CN113114534B - Hybrid network fuzzy test tool based on neural network - Google Patents

Hybrid network fuzzy test tool based on neural network Download PDF

Info

Publication number
CN113114534B
CN113114534B CN202110379602.2A CN202110379602A CN113114534B CN 113114534 B CN113114534 B CN 113114534B CN 202110379602 A CN202110379602 A CN 202110379602A CN 113114534 B CN113114534 B CN 113114534B
Authority
CN
China
Prior art keywords
network
data
test
fuzzy
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110379602.2A
Other languages
Chinese (zh)
Other versions
CN113114534A (en
Inventor
苏煜程
张向宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202110379602.2A priority Critical patent/CN113114534B/en
Publication of CN113114534A publication Critical patent/CN113114534A/en
Application granted granted Critical
Publication of CN113114534B publication Critical patent/CN113114534B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computational Linguistics (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Biophysics (AREA)
  • Mathematical Physics (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a hybrid network fuzzy test tool based on a neural network, which belongs to the field of network security, and the processing method comprises the following specific steps: (1) collecting and processing data flow packets; (2) starting to perform the fuzz test; (3) starting machine learning; (4) updating the network protocol; (5) starting an auxiliary program and a network service program; (6) marking the loophole; (7) vulnerability type analysis and feedback; the invention can avoid modifying the fuzzy tester and the network application program, reduces the labor cost, improves the applicability, saves the manpower, material resources and financial resources, solves the problem of low coverage rate in the highly complex logic judgment program facing the network protocol in the traditional fuzzy test, reduces the state space needing traversal, and solves the problem of energy waste in the complex judgment analysis environment facing the network program.

Description

Hybrid network fuzzy test tool based on neural network
Technical Field
The invention relates to the field of network security, in particular to a hybrid network fuzzy test tool based on a neural network.
Background
A security vulnerability is a lifeline for studying security issues, and whether a penetration test is performed, new products are evaluated, or source code of critical components is audited, security vulnerabilities drive our decisions, which make us reasonably time-consuming and affect our choices over many years. In recent years, as network boundaries are increasingly blurred and new attack means are developed endlessly, the importance of software security is increasingly highlighted and is increasingly not ignored, application security tests are used as core means for guaranteeing software security, and the rapid development is naturally achieved, codes are used as basic components for constructing various applications and systems, the security problem is the root problem of software security, and along with the continuous evolution of a development mode and the change of information security trend, the large-scale, automatic and intelligent requirements are provided for the code security guarantee technology, so that the rapid, safe and automatic release of software is realized; therefore, it becomes more important to invent a hybrid network fuzzy test tool based on a neural network;
firstly, most of the existing hybrid network fuzzy test tools based on the neural network are based on manual writing or automatic generation of protocol templates by using templating, the requirement on the level of a tester is high, and generally, the labor cost is high and the applicability is not strong enough for specific protocols; therefore, a hybrid network fuzzy test tool based on a neural network is provided.
Disclosure of Invention
The invention aims to solve the defects in the prior art and provides a hybrid network fuzzy test tool based on a neural network.
In order to achieve the purpose, the invention adopts the following technical scheme:
a hybrid network fuzzy test tool based on a neural network comprises the following specific steps:
(1) Collecting and processing data flow packets: collecting the data traffic packet of the current network and carrying out clustering division to generate seed data;
(2) Start to perform the fuzz test: starting a hybrid fuzzy test engine to start fuzzy test;
(3) Starting machine learning: starting machine learning after the fuzzy test reaches a certain time;
(4) Updating a network protocol: updating an original network protocol sequence;
(5) Starting an auxiliary program and a network service program: the network intermediate agent equipment starts to start an auxiliary program and a network service program;
(6) Marking the loophole: the auxiliary program detects the network service program and marks the vulnerability position to generate vulnerability data;
(7) Vulnerability type analysis and feedback: and analyzing the vulnerability data and feeding back the vulnerability data to a user.
Further, the current network data traffic packets in the step (1) are collected through different collection software, the different collection software comprises LipPcap, winPcap and JPcap, the collected current network data traffic packets are clustered and divided, and seed data are generated through processing, and the specific clustering and dividing steps are as follows:
the method comprises the following steps: classifying the data traffic packets of the current network according to different types, wherein the different types comprise ICMP, ICMPv4, TCP, UDP, IPv4 and IPv6;
step two: automatically constructing Fuzz data by the ICMP, the ICMPv4, the TCP, the UDP, the IPv4 and the IPv6 data through a countermeasure generation network;
step three: a large amount of Fuzz data is constructed and processed to generate seed data.
Further, the hybrid fuzz testing engine in the step (2) starts and starts to collect seed data for fuzz testing, and performs hybrid testing with fuzz testing through symbols to generate target data, wherein the specific hybrid testing steps are as follows:
the first step is as follows: when the Fuzzing test is blocked, calling a symbol execution part, starting analysis application by symbol execution, and limiting user input according to an input value obtained by Fuzzing in the last step;
the second step is that: according to the input obtained by the fuzzer, symbol execution starts optimization, the input of an unexplored path is identified, and when a new input is found by symbol execution, the new input is immediately transmitted back to the Fuzzing part;
the third step: the fuzzy part generates variation according to the input, executes new ACom in a fuzzy mode, and meanwhile the fuzzy test engine executes in a circulating mode between fuzzy and symbol execution until the input cause of Crash is found and processed to generate template data.
Further, in the step (3), after the fuzzy test is performed for a plurality of rounds in the hybrid fuzzy test engine, the machine learning starts and the template data is collected for the analysis learning and the update data is generated, and the specific analysis learning steps are as follows:
s1, analyzing template data generated in a mixed test process and taking the template data as an input sample;
s2, calling a coverage rate detection module afl, performing gradient guidance input generation process and identifying an input byte with the highest gradient value by learning and analyzing the relation between Crash and the coverage rate;
and S3, analyzing and judging the variation position which is beneficial to improving the coverage rate, taking the varied weight model as a generator, inputting the current network data traffic packet collected in the step (1) into the generator again to generate a large amount of seed data, and repeating machine learning for multiple times to generate updated data.
Further, the network protocol sequence in step (4) starts to perform protocol updating processing by receiving updated data generated by a hybrid test of fuzzy test and machine learning, and the specific protocol updating step is as follows:
SS1, carrying out statistics on a basic block sequence generated by an original network protocol data packet file set to obtain a probability model;
and (4) SS2: generating new basic blocks iteratively according to the transition probability among the basic blocks until end is generated, and finally generating a new complete basic block sequence, namely a new network protocol data packet sequence;
and (4) SS3: through continuous iteration, the network protocol sequence generator starts to fit a functional relation between the basic block sequence and the sequence of the corresponding network protocol data packet, connects the new network protocol sequence, and adds modification data to complete the generation of the final network protocol sequence.
Further, in step (5), after receiving the new network protocol sequence, the network intermediate proxy device starts to start an auxiliary program to interact with the network service program, where the network intermediate proxy device is one of a hub, a repeater, and a switch, and the specific interaction steps are as follows:
i, starting an auxiliary program, wherein the auxiliary program checks whether a network service program is started, and if the network service program is not started, the network service program to be tested is started;
II, transmitting the environment variable into a network service program to be tested, recording coverage rate information during testing by the network service program and sending the coverage rate information to the current shared memory;
and III, when a new test is carried out, the auxiliary program repeatedly reads the input and sends the input to the target network service program through the network.
Further, the auxiliary program in the step (6) marks the position of the vulnerability by monitoring that the corresponding packet position is lost by the network server program and processes the vulnerability to generate vulnerability data.
Further, the vulnerability data in the step (7) is analyzed through a Crash processing module, and meanwhile, a symbol execution module is used for analyzing a Crash generation path and the final memory state to obtain a specific vulnerability type and feeding the vulnerability type back to a user.
Compared with the prior art, the invention has the beneficial effects that:
1. the mixed network fuzzy test tool based on the neural network is applied to the network protocol test by a method of mixing symbolic execution and fuzzy test, solves the problem of low coverage rate in a highly complex logic judgment program facing the network protocol in the traditional fuzzy test, reduces the state space needing traversal, and solves the problem of energy waste in a complex judgment analysis environment facing the network program;
2. the hybrid network fuzzy test tool based on the neural network has the advantages that the automation of template generation is realized, meanwhile, the coverage rate is checked through the shared memory based on the AFL, the fuzzy tester and the network application program are not required to be modified through the intermediate proxy application, the labor cost is reduced, the applicability is improved, and the manpower, material resources and financial resources are saved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
Fig. 1 is a flow chart of a hybrid network fuzzy test tool based on a neural network according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
In the description of the present invention, it is to be understood that the terms "upper", "lower", "front", "rear", "left", "right", "top", "bottom", "inner", "outer", and the like, are used in the orientations and positional relationships indicated in the drawings, which are based on the orientations and positional relationships indicated in the drawings, and are used for convenience of description and simplicity of description, but do not indicate or imply that the devices or elements referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention.
Referring to fig. 1, a hybrid network fuzzy test tool based on a neural network includes the following steps:
(1) Collecting and processing data flow packets: collecting the data traffic packets of the existing network and carrying out clustering division processing to generate seed data;
(2) Start to perform the fuzz test: starting a hybrid fuzzy test engine to start fuzzy test;
(3) Starting machine learning: starting machine learning after the fuzzy test reaches a certain time;
(4) Updating the network protocol: updating an original network protocol sequence;
(5) Starting an auxiliary program and a network service program: the network intermediate agent equipment starts to start an auxiliary program and a network service program;
(6) Marking the loophole: the auxiliary program detects the network service program and marks the vulnerability position to generate vulnerability data;
(7) Vulnerability type analysis and feedback: and analyzing the vulnerability data and feeding back the vulnerability data to a user.
The current network data traffic packets in the step (1) are collected through different collection software, wherein the different collection software comprises LipPcap, winPcap and JPcap, the collected current network data traffic packets are clustered and divided and processed to generate seed data, and the specific clustering and dividing steps are as follows:
the method comprises the following steps: classifying the data traffic packets of the current network according to different types, wherein the different types comprise ICMP, ICMPv4, TCP, UDP, IPv4 and IPv6;
step two: automatically constructing Fuzz data by the ICMP, the ICMPv4, the TCP, the UDP, the IPv4 and the IPv6 data through a countermeasure generation network;
step three: a large amount of Fuzz data is constructed and processed to generate seed data.
In the step (2), the hybrid fuzzy test engine is started and starts to collect seed data for fuzzy test, and target data is generated through hybrid test of symbolic execution and fuzzy test, wherein the specific hybrid test comprises the following steps:
the first step is as follows: when the Fuzzing test is blocked, calling a symbol execution part, starting analysis application by symbol execution, and limiting user input according to an input value obtained by Fuzzing in the last step;
the second step is that: according to the input obtained by the fuzzer, symbol execution starts optimization, the input of an unexplored path is identified, and when a new input is found by symbol execution, the new input is immediately transmitted back to the Fuzzing part;
the third step: the fuzzy part generates variation according to the input, executes new ACom in a fuzzy mode, and meanwhile the fuzzy test engine executes in a circulating mode between fuzzy and symbol execution until the input cause of Crash is found and processed to generate template data.
In the step (3), after the fuzzy test is executed for a plurality of rounds in the hybrid fuzzy test engine, machine learning starts and template data is collected for analysis and learning to generate updated data, and the specific analysis and learning steps are as follows:
s1, analyzing template data generated in a mixed test process and taking the template data as an input sample;
s2, calling a coverage rate detection module afl, performing gradient guidance input generation process and identifying an input byte with the highest gradient value by learning and analyzing the relation between Crash and the coverage rate;
and S3, analyzing and judging a variation position which is helpful for improving the coverage rate, taking a varied weight model as a generator, inputting the current network data traffic packet collected in the step (1) into the generator again to generate a large amount of seed data, and repeating machine learning for multiple times to generate updated data.
In the step (4), the network protocol sequence starts to perform protocol updating processing by receiving updated data generated by a mixed test of fuzzy test and machine learning, and the specific protocol updating step is as follows:
SS1, carrying out statistics on a basic block sequence generated by an original network protocol data packet file set to obtain a probability model;
and (4) SS2: generating new basic blocks iteratively according to the transition probability among the basic blocks until end is generated, and finally generating a new complete basic block sequence, namely a new network protocol data packet sequence;
and (4) SS3: through continuous iteration, the network protocol sequence generator starts to fit a functional relation between the basic block sequence and the sequence of the corresponding network protocol data packet, connects the new network protocol sequence, and adds the modification data to complete the generation of the final network protocol sequence.
In the step (5), the network intermediate proxy device starts to start an auxiliary program to interact with the network service program after receiving the new network protocol sequence, the network intermediate proxy device is one of a hub, a repeater or a switch, and the specific interaction steps are as follows:
i, starting an auxiliary program, wherein the auxiliary program checks whether a network service program is started, and if the network service program is not started, the network service program to be tested is started;
II, transmitting the environment variable into a network service program to be tested, recording coverage rate information during testing by the network service program and sending the coverage rate information to the current shared memory;
and III, when a new test is carried out, the auxiliary program repeatedly reads the input and sends the input to the target network service program through the network.
And (6) the auxiliary program marks the position of the vulnerability by monitoring the loss of the corresponding packet position of the network server program and processes the vulnerability to generate vulnerability data.
And (4) analyzing the vulnerability data in the step (7) through a Crash processing module, and simultaneously analyzing a Crash generation path and the final memory state by using a symbol execution module to obtain a specific vulnerability type and feeding the vulnerability type back to a user.
The working principle and the using process of the invention are as follows: the wireless sensor network transmission method comprises the steps that firstly, a current network data flow packet is collected through different collection software, the different collection software comprises LipPcap, winPcap and JPcap, the collected current network data flow packet is classified according to different types, the different types comprise ICMP, ICMPv4, TCP, UDP, IPv4 and IPv6, the ICMP, ICMPv4, TCP, UDP, IPv4 and IPv6 data automatically construct Fuzz data through a countermeasure generation network, a large amount of Fuzz data are constructed and processed to generate seed data, a hybrid fuzzy test engine is started and starts to collect the seed data to perform fuzzy test, target data are generated through hybrid test of symbol execution and fuzzy test, when the fuzzy test is blocked, a symbol execution part is called, analysis application is started through symbols, user input is limited according to an input value obtained by Fuzzing, optimization is started through symbols according to input obtained by fuzzer, identifying inputs for executing unexplored paths, when a new input is found in symbolic execution, immediately transferring back to a Fuzzing part, generating variation according to the inputs by the Fuzzing part, fuzzily executing new ACom, and circularly executing a Fuzzing test engine between the Fuzzing and symbolic execution until a cause for the input of Crash is found and processed to generate template data, after the Fuzzing test is executed for a plurality of times in a hybrid Fuzzing test engine, machine learning begins to analyze the template data generated in the process of a hybrid test flow and takes the template data as an input sample, calling afl coverage rate detection module, gradient-guiding the input generation process and identifying the input byte with the highest gradient value by learning and analyzing the relation between Crash and the coverage rate, analyzing and judging which positions of the variation are helpful for improving the coverage rate, taking a varied weight model as a generator, inputting the original network data traffic packet into the generator again to generate a large amount of seed data, the method comprises the steps that machine learning is repeatedly carried out for many times to generate updating data, a network protocol sequence starts to carry out protocol updating processing through the updating data generated by a mixed test of fuzzy test and machine learning, a network intermediate agent device starts to start an auxiliary program to interact with a network service program after receiving a new network protocol sequence, the network intermediate agent device is one of a hub, a repeater or a switch, the auxiliary program marks a vulnerability position by monitoring the loss of a corresponding packet position of the network server program and processes the vulnerability position to generate vulnerability data, the vulnerability data are analyzed through a Crash processing module, and meanwhile a symbol execution module is used for analyzing a Crash generation path and a final memory state to obtain a specific vulnerability type and feed the vulnerability type back to a user.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.

Claims (4)

1. A hybrid network fuzzy test tool based on a neural network is characterized in that a test method of the test tool comprises the following specific steps:
(1) Collecting and processing data flow packets: collecting the data traffic packets of the existing network and carrying out clustering division processing to generate seed data;
(2) Start to perform the fuzz test: starting a hybrid fuzzy test engine to start fuzzy test;
(3) Starting machine learning: starting machine learning after the fuzzy test reaches a certain time;
(4) Updating the network protocol: updating an original network protocol sequence;
(5) Starting an auxiliary program and a network service program: the network intermediate agent equipment starts to start an auxiliary program and a network service program;
(6) Marking the loophole: the auxiliary program detects the network service program and marks the vulnerability position to generate vulnerability data;
(7) Vulnerability type analysis and feedback: analyzing the vulnerability data and feeding back the vulnerability data to a user;
in the step (2), the hybrid fuzzy test engine is started and starts to collect seed data for fuzzy test, and target data is generated through hybrid test of symbolic execution and fuzzy test, wherein the specific hybrid test steps are as follows:
the first step is as follows: when the fuzzy test is blocked, calling a symbol execution part, starting analysis application by symbol execution, and limiting user input according to an input value obtained by seed data;
the second step: according to the input obtained by the fuzzer, symbol execution starts optimization, the input of an unexplored path is identified, and when a new input is found by symbol execution, the new input is immediately transmitted back to the Fuzzing part;
the third step: the fuzzy part generates variation according to the input, fuzzing and executing new ACom in a fuzzy mode, and meanwhile, a fuzzy test engine executes in a circulating mode between the fuzzy and symbol execution mode until the input cause of Crash is found and processed to generate template data, wherein the fuzzy is the fuzzy test;
in the step (3), after the fuzzy test is executed for multiple rounds in the hybrid fuzzy test engine, machine learning starts and template data is collected for analysis and learning to generate updated data, and the specific analysis and learning steps are as follows:
s1, analyzing template data generated in a mixed test process and taking the template data as an input sample;
s2, calling a coverage rate detection module of afl, and performing gradient guidance input generation process and identifying an input byte with the highest gradient value by learning and analyzing the relation between Crash and the coverage rate;
s3, analyzing and judging variation positions which are beneficial to improving the coverage rate, taking a varied weight model as a generator, inputting the current network data traffic packet collected in the step (1) into the generator again to generate a large amount of seed data, and repeatedly performing machine learning for multiple times to generate updated data;
in the step (4), the network protocol sequence starts to perform protocol updating processing by receiving updated data generated by a mixed test of fuzzy test and machine learning, and the specific protocol updating step is as follows:
SS1, carrying out statistics on a basic block sequence generated by an original network protocol data packet file set to obtain a probability model;
and SS2: generating new basic blocks iteratively according to the transition probability among the basic blocks until end is generated, and finally generating a new complete basic block sequence, namely a new network protocol data packet sequence;
and (4) SS3: through continuous iteration, the network protocol sequence generator starts to fit a functional relation between a basic block sequence and a sequence of a corresponding network protocol data packet, a new network protocol sequence is connected, and modification data are added to complete the generation of a final network protocol sequence;
in the step (5), the network intermediate proxy device starts to start an auxiliary program to interact with the network service program after receiving the new network protocol sequence, the network intermediate proxy device is one of a hub, a repeater or a switch, and the specific interaction steps are as follows:
i, starting an auxiliary program, wherein the auxiliary program checks whether a network service program is started, and if the network service program is not started, the network service program to be tested is started;
II, transmitting the environment variable into a network service program to be tested, recording coverage rate information during testing by the network service program and sending the coverage rate information to the current shared memory;
and III, when a new test is carried out, the auxiliary program repeatedly reads the input and sends the input to the target network service program through the network.
2. The hybrid network fuzzy test tool based on the neural network as claimed in claim 1, wherein the existing network data traffic packets in step (1) are collected by different collection software, the different collection software includes LipPcap, winPcap and JPcap, and the collected existing network data traffic packets are clustered and divided and processed to generate seed data, and the specific clustering and dividing steps are as follows:
the method comprises the following steps: classifying the data traffic packets of the current network according to different types, wherein the different types comprise ICMP, ICMPv4, TCP, UDP, IPv4 and IPv6;
step two: automatically constructing Fuzz data by the ICMP, the ICMPv4, the TCP, the UDP, the IPv4 and the IPv6 data through a countermeasure generation network;
step three: a large amount of Fuzz data is constructed and processed to generate seed data.
3. The neural network-based hybrid network fuzz testing tool of claim 1, wherein the assistant program in step (6) marks the vulnerability location by monitoring the loss of the corresponding packet location by the network server program and processes to generate vulnerability data.
4. The tool of claim 1, wherein the vulnerability data in step (7) is analyzed by a Crash processing module, and a symbolic execution module is used to analyze Crash generation paths and final memory states to obtain specific vulnerability types and feed the vulnerability types back to a user.
CN202110379602.2A 2021-04-08 2021-04-08 Hybrid network fuzzy test tool based on neural network Active CN113114534B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110379602.2A CN113114534B (en) 2021-04-08 2021-04-08 Hybrid network fuzzy test tool based on neural network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110379602.2A CN113114534B (en) 2021-04-08 2021-04-08 Hybrid network fuzzy test tool based on neural network

Publications (2)

Publication Number Publication Date
CN113114534A CN113114534A (en) 2021-07-13
CN113114534B true CN113114534B (en) 2022-11-25

Family

ID=76715144

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110379602.2A Active CN113114534B (en) 2021-04-08 2021-04-08 Hybrid network fuzzy test tool based on neural network

Country Status (1)

Country Link
CN (1) CN113114534B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114666257B (en) * 2022-03-23 2023-11-14 成都卓源网络科技有限公司 Network protocol fuzzy test method and framework
CN114979033B (en) * 2022-06-13 2023-05-09 华北理工大学 Intranet nerve computing system based on programmable data plane
CN115964275B (en) * 2022-12-13 2023-08-29 北京水木羽林科技有限公司 Distributed fuzzy test acceleration method and system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108470003A (en) * 2018-03-24 2018-08-31 中科软评科技(北京)有限公司 Fuzz testing methods, devices and systems
CN109379329B (en) * 2018-09-05 2021-12-21 中国人民解放军战略支援部队信息工程大学 Network security protocol fuzzy test method and system based on LSTM
CN109474607A (en) * 2018-12-06 2019-03-15 连云港杰瑞深软科技有限公司 A kind of industrial control network safeguard protection monitoring system
CN110912776B (en) * 2019-11-27 2021-09-28 中国科学院信息工程研究所 Automatic fuzzy test method and device for entity router management protocol
CN112052156B (en) * 2020-07-15 2022-07-29 浙江木链物联网科技有限公司 Fuzzy test method, device and system

Also Published As

Publication number Publication date
CN113114534A (en) 2021-07-13

Similar Documents

Publication Publication Date Title
CN113114534B (en) Hybrid network fuzzy test tool based on neural network
CN108600193A (en) A kind of industry control honey jar recognition methods based on machine learning
EP2976865B1 (en) Firewall testing
CN111488577B (en) Model building method and risk assessment method and device based on artificial intelligence
EP2264945B1 (en) Communication analysis apparatus
CN114050979B (en) Industrial control protocol safety test system and device
CN111935063B (en) Abnormal network access behavior monitoring system and method for terminal equipment
CN110995764B (en) Mobile cellular network application layer data flow fuzzy test method, electronic equipment and storage medium
CN111143852A (en) Multi-module penetration testing system based on cooperative control
CN107121602A (en) Vehicle-mounted central control system interference source finding method
CN113219940A (en) FCT test system with one computer controlling multiple test stations and control method
CN102750143A (en) Digital signal processing (DSP) developing method based on matrix laboratory (MATLAB) component object model (COM) component calling
CN116094850A (en) Network protocol vulnerability detection method and system based on system state tracking graph guidance
CN103457957B (en) A kind of network penetration test macro and method with adaptation function
CN113849817B (en) Detection method and device for pollution loopholes of JavaScript prototype chain
CN114546851A (en) Vehicle domain controller test method, system, device and storage medium
CN114840856A (en) State-aware Internet of things trusted execution environment fuzzy test method and system
CN114330363A (en) Industrial control protocol vulnerability mining method based on vulnerability semantic intelligent analysis
CN113760753A (en) QUIC protocol testing method based on gray box fuzzy technology
CN112650765A (en) Method, device and equipment for judging station faults and storage medium
CN112905493A (en) Structured fuzzy test method based on conversion test
CN114666257B (en) Network protocol fuzzy test method and framework
CN117896237B (en) Multi-device intercommunication scene supervision system aiming at network networking
CN117692943A (en) WiFi6 air interface message automatic test method and device
CN116861673B (en) Multi-user remote online collaborative design system and method based on data sharing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant