification,

T _NondeterComprise following two kinds of transition and all cause last current state s ^*∈ S , a kind ofly be: for free position s _i, receive input i _j∈ I _Unspec, corresponding transition are not all clearly stipulated in protocol specification; There are a kind of transition in addition, although i _j∈ I _Spec, corresponding transition are not definition in protocol specification, perhaps only provides fuzzy or uncertain explanation,

Specific definition is as follows:

For t ∈ T _Spec, S wherein _j∈ S _Spec, s _k∈ S _Spec

Perhaps

Be sky, wherein s and s ^*Be respectively the initial condition and the last current state of these transition;

Be the input and output of carrying parameter;

Be based on asserting of variable set and input; Action

Be based on the operation of current variate-value, input, and act on variate-value and output;

For t ∈ T _Nondeter,

S wherein _j∈ S _Spec, s _K∈ S Output and action are unknown or uncertain, with "-" expression; Assert and be always true true;

Step (2): set up robustness successively according to the following steps and require and set up normal checking sequence, described robustness requires to be meant that state and behavior still keep the coherence request of normal and protocol compliant standard after invalid packet injects:

Step (2.1) is set up normal checking sequence _ 1:

Suppose

Be an invalid packet and

If

s _j∈ S _Spec

Perhaps

Be sky, according to s _jThe state verification sequence structure normally verify sequence,

Step (2.2) is set up normal checking sequence _ 2:

Suppose

Be an invalid packet and

If

s _i∈ S _Spec, s _K∈ S And

According to s _KThe state recognition sequence structure normally verify sequence,

Step (2.3) is set up normal checking sequence _ 2-1 approximate substitution and is normally verified sequence _ 2:

Because the complex structure of state recognition sequence replaces normal checking sequence _ 2 so need to set up normal checking sequence _ 2-1,

At first transition are forced in definition:

Suppose

And s _j∈ S _Spec,

Be to force transition, and if only if, exists

Make

Utilize and force transition can set up normal checking sequence _ 2-1:

After invalid packet injected, last current state was s _K∈ S And

Force transition if exist: (s _K∈ S _k) → s _j, by message injection this transition of triggering and according to s _jThe state verification sequence structure normally verify sequence;

Step (3): at first only the territory of message at input makes a variation, and other thresholding all is legal, and corresponding test case is a single domain variation complex anomaly test case, if the transition after unusual the injection are to determine transition T _Spec, being called single domain variation complex anomaly test case-1, it is as follows that it generates step:

Step (3.1) initialization: define a test group TestGroup about effective message pdu _PduAnd be initially sky,

Effective message pdu={f of step (3.2) input ₁, f ₂...., f _l ...., f _N, comprise N territory, wherein pdu.f altogether _l Corresponding unusual thresholding is M, uses

F is supposed in expression _lSpan be: f _i∈ [minimum value, maximum], then these unusual thresholdings comprise { minimum value, minimum value+1, minimum value+2* (maximum-minimum value)/n, minimum value+3* (maximum-minimum value)/n ..., maximum-1, maximum }, wherein n divides parameter, is formulated by setting person; Also will define other exception message in addition: each territory of message removes a plurality of exception messages that the back generates successively, and each exception message only has a territory to be removed, and other territory remains unchanged; A plurality of exception messages that each territory replace to be generated by the territory of double byte, and each exception message only has a territory to be replaced, and other territory remains unchanged;

Step (3.3) defines one about pdu.f _l Test case

And be initially sky, preserve territory pdu. f _lEffective thresholding;

Step (3.4) will be " from s ₀To s _iThe state homing sequence " add to

In;

Step (3.5) is for each

Carry out following steps: e _kAssignment is given pdu.f _l , " invalid packet injection " added to as a cycle tests

In, then " from s _jTo s _iThe state homing sequence " also add to

In;

Step (3.6) is with state s _iThe checking sequence is added to

In;

Step (3.7)

Add TestGroup to _PduIn;

Step (3.8) is given effective thresholding of step (3.3) preservation assignment again by variation territory pdu. f _l

Step (3.9) is for each territory f _l ∈ pdu, all carry out respectively from step (3.3) to step (3.8) the institute in steps;

Step (4): for single domain variation complex anomaly test case, if the transition after unusual the injection are uncertain transition T _Nondeter, being called single domain variation complex anomaly test case-2, it is as follows that it generates step:

Step (4.1) initialization: define a test group TestGroup about effective message pdu _PduAnd be initially sky,

Effective message pdu={f of step (4.2) input ₁, f ₂...., f _l ...., f _N, comprise N territory, wherein pdu.f altogether _l Corresponding unusual thresholding is M, uses

F is supposed in expression _lSpan be: f _i∈ [minimum value, maximum], then these unusual thresholdings comprise { minimum value, minimum value+1, minimum value+2* (maximum-minimum value)/n, minimum value+3* (maximum-minimum value)/n ..., maximum-1, maximum }, wherein n divides parameter, is formulated by setting person; Also will define other exception message in addition: each territory of message removes a plurality of exception messages that the back generates successively, and each exception message only has a territory to be removed, and other territory remains unchanged; A plurality of exception messages that each territory replace to be generated by the territory of double byte, and each exception message only has a territory to be replaced, and other territory remains unchanged;

Step (4.3) defines one about pdu.f _lTest case

And be initially sky, preserve territory pdu. f _l Effective thresholding;

Step (4.4) will be " from s ₀To s _iThe state homing sequence " add to In;

Step (4.5) is for each

Carry out following steps: e _kAssignment is given pdu.f _l , " invalid packet injection " added to as a cycle tests In, " utilizing and force transition s _K→ s _jSet up from s _KTo s _jThe state homing sequence " add to

In, then " from s _jTo s _iThe state homing sequence " also add to

In;

Step (4.6) is with " state s _iThe checking sequence " add to

In;

Step (4.7)

Add TestGroup to _PduIn;

Step (4.8) is given effective thresholding of step (4.3) preservation assignment again by variation territory pdu.f _l

Step (4.9) is for each territory f _l∈ pdu, all carry out respectively from step (4.3) to step (4.8) the institute in steps;

Step (5): a plurality of territories of exception message of input are made a variation simultaneously, and corresponding test case is a multiple domain variation complex anomaly test case, if the transition after unusual the injection are to determine transition T _Spec, being called multiple domain variation complex anomaly test case-1, it is as follows that it generates step:

Step (5.1) initialization: define a test group TestGroup about effective message pdu _PduAnd be initially sky;

Effective message pdu={f of step (5.2) input ₁, f ₂...., f _l ...., f _N, comprising N territory altogether, the unusual thresholding set in each territory generates in step (3.2) or step (4.2); F={F ₁, F ₂... F _M, for arbitrarily l, 1≤ l≤ M,

F _l Be the combination in several territories, compound mode is formulated by the tester, and then the M value can be determined;

One of step (5.3) definition about test case

And be initially sky; Preserve pdu.F _l In effective thresholding in each territory;

Step (5.4) will be " from s ₀To s _iThe state homing sequence " add to

In;

Step (5.5) utilizes existing pairwise algorithm to make up F _lIn the thresholding in each territory generate the exceptional value set

For each Carry out following steps: E _kAssignment is given pdu.F _l , " invalid packet injection " sequence is added to

In, then " from s _jTo s _iThe state homing sequence " add to

In;

Step (5.6) is with " state s _iThe checking sequence " add to

In;

Step (5.7)

Add TestGroup to _PduIn;

Step (5.8) is given effective thresholding of step (5.3) preservation assignment again by variation territory combination pdu.F _l

Step (5.9) is for each territory combination F _l∈ F, carry out respectively from step (5.3) to step (5.8) the institute in steps,

Step (6): for multiple domain variation complex anomaly test case, if the transition after unusual the injection are uncertain transition T _Nondeter, being called multiple domain variation complex anomaly test case-2, it is as follows that it generates step:

Step (6.1) initialization: define a test group TestGroup about effective message pdu _PduAnd be initially sky;

Effective message pdu={f of step (6.2) input ₁, f ₂...., f _l ...., f _N, comprising N territory altogether, the unusual thresholding set in each territory generates in step (3.2) or step (4.2); F={F ₁, F ₂... F _M, for arbitrarily l,

F _l Be the combination in several territories, compound mode is formulated by the tester, and then the M value can be determined;

Step (6.3) defines one about F _lTest case

And be initially sky; Preserve pdu.F _l In effective thresholding in each territory; Step (6.4) will be " from s ₀To s _iThe state homing sequence " add to

In;

Step (6.5) is utilized existing pairwise algorithm combination F _lIn the thresholding in each territory generate the exceptional value set

For each

Carry out following steps: E _kAssignment is given pdu.F _l , " invalid packet injection " sequence is added to

In, " utilizing and force transition s _K→ s _jSet up from s _KTo s _jThe state homing sequence " add to

In, then " from s _jTo s _iThe state homing sequence " add to

In;

Step (6.6) is with " state s _iThe checking sequence " add to

In;

Step (6.7)

Add TestGroup to _PduIn;

Step (6.8) is given the F by variation territory combination pdu. effective thresholding of step (6.3) preservation assignment again _l

Step (6.9) is for each territory combination F _l ∈ F, carry out respectively from step (6.3) to step (6.8) the institute in steps.

Images