CN101388807B - Protocol robustness test generation method based on packet mutation - Google Patents
Protocol robustness test generation method based on packet mutation Download PDFInfo
- Publication number
- CN101388807B CN101388807B CN200810112273XA CN200810112273A CN101388807B CN 101388807 B CN101388807 B CN 101388807B CN 200810112273X A CN200810112273X A CN 200810112273XA CN 200810112273 A CN200810112273 A CN 200810112273A CN 101388807 B CN101388807 B CN 101388807B
- Authority
- CN
- China
- Prior art keywords
- territory
- pdu
- transition
- sequence
- state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 117
- 238000000034 method Methods 0.000 title claims abstract description 22
- 230000035772 mutation Effects 0.000 title claims description 5
- 150000001875 compounds Chemical class 0.000 claims abstract description 8
- 230000007704 transition Effects 0.000 claims description 76
- 238000002347 injection Methods 0.000 claims description 22
- 239000007924 injection Substances 0.000 claims description 22
- 239000013598 vector Substances 0.000 claims description 12
- 230000009471 action Effects 0.000 claims description 8
- 238000004321 preservation Methods 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 4
- 238000006467 substitution reaction Methods 0.000 claims description 2
- 230000002159 abnormal effect Effects 0.000 abstract 11
- 239000002131 composite material Substances 0.000 description 11
- 238000005516 engineering process Methods 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000007812 deficiency Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 235000000332 black box Nutrition 0.000 description 1
- 238000005352 clarification Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000011056 performance test Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000010998 test method Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a method for testing the robustness based on protocols of abnormal messages, which belongs to the testing technical field of network protocols. The method is characterized by comprising the following steps: describing the protocol specification as a non-deterministic parameterization expansion finite state machine, building robustness requests and conforming a normal testing sequence, generating single-domain abnormal massages through utilizing various variable strategies, if a deterministic variation is caused after the single-domain abnormal massages are injected, generating a single-domain compound abnormal testing example-1, if a non-deterministic variation is caused after the single-domain abnormal massages are injected, generating a single-domain compound abnormal testing example-2, then combining multi-domain abnormal massages pairwise through using the 'pairwise (pairwise combination)'method, if a deterministic variation is caused after the multi-domain abnormal massages are injected, generating a multi-domain compound abnormal example-1, and if a non-deterministic variation is caused after the multi-domain abnormal massages are injected, generating a multi-domain compound abnormal example-2. The method is suitable for various network protocols and has good versatility.
Description
Technical field
The invention belongs to Internet technical field, relate in particular to the network protocol testing technical field.
Background technology
The protocol test technology be guarantee network communication protocol correct realize and the different network equipment between the important means of correct interconnection.Uniformity test, performance test and HIST are the most frequently used measuring technologies.
It is very complete that procotol can not be described, and comprises input, output and status change.How to handle the design that unspecified input depends on that agreement realizes.Simultaneously, agreement often uses " May (possibility) " statement that optional requirement is described.More than two kinds of situations realize bringing very big flexibility to agreement.Because whether the agreement of only investigating uniformity test realizes consistent with protocol specification, so wrong ability of discovery is limited.In addition, along with the scale and the complexity of network are increasing, Internet exists increasing noise, disturbance, mismatches and put and artificial attack.The requirement of network equipment reliability, fault-tolerance and fail safe is more and more higher, and the agreement robustness becomes more and more important.IEEE (Institute of Electrical and Electric Engineers) is the robustness test definition that can the test protocol realization operate as normal under invalid injection or extensive the injection.
It is a kind of effective method of testing that mistake is injected.Fuzz Testing (half random test is also referred to as fuzz testing) adopts the wrong Black-box Testing method of injecting.Concrete steps are: determine the robustness requirement, produce the test data set, inject test data, make the test judgement at last.
About existing many researchs of robustness test and practice.Although the leak that many agreements realize has been found in these test practices, all exist many deficiencies: the generation of the first, abnormality test example lacks theoretical direction; The second, the test decision mechanism needs to improve; The structure of three, abnormality test example is optimized inadequately.
At above-mentioned deficiency, the present invention proposes a kind of protocol robustness test generation method based on packet mutation.This method brief description following (can referring to Fig. 1): set up the reasonably normal checking sequence of formalized model and structure; Adopt multiple variation strategy to generate test data set; Adopt the composite test example to simplify cycle tests; Generate single domain complex anomaly test case and adopt " pairwise (combination in twos) " method to generate multiple domain complex anomaly test case.
Summary of the invention
The object of the present invention is to provide a kind of universal method that generates based on the agreement robustness test of packet mutation.
The thinking of method proposed by the invention (Fig. 1) is: protocol specification is described as a uncertain parameters extended finite state machine, set up robustness and require and construct normal checking sequence, utilize multiple variation strategy to generate the single domain exception message, if the single domain exception message causes the certainty transition after injecting, then generate single domain variation complex anomaly test case-1, if the single domain exception message causes the uncertainty transition after injecting, then generate single domain variation complex anomaly test case-2, use " pairwise (combination in twos) " method that multiple domain is made up unusually in twos then, if the multiple domain exception message causes the certainty transition after injecting, then generate multiple domain complex anomaly test case-1, if the multiple domain exception message causes the uncertainty transition after injecting, then generate multiple domain variation complex anomaly test case-2.
The invention is characterized in:
Described method is to realize according to the following steps successively for a tested network equipment in the network operation environment:
Step (1): describe a tested agreement with a uncertain parameters extended finite state machine NPEFSM and realize:
S: finite state set, S=S
Spec, S
SpecComprise the state that defines in the protocol specification, definition S
={ s
K| k=1,2 ..., any one s
KAll be nondeterministic statement, be illustrated in exception message and inject the last current state of uncertain transition down, according to inferring s about the uncertain or fuzzy regulation of these transition in the protocol specification
KBe in which subclass of S, so, S=S
Spec=(S
Spec∪ S
);
S
0: initial condition;
·
Comprise p input; Each input
Carry a parameter vector value
1≤k≤p; Both comprise the input that defines in the protocol specification in described p the input, be designated as I
Spec, form by effective message and partial invalidity message, also comprised not clearly a large amount of inputs of definition in the protocol specification, be designated as I
Unspec, all be invalid packet;
Be for describing the variable of transition definition, using vector representation.These variablees are different with the parameter that input, output are carried;
T: transition set, T=T
Spec∪ T
Nondeter, wherein:
T
SpecBe illustrated in and provide the clearly transition of regulation in the protocol specification,
T
NondeterComprise following two kinds of transition and all cause last current state s
*∈ S
, a kind ofly be: for free position s
i, receive input i
j∈ I
Unspec, corresponding transition are not all clearly stipulated in protocol specification; There are a kind of transition in addition, although i
j∈ I
Spec, corresponding transition are not definition in protocol specification, perhaps only provides fuzzy or uncertain explanation, and specific definition is as follows:
For t ∈ T
Spec,
S wherein
j∈ S
Spec, s
k∈ S
Spec Perhaps
Be sky, wherein s and s
*Be respectively the initial condition and the last current state of these transition;
Be the input and output of carrying parameter;
Be based on asserting of variable set and input; Action
Be based on the operation of current variate-value, input, and act on variate-value and output;
For t ∈ T
Nondeter,
S wherein
j∈ S
Spec, s
K∈ S
Output and action
Unknown or uncertain, with "-" expression; Assert and be always true true;
Step (2): set up robustness successively according to the following steps and require and set up normal checking sequence, described robustness requires to be meant that state and behavior still keep the coherence request of normal and protocol compliant standard after invalid packet injects:
Step (2.1) is set up normal checking sequence _ 1:
If
s
i∈S
spec,s
j∈S
spec;
Perhaps
Be sky, according to s
jThe state verification sequence structure normally verify sequence,
Step (2.2) is set up normal checking sequence _ 2:
Suppose
Be an invalid packet and
If
s
i∈ S
Spec, s
K∈ S
And
According to s
KThe state recognition sequence structure normally verify sequence,
Step (2.3) is set up normal checking sequence _ 2-1 approximate substitution and is normally verified sequence _ 2:
Because the complex structure of state recognition sequence replaces normal checking sequence _ 2 so need to set up normal checking sequence _ 2-1,
At first transition (as Fig. 3) are forced in definition:
Suppose
And s
j∈ S
Spec,
Utilize and force transition can set up normal checking sequence _ 2-1:
After invalid packet injected, last current state was s
K∈ S
And
Force if exist
Transition: (s
K∈ S
k) → s
j, by message injection this transition of triggering and according to s
jThe state verification sequence structure normally verify sequence;
Step (3): at first only the territory of message at input makes a variation, and other thresholding all is legal, and corresponding test case is a single domain variation complex anomaly test case, if the transition after unusual the injection are to determine transition T
Spec, being called single domain variation complex anomaly test case-1, it is as follows that it generates step:
Step (3.1) initialization: define a test group TestGroup about effective message pdu
PduAnd be initially sky,
Effective message pdu={f of step (3.2) input
1, f
2...., f
l...., f
N, comprise N territory, wherein pdu.f altogether
lCorresponding unusual thresholding is M, uses
F is supposed in expression
lSpan be: f
i∈ [minimum value, maximum], then these unusual thresholdings comprise { minimum value, minimum value+1, minimum value+2* (maximum-minimum value)/n, minimum value+3* (maximum-minimum value)/n ..., maximum-1, maximum }, wherein n divides parameter, is formulated by setting person; Also will define other exception message in addition: each territory of message removes a plurality of exception messages that the back generates successively, and each exception message only has a territory to be removed, and other territory remains unchanged; A plurality of exception messages that each territory replace to be generated by the territory of double byte, and each exception message only has a territory to be replaced, and other territory remains unchanged;
Step (3.3) defines one about pdu.f
lTest case
And be initially sky, preserve territory pdu.f
lEffective thresholding;
Step (3.4) will be " from s
0To s
iThe state homing sequence " add to
In;
Step (3.5) is for each
Carry out following steps: e
kAssignment is given pdu.f
l, " invalid packet injection " added to as a cycle tests
In, then " from s
jTo s
iThe state homing sequence " also add to
In;
Step (3.8) is given the effective value of step 3.3 preservation assignment again by variation territory pdu.f
l
Step (3.9) is for each territory f
l∈ pdu, all carry out respectively from step 3.3 to step 3.8 the institute in steps;
Step (4): for single domain variation complex anomaly test case, if the transition after unusual the injection are uncertain transition T
Nondeter, being called single domain variation complex anomaly test case-2, it is as follows that it generates step:
Step (4.1) initialization: define a test group TestGroup about effective message pdu
PduAnd be initially sky,
Effective message pdu={f of step (4.2) input
1, f
2...., f
l...., f
N, comprise N territory, wherein pdu.f altogether
lCorresponding unusual thresholding is M, uses
F is supposed in expression
lSpan be: f
i∈ [minimum value, maximum], then these unusual thresholdings comprise { minimum value, minimum value+1, minimum value+2* (maximum-minimum value)/n, minimum value+3* (maximum-minimum value)/n ..., maximum-1, maximum }, wherein n divides parameter, is formulated by setting person; Also will define other exception message in addition: each territory of message removes a plurality of exception messages that the back generates successively, and each exception message only has a territory to be removed, and other territory remains unchanged; A plurality of exception messages that each territory replace to be generated by the territory of double byte, and each exception message only has a territory to be replaced, and other territory remains unchanged;
Step (4.3) defines one about pdu.f
lTest case
And be initially sky, preserve territory pdu.f
lEffective thresholding;
Step (4.5) is for each
Carry out following steps: e
kAssignment is given pdu.f
l, " invalid packet injection " added to as a cycle tests
In, " utilizing and force transition s
K→ s
jSet up from s
KTo s
jThe state homing sequence " add to
In, then " from s
jTo s
iThe state homing sequence " also add to
In;
Step (4.8) is given the effective value of step 4.3 preservation assignment again by variation territory pdu.f
l
Step (4.9) is for each territory f
l∈ pdu, all carry out respectively from step 4.3 to step 4.8 the institute in steps;
Step (5): a plurality of territories of exception message of input are made a variation simultaneously, and corresponding test case is a multiple domain variation complex anomaly test case, if the transition after unusual the injection are to determine transition T
Spec, being called multiple domain variation complex anomaly test case-1, it is as follows that it generates step:
Step (5.1) initialization: define a test group TestGroup about effective message pdu
PduAnd be initially sky;
Effective message pdu={f of step (5.2) input
1, f
2...., f
l...., f
N, comprising N territory altogether, the unusual thresholding set in each territory generates in step 3.2 or step 4.2; F={F
1, F
2... F
M), for any l, 1≤l≤M,
F
lBe the combination in several territories, compound mode is formulated by the tester, and then the M value can be determined;
Step (5.3) defines one about F
lTest case
And be initially sky; Preserve pdu.F
lIn effective thresholding in each territory;
Step (5.4) will be " from s
0To s
iThe state homing sequence " add to
In;
Step (5.5) utilizes existing pairwise algorithm to make up F
lIn the thresholding in each territory generate the exceptional value set
For each
Carry out following steps: E
kAssignment is given pdu.F
l, " invalid packet injection " sequence is added to
In, then " from s
jTo s
iThe state homing sequence " add to
In;
Step (5.8) is given the effective value of step 5.3 preservation assignment again by variation territory combination pdu.F
l
Step (5.9) is for each territory combination F
l∈ F, carry out respectively from step 5.3 to step 5.8 the institute in steps,
Step (6): for multiple domain variation complex anomaly test case, if the transition after unusual the injection are uncertain transition T
Nondeter, being called multiple domain variation complex anomaly test case-2, it is as follows that it generates step:
Step (6.1) initialization: define a test group TestGroup about effective message pdu
PduAnd be initially sky;
Effective message pdu={f of step (6.2) input
1, f
2...., f
l...., f
N, comprising N territory altogether, the unusual thresholding set in each territory generates in step 3.2 or step 4.2; F={F
1, F
2... F
M, for any l, 1≤l≤M,
F
lBe the combination in several territories, compound mode is formulated by the tester, and then the M value can be determined;
Step (6.3) defines one about F
lTest case
And be initially sky; Preserve pdu.F
lIn effective thresholding in each territory;
Step (6.5) is utilized existing pairwise algorithm combination F
lIn the thresholding in each territory generate the exceptional value set
For each
Carry out following steps: E
kAssignment is given pdu.F
l, " invalid packet injection " sequence is added to
In, " utilizing and force transition s
K→ s
jSet up from s
KTo s
jThe state homing sequence " add to
In, then " from s
jTo s
iThe state homing sequence " add to
In;
Step (6.8) is given the effective value of step 6.3 preservation assignment again by variation territory combination pdu.F
l
Step (6.9) is for each territory combination F
l∈ F, carry out respectively from step 6.3 to step 6.8 the institute in steps.
Utilize method of the present invention can generate agreement robustness test case.Table 2 (seeing below literary composition) has been showed the agreement robustness test set at OSPFv2 (open type shortest path priority protocol version 2).
This shows that the present invention has reached intended purposes.
Description of drawings
Fig. 1. flow chart of the present invention
Fig. 2. a part NPEFSM model at the OSPFv2 agreement;
Fig. 3. force the transition diagram;
Fig. 4. two kinds of single domain variation complex anomaly test case structure charts, wherein Fig. 4 (a) is single domain variation complex anomaly test case-1, Fig. 4 (b) is single domain variation complex anomaly test case-2.
Embodiment
Test generation method of the present invention has following steps successively:
(1) with the protocol system specification description is a uncertain parameters extended finite state machine model;
(2) set up robustness and require and set up normal checking sequence;
(3) generation of single domain variation complex anomaly test case, specific algorithm is introduced later in detail;
(4) generation of multiple domain variation complex anomaly test case, specific algorithm is introduced later in detail.
Below, will relevant step be elaborated:
(1) formalized model
FSM (Finite state machine: finite state machine) be widely used for describing procotol.But most of protocol specifications comprise variable and based on the operation of these variablees.Simultaneously, the parameter influence that carries of some input is to asserting and moving.Therefore the finite state machine of parametrization expansion is used to simulate protocol specification.The robustness test needs to inject a large amount of invalid datas, because most invalid packets and their processing rule do not have clear and definite regulation in protocol specification, the status change under these invalid packets inject is uncertain often.So, need to use the finite state machine of uncertain parametrization expansion to be the protocol specification modeling.[definition 1] uncertain parameters extended finite state machine NPEFSM of NPEFSM (Nondeterministic Parameterized Extended Finite State Machine) is expressed as
S: finite state set, S=S
Spec, S
SpecComprise the state that defines in the protocol specification, definition S
={ s
K| k=1,2 ..., any one s
KAll be nondeterministic statement, be illustrated in exception message and inject the last current state of uncertain transition down, according to inferring s about the uncertain or fuzzy regulation of these transition in the protocol specification
KBe in which subclass of S, so, S=S
Spec=(S
Spec∪ S
);
S
0: initial condition;
·
Comprise p input; Each input
Carry a parameter vector value
1≤k≤p; Both comprise the input that defines in the protocol specification in described p the input, be designated as I
Spec, form by effective message and partial invalidity message, also comprised not clearly a large amount of inputs of definition in the protocol specification, be designated as I
Unspec, all be invalid packet;
Be for describing the variable of transition definition, using vector representation.These variablees are different with the parameter that input, output are carried;
T: transition set, T=T
Spec∪ T
Nondeter, wherein:
T
SpecBe illustrated in and provide the clearly transition of regulation in the protocol specification,
T
NondeterComprise following two kinds of transition and all cause last current state s
*∈ S
, a kind ofly be: for free position s
i, receive input i
j∈ I
Unspec, corresponding transition are not all clearly stipulated in protocol specification; There are a kind of transition in addition, although i
j∈ I
Spec, corresponding transition are not definition in protocol specification, perhaps only provides fuzzy or uncertain explanation, and specific definition is as follows:
For t ∈ Tspec,
S wherein
j∈ S
Spec, s
k∈ S
Spec Perhaps
Be sky, wherein s and s
*Be respectively the initial condition and the last current state of these transition;
Be the input and output of carrying parameter;
Be based on asserting of variable set and input; Action
Be based on the operation of current variate-value, input, and act on variate-value and output;
For t ∈ T
Nondeter,
S wherein
j∈ S
Spec, s
K∈ S
Output and action are unknown or uncertain, with "-" expression; Assert and be always true true;
Example 1: Fig. 2 has showed the part NPEFSM model of OSPFv2, asserts and moves major part and all omitted.Transition provide at table 1 for example.Input and output are parameterized data description messages (DDP).First parameter of DDP is DD sequence number (being designated as seq), and another parameter is I/M/MS (being designated as Ims).Assert the inspection that has comprised the DD sequence number, the inspection of I/M/MS and other affirmation or inspection.
Transition of table 1:OSPFv2 for example
Title (Name) | T Exchange-Exchange(T Exchange-exchange) |
Initial state (Start State) | Exchange (exchange) |
Final states (End State) | Exchange (exchange) |
Input (Input) | Description message: DDP (Seq1, Ims1) |
Output (Output) | Description message: DDP (Seq2, Ims2) |
Variable (Variables) | y,... |
Assert (Predicate) | (Seq1==y)&&(Ims1==011)&&... |
Action (Action) | Seq2=y;y=Seq1+1;... |
The uncertainty of some transition in this model is described in addition.If DDP.LSAHeader.LinkStateID in data exchange process (link describe Link State that the head of the declaration of Link State in the message comprises number)=" FFFFFFFF ", this has just caused syntax error, the grammer of whether checking this territory among the LSAheader in the message (Link State declaration head) after receiving this DDP message does not immediately offer some clarification in protocol specification, if tested agreement realizes checking immediately the grammer in this territory, will trigger " SeqNumberMismatch (sequence numbers) ", otherwise exchanges data goes on always, is found (probably finding) up to this mistake when LSA (Link State declaration) asks.In this example, s
K∈ S
k={ s
K1=" Exstart (before beginning exchange) ", s
K2=" Exchange (exchange) " } and t
j∈ T
Nondeter(can with reference to figure 3).
(2) test generation method
Test generation method comprises that single domain complex anomaly test case generates and multiple domain complex anomaly test case generates.At first, set up normal checking sequence, and utilize multiple variation strategy to generate a large amount of invalid packets, generate the complex anomaly test case of single domain and multiple domain then from the NPEFSM model.
Normal checking sequence has been discussed clear in front, is omitted herein.
Below will introduce the composite test example generating algorithm of single domain and multiple domain variation in detail, and progressively explain in detail:
1. single domain variation complex anomaly test case generates
Only the territory of message at input makes a variation, and other thresholding all is legal, and corresponding test case is a single domain variation complex anomaly test case, if the transition after the single domain exception message injects are to determine transition T
Spec, be called single domain variation complex anomaly test case-1, if the transition after the single domain exception message injects are non-definite transition T
Nondeter, be called single domain variation complex anomaly test case-2.Below be the generating algorithm of single domain complex anomaly test case-1, please referring to the structure (as Fig. 4 (a)) of single domain complex anomaly test case-1.
If an effective message originally is pdu={f
1, f
2...., f
N.Following step will generate the test group TestGroup at pdu
PduAnd
Similarly, can obtain the algorithm of single domain composite test example-2, be omitted herein according to the structure (as Fig. 4 (b)) of single domain composite test example-2.
2. multiple domain variation complex anomaly test case generates
A plurality of territories of exception message of input are made a variation simultaneously, and corresponding test case is a multiple domain variation complex anomaly test case, if the transition after the multiple domain exception message injects are to determine transition T
Spec, be called multiple domain variation complex anomaly test case-1, if the transition after the multiple domain exception message injects are uncertain transition T
Nondeter, be called multiple domain variation complex anomaly test case-2.
Multiple domain variation composite test example-1 and single domain variation composite test example-1 similar, but injection is the multiple domain exception message.Algorithm 2 has provided multiple domain variation composite test example-1 generating algorithm.
Similarly, can generate corresponding algorithm according to the structure of multiple domain composite test example-2, multiple domain variation composite test example-2 and single domain variation composite test example-2 similar, but injection is the multiple domain exception message.
Example 2:pairwise algorithm example
Suppose F={f
1, f
2, f
3, f
4, all there are score values (hexadecimal representation) such as 4 boundary values (hexadecimal representation) and 2 in each territory, promptly
The result that utilization pairwise algorithm gets is as follows:
32 exception messages have been generated as can be seen.
(3) experiment
The OSPFv2 agreement comprises 5 kinds of message: Hello, Database Description Packet (DDP: database description packet), Link State Request (LSR: the database request message), the Link State update) and Link State Acknowledgment (Ack: the link state acknowledgment message) Link State Update (LSU:.Also defined 5 kinds of Link StateAdvertisements (LSAs: the Link State declaration), comprising: router lsa, Network-LSAs, the 3rd class summary lsa, the 4th class summary lsa, Autonomy System-External LSA.The state that the OSPFv2 state machine comprises has Init (initialization), 2-way (two-way), Exstart (beginning), Exchange (exchange), Full several states such as (fully).
Adopt above method, generated single domain and multiple domain complex anomaly test set, be respectively 130 and 67 test cases, showed the test set of OSPFv2 as table 2 at OSPFv2.
Table 2:OSPFv2 single domain and the set of multiple domain composite test example
This shows that the present invention has reached intended purposes.
Claims (1)
1. based on the protocol robustness test generation method of packet mutation, it is characterized in that described method is to realize according to the following steps successively for a tested network equipment in the network operation environment:
Step (1): describe a tested agreement with a uncertain parameters extended finite state machine NPEFSM and realize:
● S: finite state set, S=S
Spec, S
SpecComprise the state that defines in the protocol specification, definition S
={ s
K| k=1,2 ..., any one s
KAll be nondeterministic statement, be illustrated in exception message and inject the last current state of uncertain transition down, according to inferring s about the uncertain or fuzzy regulation of these transition in the protocol specification
KBe in which subclass of S, so, S=S
Spec=(S
Spec∪ S
);
● s
0: initial condition;
●
Comprise p input; Each input
Carry a parameter vector value
1≤k≤p; Both comprise the input that defines in the protocol specification in described p the input, be designated as I
Spec, form by effective message and partial invalidity message, also comprised not clearly a large amount of inputs of definition in the protocol specification, be designated as I
Unspec, all be invalid packet;
●
Be for the variable of description transition definition, use vector representation, these variablees are different with the parameter that input, output are carried;
● T: transition set, T=T
Spec∪ T
Nondeter, wherein:
T
SpecBe illustrated in and provide the clearly transition of regulation in the protocol specification,
T
NondeterComprise following two kinds of transition and all cause last current state s
*∈ S
, a kind ofly be: for free position s
i, receive input i
j∈ I
Unspec, corresponding transition are not all clearly stipulated in protocol specification; There are a kind of transition in addition, although i
j∈ I
Spec, corresponding transition are not definition in protocol specification, perhaps only provides fuzzy or uncertain explanation,
Specific definition is as follows:
For t ∈ T
Spec,
S wherein
j∈ S
Spec, s
k∈ S
Spec Perhaps
Be sky, wherein s and s
*Be respectively the initial condition and the last current state of these transition;
Be the input and output of carrying parameter;
Be based on asserting of variable set and input; Action
Be based on the operation of current variate-value, input, and act on variate-value and output;
For t ∈ T
Nondeter,
S wherein
j∈ S
Spec, s
K∈ S
Output and action are unknown or uncertain, with "-" expression; Assert and be always true true;
Step (2): set up robustness successively according to the following steps and require and set up normal checking sequence, described robustness requires to be meant that state and behavior still keep the coherence request of normal and protocol compliant standard after invalid packet injects:
Step (2.1) is set up normal checking sequence _ 1:
If
s
j∈ S
Spec Perhaps
Be sky, according to s
jThe state verification sequence structure normally verify sequence,
Step (2.2) is set up normal checking sequence _ 2:
If
s
i∈ S
Spec, s
K∈ S
And
According to s
KThe state recognition sequence structure normally verify sequence,
Step (2.3) is set up normal checking sequence _ 2-1 approximate substitution and is normally verified sequence _ 2:
Because the complex structure of state recognition sequence replaces normal checking sequence _ 2 so need to set up normal checking sequence _ 2-1,
At first transition are forced in definition:
Utilize and force transition can set up normal checking sequence _ 2-1:
After invalid packet injected, last current state was s
K∈ S
And
Force transition if exist: (s
K∈ S
k) → s
j, by message injection this transition of triggering and according to s
jThe state verification sequence structure normally verify sequence;
Step (3): at first only the territory of message at input makes a variation, and other thresholding all is legal, and corresponding test case is a single domain variation complex anomaly test case, if the transition after unusual the injection are to determine transition T
Spec, being called single domain variation complex anomaly test case-1, it is as follows that it generates step:
Step (3.1) initialization: define a test group TestGroup about effective message pdu
PduAnd be initially sky,
Effective message pdu={f of step (3.2) input
1, f
2...., f
l ...., f
N, comprise N territory, wherein pdu.f altogether
l Corresponding unusual thresholding is M, uses
F is supposed in expression
lSpan be: f
i∈ [minimum value, maximum], then these unusual thresholdings comprise { minimum value, minimum value+1, minimum value+2* (maximum-minimum value)/n, minimum value+3* (maximum-minimum value)/n ..., maximum-1, maximum }, wherein n divides parameter, is formulated by setting person; Also will define other exception message in addition: each territory of message removes a plurality of exception messages that the back generates successively, and each exception message only has a territory to be removed, and other territory remains unchanged; A plurality of exception messages that each territory replace to be generated by the territory of double byte, and each exception message only has a territory to be replaced, and other territory remains unchanged;
Step (3.3) defines one about pdu.f
l Test case
And be initially sky, preserve territory pdu. f
lEffective thresholding;
Step (3.5) is for each
Carry out following steps: e
kAssignment is given pdu.f
l , " invalid packet injection " added to as a cycle tests
In, then " from s
jTo s
iThe state homing sequence " also add to
In;
Step (3.8) is given effective thresholding of step (3.3) preservation assignment again by variation territory pdu. f
l
Step (3.9) is for each territory f
l ∈ pdu, all carry out respectively from step (3.3) to step (3.8) the institute in steps;
Step (4): for single domain variation complex anomaly test case, if the transition after unusual the injection are uncertain transition T
Nondeter, being called single domain variation complex anomaly test case-2, it is as follows that it generates step:
Step (4.1) initialization: define a test group TestGroup about effective message pdu
PduAnd be initially sky,
Effective message pdu={f of step (4.2) input
1, f
2...., f
l ...., f
N, comprise N territory, wherein pdu.f altogether
l Corresponding unusual thresholding is M, uses
F is supposed in expression
lSpan be: f
i∈ [minimum value, maximum], then these unusual thresholdings comprise { minimum value, minimum value+1, minimum value+2* (maximum-minimum value)/n, minimum value+3* (maximum-minimum value)/n ..., maximum-1, maximum }, wherein n divides parameter, is formulated by setting person; Also will define other exception message in addition: each territory of message removes a plurality of exception messages that the back generates successively, and each exception message only has a territory to be removed, and other territory remains unchanged; A plurality of exception messages that each territory replace to be generated by the territory of double byte, and each exception message only has a territory to be replaced, and other territory remains unchanged;
Step (4.3) defines one about pdu.f
lTest case
And be initially sky, preserve territory pdu. f
l Effective thresholding;
Step (4.4) will be " from s
0To s
iThe state homing sequence " add to
In;
Step (4.5) is for each
Carry out following steps: e
kAssignment is given pdu.f
l , " invalid packet injection " added to as a cycle tests
In, " utilizing and force transition s
K→ s
jSet up from s
KTo s
jThe state homing sequence " add to
In, then " from s
jTo s
iThe state homing sequence " also add to
In;
Step (4.8) is given effective thresholding of step (4.3) preservation assignment again by variation territory pdu.f
l
Step (4.9) is for each territory f
l∈ pdu, all carry out respectively from step (4.3) to step (4.8) the institute in steps;
Step (5): a plurality of territories of exception message of input are made a variation simultaneously, and corresponding test case is a multiple domain variation complex anomaly test case, if the transition after unusual the injection are to determine transition T
Spec, being called multiple domain variation complex anomaly test case-1, it is as follows that it generates step:
Step (5.1) initialization: define a test group TestGroup about effective message pdu
PduAnd be initially sky;
Effective message pdu={f of step (5.2) input
1, f
2...., f
l ...., f
N, comprising N territory altogether, the unusual thresholding set in each territory generates in step (3.2) or step (4.2); F={F
1, F
2... F
M, for arbitrarily
l, 1≤
l≤ M,
F
l Be the combination in several territories, compound mode is formulated by the tester, and then the M value can be determined;
One of step (5.3) definition about test case
And be initially sky; Preserve pdu.F
l In effective thresholding in each territory;
Step (5.5) utilizes existing pairwise algorithm to make up F
lIn the thresholding in each territory generate the exceptional value set
For each
Carry out following steps: E
kAssignment is given pdu.F
l , " invalid packet injection " sequence is added to
In, then " from s
jTo s
iThe state homing sequence " add to
In;
Step (5.8) is given effective thresholding of step (5.3) preservation assignment again by variation territory combination pdu.F
l
Step (5.9) is for each territory combination F
l∈ F, carry out respectively from step (5.3) to step (5.8) the institute in steps,
Step (6): for multiple domain variation complex anomaly test case, if the transition after unusual the injection are uncertain transition T
Nondeter, being called multiple domain variation complex anomaly test case-2, it is as follows that it generates step:
Step (6.1) initialization: define a test group TestGroup about effective message pdu
PduAnd be initially sky;
Effective message pdu={f of step (6.2) input
1, f
2...., f
l ...., f
N, comprising N territory altogether, the unusual thresholding set in each territory generates in step (3.2) or step (4.2); F={F
1, F
2... F
M, for arbitrarily
l,
F
l Be the combination in several territories, compound mode is formulated by the tester, and then the M value can be determined;
Step (6.3) defines one about F
lTest case
And be initially sky; Preserve pdu.F
l In effective thresholding in each territory; Step (6.4) will be " from s
0To s
iThe state homing sequence " add to
In;
Step (6.5) is utilized existing pairwise algorithm combination F
lIn the thresholding in each territory generate the exceptional value set
For each
Carry out following steps: E
kAssignment is given pdu.F
l , " invalid packet injection " sequence is added to
In, " utilizing and force transition s
K→ s
jSet up from s
KTo s
jThe state homing sequence " add to
In, then " from s
jTo s
iThe state homing sequence " add to
In;
Step (6.8) is given the F by variation territory combination pdu. effective thresholding of step (6.3) preservation assignment again
l
Step (6.9) is for each territory combination F
l ∈ F, carry out respectively from step (6.3) to step (6.8) the institute in steps.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810112273XA CN101388807B (en) | 2008-05-22 | 2008-05-22 | Protocol robustness test generation method based on packet mutation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810112273XA CN101388807B (en) | 2008-05-22 | 2008-05-22 | Protocol robustness test generation method based on packet mutation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101388807A CN101388807A (en) | 2009-03-18 |
CN101388807B true CN101388807B (en) | 2011-03-30 |
Family
ID=40478003
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200810112273XA Active CN101388807B (en) | 2008-05-22 | 2008-05-22 | Protocol robustness test generation method based on packet mutation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101388807B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102075508B (en) * | 2010-09-02 | 2014-01-29 | 北京神州绿盟信息安全科技股份有限公司 | Vulnerability disclosure system and method aiming at network protocol |
CN102624574B (en) * | 2011-01-27 | 2015-07-01 | 西门子公司 | Security testing method and device for protocol implementation |
CN102404167B (en) * | 2011-11-03 | 2014-02-19 | 清华大学 | Protocol test generating method of parallel expansion finite-state machine based on variable dependence |
CN104517056A (en) * | 2014-12-09 | 2015-04-15 | 北京邮电大学 | Method for extending Peach platform and testing multiple network message fields |
CN108134717B (en) * | 2017-10-26 | 2021-02-02 | 同济大学 | On-chip network fixed fault on-line testing method based on bounded model inspection |
CN111162959B (en) * | 2019-11-28 | 2021-07-06 | 中国航空工业集团公司西安航空计算技术研究所 | Parameter-based avionics interface data communication protocol fuzzy test method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6549882B1 (en) * | 1998-12-21 | 2003-04-15 | Cisco Technology, Inc. | Mechanisms for providing and using a scripting language for flexibly simulationg a plurality of different network protocols |
CN1540928A (en) * | 2003-10-27 | 2004-10-27 | 中国科学院计算技术研究所 | Method for designing cases for testing consistency with protocol of internet of next generation |
CN1741482A (en) * | 2005-09-27 | 2006-03-01 | 清华大学 | Protocol interoperation characteristic test generating method based on communication multi-port finite state machine |
-
2008
- 2008-05-22 CN CN200810112273XA patent/CN101388807B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6549882B1 (en) * | 1998-12-21 | 2003-04-15 | Cisco Technology, Inc. | Mechanisms for providing and using a scripting language for flexibly simulationg a plurality of different network protocols |
CN1540928A (en) * | 2003-10-27 | 2004-10-27 | 中国科学院计算技术研究所 | Method for designing cases for testing consistency with protocol of internet of next generation |
CN1741482A (en) * | 2005-09-27 | 2006-03-01 | 清华大学 | Protocol interoperation characteristic test generating method based on communication multi-port finite state machine |
Also Published As
Publication number | Publication date |
---|---|
CN101388807A (en) | 2009-03-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101388807B (en) | Protocol robustness test generation method based on packet mutation | |
Hong et al. | Strong diagnosability and conditional diagnosability of augmented cubes under the comparison diagnosis model | |
Laarman et al. | Multi-core emptiness checking of timed Büchi automata using inclusion abstraction | |
Akella et al. | Model-checking BNDC properties in cyber-physical systems | |
CN105653935B (en) | Based on PPTL3Social networking system personal secrets run time verification method | |
Bhurke et al. | Methods of Formal Analysis for ICS Protocols and HART-IP CPN modelling | |
Saboori | Verification and enforcement of state-based notions of opacity in discrete event systems | |
Ramasubramanian et al. | Secure control under partial observability with temporal logic constraints | |
Masopust | Critical observability for automata and Petri nets | |
Kushik et al. | Studying the optimal height of the EFSM equivalent for testing telecommunication protocols | |
Liu et al. | I/O conformance test generation with colored Petri nets | |
Lamperti et al. | From diagnosis of active systems to incremental determinization of finite acyclic automata | |
Hegde et al. | Modelling and verification of extensible authentication protocol using spin model checker | |
Keren et al. | Model-based diagnosis with multi-label classification | |
Saboori et al. | Reduced-complexity verification for initial-state opacity in modular discrete event systems | |
Brzezinski | Towards the methodological harmonization of passive testing across ICT communities | |
Timo et al. | Using imprecise test oracles modelled by FSM | |
Kühnrich et al. | On process-algebraic proof methods for fault tolerant distributed systems | |
El-Fakih et al. | Diagnosing multiple faults in communicating finite state machines | |
Boiten | Commitment: A challenge for formal methods | |
Akella | Verification of information flow security in cyber-physical systems | |
Drusinsky et al. | Verifying distributed protocols using MSC-assertions, run-time monitoring, and automatic test generation | |
Berthet et al. | A unified theory of fault diagnosis and distributed fault management in communication networks | |
Yao et al. | Efficient Verification of Multi-Agent Systems Through Parallel | |
Keroglou | State estimation in logical and stochastic discrete event systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |