CN107046526A - Distributed heterogeneous network hole method for digging based on Fuzzing algorithms - Google Patents
Distributed heterogeneous network hole method for digging based on Fuzzing algorithms Download PDFInfo
- Publication number
- CN107046526A CN107046526A CN201611235833.1A CN201611235833A CN107046526A CN 107046526 A CN107046526 A CN 107046526A CN 201611235833 A CN201611235833 A CN 201611235833A CN 107046526 A CN107046526 A CN 107046526A
- Authority
- CN
- China
- Prior art keywords
- protocol
- test
- agreement
- script
- fuzzing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The present invention relates to the distributed heterogeneous network hole method for digging based on Fuzzing algorithms.Step includes:Procotol to test target carries out automation parsing, determines the agreement key message of test target;Agreement key message is comprehensively described and specific data structure is combined into, protocol test script is built;According to protocol test script, each running status of agreement is combined into protocol bug excavation path profile;According to protocol bug excavation path profile and control instruction, test script is sent to test target, control instruction is sent to target monitor, the monitoring information from target monitor is received;The vulnerability information of the test script of transmission and test is stored, and shown in the presentation of information page.The present invention improves the coverage rate and validity of agreement excavation, reduces the omission probability of leak;Friendly operation interface is provided, corresponding information is shown in real time, is easy to user to check, reduce bug excavation enters gate threshold.
Description
Technical field
The present invention relates to network hole digging technology field, the distributed heterogeneous net based on Fuzzing algorithms is specifically
Network bug excavation method.
Background technology
Among the development process of software and hardware product, the test of product is extremely important and essential process, because
This major producer all focuses on the test process of software and hardware product very much, and the measuring technology of common software and hardware product includes:Whitepack
Test, Black-box Testing and grey box testing etc..Different method of testing, it is desirable to obtain the resource of the different levels of system under test (SUT), its
Middle Black-box Testing hardly requires any resource of any system under test (SUT).Among distributed heterogeneous network, the various network equipments
Numerous and complicated, software product is also varied, therefore Black-box Testing and grey box testing, can be risen among distributed heterogeneous network
To preferable effect.
In recent years, fuzz testing (Fuzzing tests) is widely used in as a kind of famous Black-box Testing technology
Among software product testing.The principle of fuzz testing is:By sending unexpected input to test target and monitoring in output
Exception find the failure in software or hardware.For typical case, fuzz testing utilizes semi-automatic or full-automatic
What method was repeated provides input to test target, and monitors the running situation of test target in real time, observes the anti-of test target
Should, and then expect to excavate corresponding leak.
There are two kinds currently used for the major way of fuzz testing technology, be respectively:Fuzz testing based on generation and it is based on
The fuzz testing of variation.
Fuzz testing based on generation needs in advance to analyze and research to the form of procotol or file, and is retouched
State out, protocal analysis personnel describe format specification by script file under normal circumstances, then according to these scripts text
Part produces substantial amounts of test case, and on the one hand the data of construction will meet the format specification in script file, to prevent test mesh
Mark directly abandons illegal use-case, does not reach the effect of test, on the other hand also to have specific characteristics as far as possible, such as boundary value,
Format string etc., the possibility of increase triggering leak.
Fuzz testing based on variation is divided into random variation and inspired again to make a variation, and this fuzz testing algorithm needs a sample
The sample that this document is constructed as test case.
Existing online fuzzy tests (Fuzzing tests), and it is mainly using Technical Architecture as shown in Figure 1 to test target
Carry out bug excavation.The Technical Architecture may be roughly divided into two parts, and Part I is that fuzz testing engine section (referred to as draws
Hold up), it is mainly responsible for producing corresponding test case, and according to the analysis result in sample file or script file, generation is corresponding
Lopsided data, for the injection of follow-up test target, i.e., unexpected input.Part II is target monitoring module (abbreviation
Agency), the part is mainly responsible for being monitored test target, its reaction relative to lopsided data input is observed, so that really
Test target is determined with the presence or absence of corresponding leak.
The workflow of existing online fuzzy test (Fuzzing) is as follows:
Fuzzing tests are realized by sending substantial amounts of half valid data to test target and observing output result
, it sends data using semi-automatic or full automatic mode.The workflow of Fuzzing tests typically can all include following
Step, as shown in Figure 2:
(1) test target is determined
Determine that test target can make test definitely.The today developed rapidly in science and technology, fuzz testing has had
More ripe development, for different test targets, selects corresponding instrument either test frame, can save and develop into
This, saves the testing time.So, the determination of test target determines the type of selected testing tool and method.
(2) input matrix is analyzed
The generation of most security breaches is all because the input data to program is not verified or to illegal defeated
Caused by entering not provide clear and definite processing standard, so, it is the key that Fuzzing tests success to determine input matrix.
Input matrix should be included as far as possible can cause all kinds of unexpected inputs of program crashing, such as filename, registration table
The information such as key assignments, command line parameter, configuration information, environmental variance.The test of blindness, may while waste of manpower and time
Also the requirement of test can not be met.
(3) test case is constructed
After the content that input matrix should be included is analysed in depth, it is possible to construct test case according to analysis result.
Fuzzing tests typically send input data by semi-automatic or full automatic mode, it is therefore desirable to which test case is write as
Formal Languages, for example, be adapted to fuzz testing device Fuzzer and read and produce the script file of test case.Pass through artificial side
Formula is constructed after test case formalization file, and follow-up test process can just be carried out by way of automation.At this
During, test target is directed to, other factors are considered, suitable test case make is selected, accomplishes fluently leak
The basis of excavation.
(4) fuzz testing is started
This process is usually an automation process, and it occurs parallel with previous step, while test case is constructed,
Fuzz testing device meeting connecting test target, performs tested application, and send data to test target.
(5) monitoring exception and mistake
The step is an extremely important step, in a large amount of test cases of transmission, is not that each test is used
Example can all cause test target to collapse, it is therefore desirable to causing the abnormal test case produced to record.Monitoring and record collapse
Burst information it is most important for follow-up analysis work, if lacking this step, test target collapse after can not just determine be
Which data result in abnormal generation, so that entirely test failure.
(6) analysis can utilize leak
The step in fuzz testing it is not necessary to a step, complete fuzz testing after, for the mistake detected
It is by mistake and abnormal, to judge whether it has the possibility being utilized according to security purpose, this process is usually to have been manually done, analyst
Suitable level and technology is needed, tester can submit to result security audit personnel, and without completing this by oneself
Individual process.
The Fuzzing measuring technologies existed at this stage, although comparative maturity, but still there are some shortcomings, have
Further improved space.
1. existing Fuzzing measuring technologies, the covering efficiency for agreement is not high enough, many technical schemes are merely able to phase
The some states and field for the agreement answered are tested, it is impossible to the whole agreement implementation path of complete covering, therefore are caused
The efficiency of bug excavation is not high enough.
2. existing Fuzzing measuring technologies, automaticity is relatively low, many measuring technologies are all relied on and are manually entered,
Or substantial amounts of Human disturbance, also without available friendly human-computer interaction interface, cause bug excavation and Fuzzing to survey
The threshold of examination is too high, is not easy to large-scale promotion.
3. existing Fuzzing measuring technologies, much lack corresponding Data Persistence Layer, it is unfavorable for follow-up further dividing
Analysis, causes bug excavation and the effect of test to be had a greatly reduced quality.
The content of the invention
For defect present in prior art, it is an object of the invention to provide the distribution based on Fuzzing algorithms
Heterogeneous network bug excavation method, it is adaptable to distributed heterogeneous network system, all standing of protocol status path, automaticity compared with
It is high.
To achieve the above objectives, the present invention is adopted the technical scheme that:
Distributed heterogeneous network hole method for digging based on Fuzzing algorithms, comprises the following steps:
Step 1, protocol analysis:The network packet of test target is captured, the procotol to test target is parsed,
Determine agreement used in test target and corresponding agreement key message;
Step 2, protocol test script is built:According to the result of protocol analysis, agreement key message is comprehensively retouched
State, different data formats is modeled accordingly, determine a variety of data formats and phase that agreement is showed
The field information answered, is output as the information vector of corresponding protocol data, that is, generates protocol test script;
Step 3, protocol bug excavation path profile is built:According to protocol test script, by each running status of agreement or
Person's instruction is combined, and is connected into directed acyclic graph, i.e. protocol bug excavation path profile, characterizes the operating path of protocol stack;
Step 4, user transmits control instruction by master controller to script transmission flow controller, control bug excavation
Pause and operation;
Step 5, script transmission flow controller is according to protocol bug excavation path profile and corresponding control instruction, to test
Target sends corresponding test script, and corresponding control instruction is sent to target monitor, and target monitor is come from while receiving
Monitoring information, to judge whether to trigger corresponding leak;
Step 6, data display and storage:Master controller is deposited the vulnerability information of the test script of transmission and test
Storage, and shown in the presentation of information page.
On the basis of above-mentioned technical proposal, the agreement key message described in step 1 includes protocol format, verification side
Formula, each state of agreement and instruction.
On the basis of above-mentioned technical proposal, using multisequencing progressive alignment algorithm to grabbing network data in step 1
Bag is parsed.
On the basis of above-mentioned technical proposal, protocol analysis specifically includes following steps described in step 1:
Step 11, substantial amounts of network packet is obtained;
Step 12, the network packet to crawl carries out preliminary treatment, filtering invalid data, recomposing fragmented data, extraction
Application layer message;
Step 13, message analysis is carried out for the application layer message of acquisition, similar sequence of message is placed on a group
In, it is convenient after format analysis when use, when carrying out message cluster and the classification of message group, using matched rule, will before
Application layer message be divided into different packets;
Step 14, when protocol format is analyzed, analysis obtains message format, and the unit of analysis is obtained not in step 13
The message group of same type, by multisequencing progressive alignment algorithm, analyzes agreement key message.
On the basis of above-mentioned technical proposal, in step 2, the protocol test script includes protocol command form and agreement
Text is described.
On the basis of above-mentioned technical proposal, in step 3, each running status of agreement or instruction are combined,
A width directed acyclic graph is constituted, then using graph traversal algorithm, in recursive form, all agreement operating paths are traveled through.
On the basis of above-mentioned technical proposal, in step 5, target monitor builds debugger, the tune using system API
Examination device is bundled in the process of test target, in real time the running status of monitoring test target, when mistake occurs in test target
When, the debugger will read corresponding vulnerability information, while sending script transmission flow controller to.
On the basis of above-mentioned technical proposal, in step 6, the master controller is integrated with the corresponding webserver and entered
Journey handles the input of user there is provided corresponding operation interface, while by the script information of script transmission flow controller, leak
The corresponding informations such as information are shown in the user interface, and show the progress of bug excavation, the traffic conditions on backstage etc. in real time.
Distributed heterogeneous network hole method for digging of the present invention based on Fuzzing algorithms, available for distribution
In heterogeneous network system, the test of corresponding software parses corresponding procotol by the way of automaticity is higher, carries out
The modeling of agreement, then builds the directed acyclic graph for characterizing each path of agreement and state, so as to be carried out to whole agreement
Comprehensive test and analysis, the bug excavation that high coverage rate can be effectively carried out to associated the Internet protocol is tested, Neng Goushi
Now complete bug excavation test and corresponding effect are shown.Meanwhile, the present invention provides friendly human-computer interaction interface, Ke Yishi
When transmit data script transmission content to operating personnel, excavate process, the corresponding bug excavation information such as leak description is supported simultaneously
Data storage, operating personnel can be further analyzed to whole test process afterwards.
The invention has the advantages that:
1. the protocol analysis of test target is carried out using the higher method of automaticity;
2. providing significantly more efficient data presentation technique, so as to be preferably modeled to agreement, and corresponding mould is specified
Paste field;
3. providing more comprehensive agreement operating path, the coverage rate and validity excavated to agreement are improved, reduction is surveyed
The omission probability of examination;
4. providing friendly operation interface, facilitate the operation of operating personnel, reduce bug excavation enters gate threshold, and can
To show corresponding information in real time, it is easy to user to check.
Brief description of the drawings
The present invention has drawings described below:
The existing online fuzzy measuring technology configuration diagrams of Fig. 1.
The workflow schematic diagram of Fig. 2 Fuzzing tests.
The schematic diagram of Fig. 3 the method for the invention.
The workflow schematic diagram of Fig. 4 protocol analysis.
The typical protocol path figure of Fig. 5 File Transfer Protocol.
Fig. 6 FTP application test frames.
The typical FTP instruction messages modelings of Fig. 7 mono-.
Embodiment
The present invention is described in further detail below in conjunction with accompanying drawing.
As shown in figure 3, the distributed heterogeneous network hole method for digging of the present invention based on Fuzzing algorithms, bag
Include following steps:
Step 1, protocol analysis:The network packet of test target is captured, the procotol to test target is parsed,
Determine agreement used in test target and corresponding agreement key message;
Step 2, protocol test script is built:According to the result of protocol analysis, agreement key message is comprehensively retouched
State, different data formats is modeled accordingly, determine a variety of data formats and phase that agreement is showed
The field information answered, is output as the information vector of corresponding protocol data, that is, generates protocol test script;
Step 3, protocol bug excavation path profile is built:According to protocol test script, by each running status of agreement or
Person's instruction is combined, and is connected into directed acyclic graph, i.e. protocol bug excavation path profile, characterizes the operating path of protocol stack;
Step 4, user transmits control instruction by master controller to script transmission flow controller, control bug excavation
Pause and operation;
Step 5, script transmission flow controller is according to protocol bug excavation path profile and corresponding control instruction, to test
Target sends corresponding test script, and corresponding control instruction is sent to target monitor, and target monitor is come from while receiving
Monitoring information, to judge whether to trigger corresponding leak;
Step 6, data display and storage:Master controller is deposited the vulnerability information of the test script of transmission and test
Storage, and shown in the presentation of information page.
On the basis of above-mentioned technical proposal, the agreement key message described in step 1 includes protocol format, verification side
Formula, each state of agreement and instruction.
In the present invention, when analyzing input matrix, protocol resolution module can capture the flow of network, carry out comprehensively certainly
Dynamicization is analyzed, so that it is determined that agreement used in test target and corresponding data format, analyze corresponding data structure, enter
And complete Protocol Modeling.In current fuzz testing technical scheme, in analysis input matrix the step, mainly using hand
Work checks Protocol document or obtains the mode of test target interface document, carries out the parsing and modeling of agreement, this is for some
Close source software and the test target of internal relevant information can not be obtained, can not often carry out effective Protocol Modeling and analysis.This
The automatic analytic method proposed is invented, this obstacle is breached well.
Protocol analysis in the present invention is parsed using multisequencing progressive alignment algorithm to grabbing network packet, is led to
Cross this automation parsing, can with the variable domain in identification protocol message and can not variable domain, textview field and binary field and point
Every identifier field etc., and then whole protocal analysis is completed, foundation is provided for follow-up protocol test script modeling.
Protocol analysis comprises the following steps (as shown in Figure 4):
Firstly, it is necessary to obtain substantial amounts of network packet, this is the operation object based on dataflow analysis method;
Then, the network packet to crawl carries out preliminary treatment, and filtering invalid data, recomposing fragmented data, extraction are answered
Use layer message;
Then, message analysis is carried out for the initial application layer message of acquisition, similar sequence of message is placed on one
In group, it is convenient after format analysis when use, in message cluster module and classification message group module, utilize matching rule
Then, application layer message before is divided into different packets;
Finally, in protocol format analysis module, analysis obtains message format, and the unit of analysis is acquisition in previous step
Different types of message group, by multisequencing progressive alignment algorithm, analyze message protocol form, thus obtain construction survey
The priori that case script on probation needs.
The multisequencing progressive alignment algorithm used in message protocol format analysis part, this programme, is in bioengineering
Gene alignment algorithm on the basis of be improved.The main thought of progressive alignment algorithm is to use dynamic programming, iteratively
Carry out pairwise comparison, be the comparison of two sequences during beginning, be gradually added into new sequence, until the sequence in need being compared
Row all complete to compare.Pass through message classification, it is believed that the message in obtained each packet is same type.Message
Length be the key factor for judging whether message similar.The present invention, will be every by the comparison sequence of message length determining sequence
Message in individual packet is by being ranked up from being short to length, and progressive comparison is gradually completed whole from two most short starts of heading
Individual comparison process.
On the basis of above-mentioned technical proposal, according to the result of protocol analysis, to protocol format, verification mode, agreement
The agreement key message such as each state or instruction is comprehensively described, and is combined into specific data structure, completely
Represent the agreement data packet format transmitted when being implemented.Present solution provides a variety of alternative data modes, including
Static data, binary data, separator and character string etc., each of which data mode can choose whether excavating
Cheng Dangzhong enters row variation, then by the way that each domain of above-mentioned data and protocal analysis is matched and made a variation setting, you can with
Complete test script is built, corresponding protocol fields can on a large scale be made a variation, to lift the success of bug excavation
Rate.
In existing technical scheme, according to the result of Protocol Modeling, starting the fuzz testing stage, be typically only capable to net
Some state of network agreement or certain order are tested, it is impossible to which the running status to whole protocol stack carries out comprehensive, height
The fuzz testing of spreadability.In the present invention, the relevant information of the target detection agreement provided according to test protocol script is right
Each running status of agreement or a plurality of instruction are combined, and they are connected into a directed acyclic graph, characterize protocol stack
Operating path, and then form complete bug excavation session, can to each operating path and command in combination of agreement
Fuzz testing is carried out, so as to improve the validity of fuzz testing.Then the correlation of the figure is believed by specific data structure
Breath, passes to script transmission flow controller, and then perform test.
Different agreements has different protocol status and the method for operation, and many application layer protocols have among running
Obvious running status.By taking File Transfer Protocol as an example (as shown in Figure 5), typical ftp server can among initial login procedure,
It is required that user inputs username and password, this process can be equivalent to send two respectively to user with USER and PASS keys
Word field is the message of starting, and server parses the two messages, to complete login process.Complete corresponding preamble and operate it
Afterwards, client can just send to server and ask, and to complete other operations, including set up file directory (MKD), delete file
(DELE) operation such as, these operations are required further to be operated on the basis of the operation of its preamble is completed, and is built in system
Among mold process, it is reflected as being necessary for these operation setting preamble courses of action, by this sequence of operations and protocol running state,
It is modeled, just can obtains complete protocol running state figure, to characterize the entire run state of agreement, while ensures target
Program can trouble-free operation on each different path.
The structure of protocol test script and the structure of protocol bug excavation path profile can be complete simulation test target exist
Among running, the operating path of protocol stack, therefore among bug excavation process, all roads of test that can be completely
Footpath, to ensure to accomplish high coverage rate.
On the basis of above-mentioned technical proposal, according to protocol bug excavation path profile and corresponding control instruction, script hair
Send process controller to send corresponding test script to test target, send corresponding control instruction to target monitor, simultaneously
The monitoring information from target monitor is received, to judge whether to trigger corresponding leak.
On the basis of above-mentioned technical proposal, for the difference of test target, to the monitoring means of test target there is also
Difference, for running the software with complete operating system, test target monitor, mainly using corresponding system API structures
Debugger is built, the debugger is bundled in the process of test target, in real time the running status of monitoring test target, once survey
There is mistake in examination target, and it will read corresponding error message, while sending script transmission flow controller to.
In existing fuzz testing Technical Architecture, the preservation of test script data and vulnerability information is not often focused on.This
Invention devises master controller on the basis of fuzz testing, with data storage and display function, test that can be to transmission
Script data and vulnerability information are stored, and devise the friendly presentation of information page of comparison, so that tester uses;
It can also be sent to script and process control module transmits corresponding control instruction, pause and operation of control system etc..
Corresponding Network Server Processes are integrated with master controller, it provides corresponding operation interface, processing user's
Input, while the corresponding information such as script information, vulnerability information that script transmission flow controller is sent is included in user interface
It is central, and it can also show the progress of bug excavation, the traffic conditions on backstage etc. in real time.
Traditional bug excavation method, automaticity is low, and threshold is higher, it is impossible to provide good to common attendant
Operation interface, their mode of operation, typically using more order line mode of operation, complex operation has to operating personnel
Higher professional standards requirement.Generally, among bug excavation process, user of service needs to be modeled related protocol,
Then manual construction protocol model, and then send corresponding test script to test target, wherein test script is possibly can not be complete
The operating path of all standing agreement, therefore also to be sent several times by the way of multiplexing, therefore it is inefficient.The present invention is adopted
With this data structure of directed acyclic graph, with reference to corresponding ergodic algorithm, the complete trails of overlay protocol so that protocol test covers
Lid rate is more comprehensive, more rich in efficiency.
It is application example of this programme among distributed heterogeneous network below.
For the technical program, using File Transfer Protocol as example is applied, File Transfer Protocol is a kind of FTP, is being divided
It is widely used in cloth heterogeneous network, it is widely used for file backup, file is uploaded, file download, O&M record backup
With download etc. field.
We carry out corresponding fuzz testing to ftp server here, and bug excavation device is operated in client, and its is continuous
Send script to ftp server, and receive Process Debugging information from server end and network connection information, in real time prison
The working condition of target detection software is controlled, leak is whether there is in target detection software so as to analyze, its working frame substantially
As shown in Figure 6.
As shown in fig. 6, bug excavation device is believed in the script that client constantly sends generation to corresponding ftp server
Breath, and the running status of ftp server is monitored by network monitoring agency and Message-based IPC agency, and then assess whether triggering
Leak present in ftp server.For the modeling of File Transfer Protocol, a typical FTP instruction message can be modeled as
Form shown in Fig. 7.Fig. 7 show one by the data lattice of the FTP instructions gone out constructed by technical solutions according to the invention
Formula, is characterized in the instruction, can enter the data field and immutable data field and separator of row variation.
Wherein, to CMD, separator, the field of the immobilized substance such as character string and finishing control symbol, the present invention is
It will not accordingly be made a variation, only to the 3rd field, this field is typically variable, and it, which is represented, in this example logs in
Specific user name during ftp server, among actual application process, this field should be a word that can change
Section, therefore among this programme, it will enter row variation to the field, build the script of enormous amount, and then be sent to FTP service
Device.
For File Transfer Protocol, there is certain dependence between various orders, for example CWD, the order such as MKD must be
Run after USER and PASS orders, and be separate between the order such as CWD and MKD, therefore we are needed according to this
Working method between each order of kind agreement, builds the operating path of agreement, it is clear that this is a typical graphic structure, leads to
Often complicated agreement may be mapped to as a directed acyclic graph.This programme is exactly to whole according to this directed acyclic graph
Agreement is tested.
In addition, the technical program, is also integrated with the operation interface of close friend, and operating personnel can easily choose accordingly
Network in test equipment, click start excavate button, the bug excavation device on backstage will start working, without other configurations
With cumbersome operation.
The invention provides complete distributed heterogeneous network hole method for digging, including protocol analysis, Protocol Modeling side
Method, protocol bug excavation path profile construction method, test target monitoring method and the presentation of information page.Agreement solution in the present invention
Analysis method, captures substantial amounts of procotol message, the advantage of multisequencing progressive alignment algorithm is taken full advantage of, in network first
A large amount of messages filtered accordingly, classify and handle, by the comparison of successive ignition, so as to analyze corresponding agreement lattice
Formula, the structure for follow-up Protocol Modeling and protocol bug excavation path profile provides foundation.This also to be directed to some unknown associations
The procotol bug excavation of view form becomes possibility.Secondly, protocol bug excavation path profile construction method so that test can be with
Accomplish to carry out agreement complete modeling, corresponding fuzz testing can be carried out to specified field so that bug excavation is tested
More comprehensively whole agreement can be tested, accomplish that coverage rate is higher, validity is stronger.
The content not being described in detail in this specification belongs to prior art known to professional and technical personnel in the field.
Claims (8)
1. the distributed heterogeneous network hole method for digging based on Fuzzing algorithms, it is characterised in that comprise the following steps:
Step 1, protocol analysis:The network packet of test target is captured, the procotol to test target is parsed, it is determined that
Agreement used in test target and corresponding agreement key message;
Step 2, protocol test script is built:According to the result of protocol analysis, agreement key message is comprehensively described, it is right
Different data formats are modeled accordingly, determine a variety of data formats and corresponding word that agreement showed
Segment information, generates protocol test script;
Step 3, protocol bug excavation path profile is built:According to protocol test script, by each running status of agreement or refer to
Order is combined, and is connected into protocol bug excavation path profile, characterizes the operating path of protocol stack;
Step 4, user transmits control instruction by master controller to script transmission flow controller, controls the pause of bug excavation
And operation;
Step 5, script transmission flow controller is according to protocol bug excavation path profile and corresponding control instruction, to test target
Corresponding test script is sent, corresponding control instruction is sent to target monitor, while receiving the prison from target monitor
Measurement information, to judge whether to trigger corresponding leak;
Step 6, data display and storage:Master controller is stored the vulnerability information of the test script of transmission and test, and
Shown in the presentation of information page.
2. the distributed heterogeneous network hole method for digging according to claim 1 based on Fuzzing algorithms, its feature exists
In:Agreement key message described in step 1 includes protocol format, verification mode, each state of agreement and instruction.
3. the distributed heterogeneous network hole method for digging according to claim 1 based on Fuzzing algorithms, its feature exists
In:Parsed in step 1 using multisequencing progressive alignment algorithm to grabbing network packet.
4. the distributed heterogeneous network hole method for digging according to claim 3 based on Fuzzing algorithms, its feature exists
In:Protocol analysis specifically includes following steps described in step 1:
Step 11, network packet is obtained;
Step 12, the network packet to crawl carries out preliminary treatment, filtering invalid data, recomposing fragmented data, extraction application
Layer message;
Step 13, message analysis is carried out for the application layer message of acquisition, similar sequence of message is placed in a group, side
Just used after during format analysis, when carrying out message cluster and the classification of message group, using matched rule, by application layer message
It is divided into different packets;
Step 14, when protocol format is analyzed, the different types of message group obtained in step 13 is analyzed, report is obtained
Literary form, by multisequencing progressive alignment algorithm, analyzes agreement key message.
5. the distributed heterogeneous network hole method for digging according to claim 1 based on Fuzzing algorithms, its feature exists
In:In step 2, the protocol test script includes protocol command form and version of an agreement is described.
6. the distributed heterogeneous network hole method for digging according to claim 1 based on Fuzzing algorithms, its feature exists
In:In step 3, the protocol bug excavation path profile is directed acyclic graph, using graph traversal algorithm, in recursive form, time
Go through all agreement operating paths.
7. the distributed heterogeneous network hole method for digging according to claim 1 based on Fuzzing algorithms, its feature exists
In:In step 5, the target monitor builds debugger using system API, and the debugger is bundled in entering for test target
Cheng Shang, in real time monitoring test target running status, when mistake occurs in test target, the debugger will be read accordingly
Vulnerability information, while sending script transmission flow controller to.
8. the distributed heterogeneous network hole method for digging according to claim 1 based on Fuzzing algorithms, its feature exists
In:In step 6, the master controller is integrated with corresponding Network Server Processes there is provided corresponding operation interface, handles user
Input, while the script information and vulnerability information of script transmission flow controller are shown in the user interface, and in real time
Display bug excavation progress and backstage traffic conditions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611235833.1A CN107046526A (en) | 2016-12-28 | 2016-12-28 | Distributed heterogeneous network hole method for digging based on Fuzzing algorithms |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611235833.1A CN107046526A (en) | 2016-12-28 | 2016-12-28 | Distributed heterogeneous network hole method for digging based on Fuzzing algorithms |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107046526A true CN107046526A (en) | 2017-08-15 |
Family
ID=59543630
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611235833.1A Pending CN107046526A (en) | 2016-12-28 | 2016-12-28 | Distributed heterogeneous network hole method for digging based on Fuzzing algorithms |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107046526A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108108625A (en) * | 2017-12-29 | 2018-06-01 | 哈尔滨安天科技股份有限公司 | Overflow vulnerability detection method, system and storage medium based on form isomery |
| CN108337266A (en) * | 2018-03-07 | 2018-07-27 | 中国科学院信息工程研究所 | A kind of efficient protocol client vulnerability mining method and system |
| CN108600195A (en) * | 2018-04-04 | 2018-09-28 | 国家计算机网络与信息安全管理中心 | A kind of quick reverse estimating method of industry control protocol format based on incremental learning |
| CN108737213A (en) * | 2018-05-22 | 2018-11-02 | 中国电子科技集团公司第四十研究所 | A kind of parallel big handling capacity Permeation Test System of height based on FPGA and method |
| CN109450731A (en) * | 2018-11-09 | 2019-03-08 | 中国科学院长春光学精密机械与物理研究所 | A kind of test data generating method of application layer communication protocol |
| CN109543417A (en) * | 2018-11-26 | 2019-03-29 | 杭州安恒信息技术股份有限公司 | A kind of bug excavation method and device based on Qemu platform |
| CN109660558A (en) * | 2019-01-18 | 2019-04-19 | 中国电力科学研究院有限公司 | IEC104 protocol bug excavation method based on protocol status figure traversal |
| CN109981563A (en) * | 2019-01-23 | 2019-07-05 | 国家新闻出版广电总局广播电视规划院 | A kind of automatic intelligent method for digging of radio and television key message infrastructure network security breaches |
| CN110232012A (en) * | 2018-03-06 | 2019-09-13 | 国家计算机网络与信息安全管理中心 | A kind of fuzz testing language protocol test script and testing engine based on xml |
| CN111628900A (en) * | 2019-02-28 | 2020-09-04 | 西门子股份公司 | Fuzzy test method and device based on network protocol and computer readable medium |
| CN111901327A (en) * | 2020-07-21 | 2020-11-06 | 平安科技(深圳)有限公司 | Cloud network vulnerability mining method and device, electronic equipment and medium |
| CN112398839A (en) * | 2020-11-06 | 2021-02-23 | 中国科学院信息工程研究所 | Industrial control vulnerability mining method and device |
| CN112653693A (en) * | 2020-12-21 | 2021-04-13 | 哈尔滨工大天创电子有限公司 | Industrial control protocol analysis method and device, terminal equipment and readable storage medium |
| CN112906011A (en) * | 2021-05-07 | 2021-06-04 | 北京安普诺信息技术有限公司 | Vulnerability discovery method, testing method, security testing method, related device and platform |
| CN113407945A (en) * | 2021-06-18 | 2021-09-17 | 北京计算机技术及应用研究所 | Man-machine cooperation based large-scale Fuzzing optimization system and method |
| CN113722717A (en) * | 2021-07-21 | 2021-11-30 | 中国科学院信息工程研究所 | Security vulnerability testing method, device, equipment and readable storage medium |
| CN113806202A (en) * | 2020-06-11 | 2021-12-17 | 北京威努特技术有限公司 | Vulnerability mining method and device and computer equipment |
| CN113872919A (en) * | 2020-06-30 | 2021-12-31 | 华为技术有限公司 | Vulnerability scanning method and device |
| CN114827306A (en) * | 2022-03-15 | 2022-07-29 | 西安电子科技大学 | Multi-source heterogeneous industrial protocol message analysis method, system, equipment and medium |
| CN115174194A (en) * | 2022-06-30 | 2022-10-11 | 浙江极氪智能科技有限公司 | System vulnerability mining method, device, equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104142888A (en) * | 2014-07-14 | 2014-11-12 | 北京理工大学 | Regularization state machine model design method with stateful protocol |
| US8997235B2 (en) * | 2012-02-07 | 2015-03-31 | Microsoft Technology Licensing, Llc | Adaptive fuzzing system for web services |
| CN104796240A (en) * | 2015-04-30 | 2015-07-22 | 北京理工大学 | Fuzz testing system for stateful network protocol |
| CN105245403A (en) * | 2015-10-27 | 2016-01-13 | 国网智能电网研究院 | Power-grid industrial control protocol vulnerability mining system and method based on fuzzy test |
| CN105721255A (en) * | 2016-04-14 | 2016-06-29 | 北京工业大学 | Industrial control protocol vulnerability mining system based on fuzzy test |
-
2016
- 2016-12-28 CN CN201611235833.1A patent/CN107046526A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8997235B2 (en) * | 2012-02-07 | 2015-03-31 | Microsoft Technology Licensing, Llc | Adaptive fuzzing system for web services |
| CN104142888A (en) * | 2014-07-14 | 2014-11-12 | 北京理工大学 | Regularization state machine model design method with stateful protocol |
| CN104796240A (en) * | 2015-04-30 | 2015-07-22 | 北京理工大学 | Fuzz testing system for stateful network protocol |
| CN105245403A (en) * | 2015-10-27 | 2016-01-13 | 国网智能电网研究院 | Power-grid industrial control protocol vulnerability mining system and method based on fuzzy test |
| CN105721255A (en) * | 2016-04-14 | 2016-06-29 | 北京工业大学 | Industrial control protocol vulnerability mining system based on fuzzy test |
Non-Patent Citations (1)
| Title |
|---|
| 张赛丹: "基于Fuzzing算法的网络漏洞挖掘研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108108625A (en) * | 2017-12-29 | 2018-06-01 | 哈尔滨安天科技股份有限公司 | Overflow vulnerability detection method, system and storage medium based on form isomery |
| CN110232012A (en) * | 2018-03-06 | 2019-09-13 | 国家计算机网络与信息安全管理中心 | A kind of fuzz testing language protocol test script and testing engine based on xml |
| CN108337266A (en) * | 2018-03-07 | 2018-07-27 | 中国科学院信息工程研究所 | A kind of efficient protocol client vulnerability mining method and system |
| CN108600195A (en) * | 2018-04-04 | 2018-09-28 | 国家计算机网络与信息安全管理中心 | A kind of quick reverse estimating method of industry control protocol format based on incremental learning |
| CN108600195B (en) * | 2018-04-04 | 2022-01-04 | 国家计算机网络与信息安全管理中心 | Rapid industrial control protocol format reverse inference method based on incremental learning |
| CN108737213A (en) * | 2018-05-22 | 2018-11-02 | 中国电子科技集团公司第四十研究所 | A kind of parallel big handling capacity Permeation Test System of height based on FPGA and method |
| CN108737213B (en) * | 2018-05-22 | 2020-06-09 | 中国电子科技集团公司第四十一研究所 | High-parallelism and high-throughput penetration test system and method based on FPGA |
| CN109450731A (en) * | 2018-11-09 | 2019-03-08 | 中国科学院长春光学精密机械与物理研究所 | A kind of test data generating method of application layer communication protocol |
| CN109543417A (en) * | 2018-11-26 | 2019-03-29 | 杭州安恒信息技术股份有限公司 | A kind of bug excavation method and device based on Qemu platform |
| CN109660558A (en) * | 2019-01-18 | 2019-04-19 | 中国电力科学研究院有限公司 | IEC104 protocol bug excavation method based on protocol status figure traversal |
| CN109981563A (en) * | 2019-01-23 | 2019-07-05 | 国家新闻出版广电总局广播电视规划院 | A kind of automatic intelligent method for digging of radio and television key message infrastructure network security breaches |
| CN111628900A (en) * | 2019-02-28 | 2020-09-04 | 西门子股份公司 | Fuzzy test method and device based on network protocol and computer readable medium |
| CN111628900B (en) * | 2019-02-28 | 2023-08-29 | 西门子股份公司 | Fuzzy test method, device and computer readable medium based on network protocol |
| CN113806202B (en) * | 2020-06-11 | 2024-01-26 | 北京威努特技术有限公司 | Vulnerability mining method and device and computer equipment |
| CN113806202A (en) * | 2020-06-11 | 2021-12-17 | 北京威努特技术有限公司 | Vulnerability mining method and device and computer equipment |
| CN113872919A (en) * | 2020-06-30 | 2021-12-31 | 华为技术有限公司 | Vulnerability scanning method and device |
| CN113872919B (en) * | 2020-06-30 | 2022-11-22 | 华为技术有限公司 | Vulnerability scanning method and device |
| CN111901327A (en) * | 2020-07-21 | 2020-11-06 | 平安科技(深圳)有限公司 | Cloud network vulnerability mining method and device, electronic equipment and medium |
| CN112398839A (en) * | 2020-11-06 | 2021-02-23 | 中国科学院信息工程研究所 | Industrial control vulnerability mining method and device |
| CN112398839B (en) * | 2020-11-06 | 2021-11-30 | 中国科学院信息工程研究所 | Industrial control vulnerability mining method and device |
| CN112653693A (en) * | 2020-12-21 | 2021-04-13 | 哈尔滨工大天创电子有限公司 | Industrial control protocol analysis method and device, terminal equipment and readable storage medium |
| CN112906011A (en) * | 2021-05-07 | 2021-06-04 | 北京安普诺信息技术有限公司 | Vulnerability discovery method, testing method, security testing method, related device and platform |
| CN113407945B (en) * | 2021-06-18 | 2023-08-22 | 北京计算机技术及应用研究所 | Large-scale Fuzzing optimization system and method based on man-machine cooperation |
| CN113407945A (en) * | 2021-06-18 | 2021-09-17 | 北京计算机技术及应用研究所 | Man-machine cooperation based large-scale Fuzzing optimization system and method |
| CN113722717A (en) * | 2021-07-21 | 2021-11-30 | 中国科学院信息工程研究所 | Security vulnerability testing method, device, equipment and readable storage medium |
| CN113722717B (en) * | 2021-07-21 | 2024-04-05 | 中国科学院信息工程研究所 | Security vulnerability testing method, device, equipment and readable storage medium |
| CN114827306A (en) * | 2022-03-15 | 2022-07-29 | 西安电子科技大学 | Multi-source heterogeneous industrial protocol message analysis method, system, equipment and medium |
| CN114827306B (en) * | 2022-03-15 | 2024-01-19 | 西安电子科技大学 | Multi-source heterogeneous industrial protocol message analysis method, system, equipment and medium |
| CN115174194A (en) * | 2022-06-30 | 2022-10-11 | 浙江极氪智能科技有限公司 | System vulnerability mining method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107046526A (en) | Distributed heterogeneous network hole method for digging based on Fuzzing algorithms | |
| CN105068925B (en) | Software safety defect finds system | |
| CN105933268B (en) | A kind of website back door detection method and device based on the analysis of full dose access log | |
| CN109739755B (en) | Fuzzy test system based on program tracking and mixed execution | |
| CN101242279B (en) | Automatic penetration testing system and method for WEB system | |
| CN104601573B (en) | A kind of Android platform URL accesses result verification method and device | |
| CN101902367A (en) | Method and device for producing test case | |
| Verwer et al. | Flexfringe: a passive automaton learning package | |
| CN105391729A (en) | Web loophole automatic mining method based on fuzzy test | |
| CN111488577B (en) | Model building method and risk assessment method and device based on artificial intelligence | |
| CN105141647A (en) | Method and system for detecting Web application | |
| CN110598418A (en) | Method and system for dynamically detecting vertical override based on IAST test tool | |
| CN110968873A (en) | System and method for automatic penetration test based on artificial intelligence | |
| CN113158197B (en) | SQL injection vulnerability detection method and system based on active IAST | |
| Botella et al. | Risk-based vulnerability testing using security test patterns | |
| CN116383833A (en) | Method and device for testing software program code, electronic equipment and storage medium | |
| CN110460575A (en) | One kind can be realized security audit functional network Security Situation Awareness Systems | |
| Landauer et al. | A framework for automatic labeling of log datasets from model-driven testbeds for HIDS evaluation | |
| CN111124937B (en) | Method and system for assisting in improving test case generation efficiency based on instrumentation function | |
| CN111488586B (en) | Automatic permeation testing system post-permeation method based on AI | |
| CN103368762A (en) | Testing method, system and device for big data comparison | |
| Hao et al. | Usage-based statistical testing of web applications | |
| CN107463493A (en) | A kind of test system and method for testing towards host antivirus software product | |
| CN113836539A (en) | Power engineering control system leak full-flow disposal system and method based on precise test | |
| CN112433947A (en) | Chaos engineering method and system based on network data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170815 |
|
| RJ01 | Rejection of invention patent application after publication |