CN114666257B - Network protocol fuzzy test method and framework - Google Patents
Network protocol fuzzy test method and framework Download PDFInfo
- Publication number
- CN114666257B CN114666257B CN202210287273.3A CN202210287273A CN114666257B CN 114666257 B CN114666257 B CN 114666257B CN 202210287273 A CN202210287273 A CN 202210287273A CN 114666257 B CN114666257 B CN 114666257B
- Authority
- CN
- China
- Prior art keywords
- test
- network protocol
- data
- fuzzy
- framework
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000010998 test method Methods 0.000 title claims abstract description 10
- 238000012360 testing method Methods 0.000 claims abstract description 129
- 238000000034 method Methods 0.000 claims abstract description 42
- 230000008569 process Effects 0.000 claims description 21
- 238000012544 monitoring process Methods 0.000 claims description 15
- 230000035772 mutation Effects 0.000 claims description 10
- 230000002159 abnormal effect Effects 0.000 claims description 8
- 238000010276 construction Methods 0.000 claims description 7
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 3
- 238000006467 substitution reaction Methods 0.000 abstract description 2
- 230000009466 transformation Effects 0.000 abstract description 2
- 230000004044 response Effects 0.000 description 5
- 230000005856 abnormality Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000003471 mutagenic agent Substances 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 240000005809 Prunus persica Species 0.000 description 1
- 235000006040 Prunus persica var persica Nutrition 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013499 data model Methods 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000428 dust Substances 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/24—Testing correct operation
- H04L1/242—Testing correct operation by comparing a transmitted test signal with a locally generated replica
- H04L1/244—Testing correct operation by comparing a transmitted test signal with a locally generated replica test sequence generators
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/03—Protocol definition or specification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The invention discloses a network protocol fuzzy test method and a framework. The invention realizes the data generation strategy of the configurable parameters, uses a variation method of logarithmic function value for the fields of the numerical value types in the protocol model according to the nature of fuzzy data generation, uses a variation method of character substitution and width transformation for the fields of the character string types, and supports a method of simultaneous blurring of double fields. When the tool is used, all the variation methods can configure parameters according to the characteristics of the protocol, so that the generated fuzzy data has a certain degree of deformity and coverage width, and the effectiveness of the protocol fuzzy test is improved.
Description
Technical Field
The invention relates to the technical field of fuzzy test, in particular to a network protocol fuzzy test method and a framework.
Background
Fuzzing (Fuzzing) is a method of discovering software vulnerabilities by providing unexpected inputs to a target system and monitoring for anomalous results. The core idea is to automatically or semi-automatically generate random data to be input into a program, and monitor target program exception, such as crash, assertion (assertion) failure, so as to find possible program errors, such as memory leakage, etc.
The test object of the network protocol fuzzer is mainly a network protocol analysis module in various network products, and aims to test whether a vulnerability exists in the process of assembling and analyzing the network protocol. The idea is that the fuzzifier communicates with the measured target through Socket, sends a variant or fuzzy value containing errors to the measured target application, and monitors the target application to find errors.
The use of a network protocol fuzzifier for fuzzification testing requires first researching specifications and standards of various protocols in order to create reasonable test data.
Currently, there are two most common network protocol ambiguity test implementations:
1) Client and server test mode
I.e. the fuzzifier and the object under test are the two endpoints of the test procedure, respectively. At this point, the obfuscator may act as a client to test the security of a server program, such as a Web service program. Meanwhile, the obfuscator can also play a role of a server for testing security of the client program.
The monitoring module in the fuzzifier is used for collecting and analyzing the behaviors of the tested object to judge whether abnormal conditions exist or not.
2) Device test mode for firewall, router, security gateway, etc. deployed in the middle of network
In the process that the data constructed by the obfuscator is sent to the protocol server, the measured object between the obfuscator and the protocol server plays a role in reorganizing and analyzing the measured object, and once errors occur in the reorganizing and analyzing processes, abnormal states of the measured object can be caused.
The monitoring module in the fuzzifier is used for collecting and analyzing the abnormal state of the tested object and finally positioning the vulnerability. By the method, the security hole of the tested object in the network protocol processing process can be found.
Network protocol fuzzing targets include any task software that is capable of accepting network data. In the OSI7 layer model, there may be implementation problems in each layer from the data link layer to the application layer, and then the test object is fully examined and tested in each layer.
According to the different utilization degrees of the source codes of the software to be tested by the common network protocol testing method, the network protocol fuzzy test can be divided into a black box fuzzy test, a white box fuzzy test and a gray box fuzzy test. The prior various types of fuzzy test tools have the following four technical defects: firstly, the expansibility is insufficient, the supported protocol is limited, and the tool source code needs to be changed when a new protocol is supported in expansion; the flexibility is not enough, and a certain state of the protocol cannot be specified for testing; for different protocols, the effect of the self-learning state machine is different; client software that does not support a test protocol.
The black box fuzzy test tool Peach has no coverage rate feedback and low test efficiency when testing a network protocol; and the model files are time-consuming and labor-consuming in the construction process. The gray box fuzzy test tool can only test the initial state when testing the network protocol; and to test multiple states, AFL source code or program source code to be tested needs to be changed. The ash box fuzzy test tool AFLNET special for the multi-state network protocol also has the problem of insufficient universality, does not support a test protocol client program, does not support a test routing protocol, and only supports a server program of a part of protocols; in addition, when a new protocol is expanded, processing logic of the new protocol needs to be added into the AFLNET source code, the expansion difficulty is high, and the effect of fuzzy test is also influenced by the quality of response state code selection in the processing logic.
Disclosure of Invention
Aiming at the defects in the prior art, the network protocol fuzzy test method and the framework provided by the invention solve the problems of coverage rate and test efficiency in the dust box fuzzy test tool.
In order to achieve the aim of the invention, the invention adopts the following technical scheme: a network protocol ambiguity test method comprises the following steps:
s1, constructing a data packet;
s2, capturing a data packet by utilizing a WinPcap tool;
s3, after the data are captured, analyzing the captured data, and displaying the content of the data;
s4, after capturing the data, allowing a user to express the position where variation can be carried out in the data packet so as to carry out a fuzzy test;
s5, creating a bare data packet with any byte value in the data packet appointed by a user, ensuring that the bare data packet accords with the RFC defined structure, and carrying out fuzzy test on the protocol header through a fuzzy tester.
Further: the specific steps of the step S4 are as follows: the user is allowed to add a label to the data content displayed in hexadecimal fashion, indicating the portion where the blur test was performed.
Further: the tag includes:
[ XX ] -denotes mandatory that all possible byte values will be tested for ambiguity with bracketed bytes, each byte will be tested for 256 times;
< XX > -represents a character string, a predefined, variable length character string is obtained from a user-controlled text file, and a fuzzy test is performed on the character string represented in hexadecimal fashion.
Further: a network protocol fuzzy test framework comprises a test generator, an error monitoring module and a target program operator;
the test generator is used for constructing test cases;
the target program operator is used for starting a program to be tested before each round of test in a program execution stage;
the error monitoring module is used for identifying and recording abnormal conditions occurring in the running process of the program in the vulnerability monitoring stage.
Further: the construction of the test cases comprises the steps of constructing the test cases based on generation and constructing the test cases based on mutation.
Further: the test case based on the generation and construction specifically comprises the following steps: and analyzing the input model by using the input model provided by the tester to obtain an input format, and generating a new test case according to the input format.
Further: the mutation-based test case construction specifically comprises the following steps: and generating a new test case on the basis of modifying the test sample provided by the tester, directly modifying the existing data without knowing the input format, and constructing the test case.
Further: the object program operator supports 5 types of I/O interfaces, which are respectively transmitting and receiving a raw IPv4 data packet with an IP header, transmitting and receiving a raw IPv6 data packet with an IP header, transmitting and receiving a TCP data packet, transmitting and receiving a UDP data packet, and transmitting and receiving an HTTP data packet.
Further: during program execution, if unexpected states occur, a vulnerability is considered to exist, the unexpected states including observable and unobservable abnormal behavior.
The beneficial effects of the invention are as follows: the invention realizes the data generation strategy of the configurable parameters, uses a variation method of logarithmic function value for the fields of the numerical value types in the protocol model according to the nature of fuzzy data generation, uses a variation method of character substitution and width transformation for the fields of the character string types, and supports a method of simultaneous blurring of double fields. When the tool is used, all the variation methods can configure parameters according to the characteristics of the protocol, so that the generated fuzzy data has a certain degree of deformity and coverage width, and the effectiveness of the protocol fuzzy test is improved.
Drawings
FIG. 1 is a flow chart of a fuzzy test method in accordance with the present invention;
FIG. 2 is a diagram of a fuzzy test framework in accordance with the present invention;
fig. 3 is a schematic diagram of an automatic model file generator.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and all the inventions which make use of the inventive concept are protected by the spirit and scope of the present invention as defined and defined in the appended claims to those skilled in the art.
As shown in fig. 1, a network protocol ambiguity test method includes the following steps:
s1, constructing a data packet
Creating a template based on the existing legal data packet by using a data packet variation method, and indicating a method needing modification in the template;
s2, capturing a data packet by utilizing a WinPcap tool;
s3, after the data are captured, analyzing the captured data, and displaying the content of the data in a format easy to understand;
s4, after capturing the data, allowing a user to express the position where variation can be carried out in the data packet so as to carry out a fuzzy test;
the user is allowed to add a label to the data content displayed in hexadecimal fashion, indicating the portion where the blur test was performed.
[ XX ] -denotes mandatory that all possible byte values will be tested for ambiguity with bracketed bytes, each byte will be tested for 256 times;
< XX > -represents a character string, a predefined, variable length character string is obtained from a user-controlled text file, and a fuzzy test is performed on the character string represented in hexadecimal fashion.
S5, creating a bare data packet with any byte value in the data packet appointed by a user, ensuring that the bare data packet accords with the RFC defined structure, and carrying out fuzzy test on the protocol header through a fuzzy tester.
As shown in fig. 2, a network protocol ambiguity test framework includes a test generator, an error monitoring module, and a target program operator;
the test generator is mainly used for constructing test cases, and in the case construction stage, the quality of the constructed test cases determines the fuzzy test efficiency and the number of discoverable loopholes. According to the data generation mode, the test case is generally constructed by two methods, one is based on the generation of the test case, the new test case generated in the mode has a certain format constraint, an input model provided by a tester is generally used for analyzing the input model to obtain an input format, and then a new test case is generated according to the input format. And secondly, constructing a test case based on mutation, wherein the method is to generate a new test case based on modifying the test case provided by a tester, and directly modify the existing data (such as files and network messages) without knowing the input format to construct the test case. The fuzzy test based on mutation hardly needs to know the input format required by the program to be tested, and has low requirements on testers. For file resolvers or network protocols with strict format requirements, effective test cases are easier to construct based on the generated fuzzy test, but a great deal of research work is needed by researchers in advance, the file format or network protocol message format is analyzed, and a model file is manually written. The analysis of data input and output of a target in protocol implementation, and the generation of input data which covers all paths of codes as much as possible are key steps for effective fuzzy test, and are also important directions of the development and research of the fuzzy test to automation and intellectualization. The test generator is a test case generated by the cooperative work of a protocol analyzer, a protocol state machine and a mutator, the protocol analyzer solves the problem of format specification in the protocol test data packet, and the protocol state machine solves the problem of time sequence specification among the data packets. The generation mode can effectively improve the depth and the breadth which can be achieved by protocol testing.
The target program executor, also called target program executor, mainly acts in the program execution stage, and the test tool is responsible for starting the program to be tested before each test. Since the purpose of the fuzzy test is to find as many vulnerabilities as possible, the process of the fuzzy test is not always actively stopped because of finding a vulnerability, but the test process is circulated until the timeout time of the program or other preset termination conditions are reached. The actuator is an I/O interface for the test tool to send and receive data. The executor design supports 5 types of I/O interfaces, namely, sending and receiving a raw IPv4 data packet with an IP header, sending and receiving a raw IPv6 data packet with an IP header, sending and receiving a TCP data packet, sending and receiving a UDP data packet, and sending and receiving an HTTP data packet. The 4 modules of the protocol analyzer, the protocol state machine, the mutator and the executor operate cooperatively to generate random test data under the effective rule and send the data as input to the target to be tested, so the data can also be combined together to be called as a generating engine.
The error monitoring module is mainly used in the vulnerability monitoring stage, and the testing tool is responsible for identifying and recording abnormal conditions in the running process of the program. In the process of program execution, if an unexpected state occurs, a bug is considered to exist, and the unexpected state can be divided into observable and unobservable states. Typically, no specific document describes the expected and unexpected states of the program, and observable abnormal behavior is generally considered as unexpected states. This simplified process means that the fuzzy test may suffer from a false positive problem, i.e. a false positive when an unexpected condition is encountered that is not observed. Monitoring for errors, anomalies, is a very important but often neglected step in the testing process. The definition of the target anomalies is diverse, as the amount of data packets generated by the fuzzy test is very large. When the tested object does not respond, crashes, the CPU uses 100% or the returned data is incorrect, the whole testing process has no meaning if the data packet cannot be determined to be the cause of the real crash of the server. The running of the target program is monitored and recorded in real time, and test data causing the abnormality of the target program can be found, so that the abnormality is reproduced. Monitors of tools can be divided into two types. The method is characterized in that the method is operated simultaneously with a testing tool, a reconnaissance package confirmation method is adopted as a part of a tool assembly in the design process of the framework, namely, after an actuator sends a group of malformed testing data to a tested target, a normal reconnaissance package is introduced, and the operation state of the tested target is monitored by observing and analyzing the response condition of the tested target to the reconnaissance package data. For example, when the object to be tested is a Web server, using HTTP protocol interaction, the executor may send a "HTTP Get" request scout packet to the object to be tested after sending a set of malformed test data, and confirm that a response is received before sending the next set of malformed data packet, so as to determine whether the system of the object to be tested has abnormality under the action of the malformed message. By default, the Web server should return the Http status code for the request. If the response of the detected object to the reconnaissance package does not accord with the RFC standard, the key analysis can be carried out. In another case, when the target object cannot be monitored by using the method for testing the target response, the frame design adopts a debugging tracking method to monitor the abnormality of the tested target, and the contents such as the running state of the process, the memory address and the like are checked by means of a WinDbg tool. The logger, monitor may be referred to collectively as a "monitoring engine". The background monitoring engine can record the abnormal information of the target to be detected in a log mode so as to assist a user in locating and generating an abnormal position, and therefore the error is repaired.
As shown in fig. 2, the automatic model file generator includes two parts, namely a parser and a generator, and the parser is responsible for extracting message data information, state transition information and configuration information according to template input. The generator is responsible for generating various parts in the model file, including a data model, a state model and a test configuration, by utilizing the information acquired by the parser, and writing the parts into the model file according to the format specification and the grammar constraint of the model file.
In one embodiment of the present invention, after the fuzzy test engine is started, the seed selection and mutation process is performed first, and after the mutation seed is generated, the mutation seed is written into a specific file, and the specific file (mutation seed) is used for the intelligent state guidance engine to read so as to test the target state of the protocol. And then, the intelligent state guiding engine is informed to start the interaction of the state guiding message and the variant message with the protocol software to be tested by sending a start message through the pipeline. After receiving the end message, the fuzzy test engine collects the running conditions of the round of test, including code coverage information, crash information and the like. If the current round of testing explores a path that has not been previously performed, the variant seed is considered a valuable seed, which is saved to the tail of the seed queue for later fuzzy testing. The entire process is repeated until the test process reaches a preset timeout or is terminated manually.
After the intelligent state guide engine is started, the model file is firstly analyzed, a protocol state conversion model is constructed according to the model file, and then the fuzzy test engine is waited to send a start message. After receiving the message, executing a state conversion process, and if a guiding state exists, interacting with the program to be tested by using a normal protocol message in the state, so that the program to be tested can quickly reach a target state. When the program to be tested reaches the target state, the intelligent state guiding engine reads the variable seeds aiming at the target state fuzzy test and provided by the gray box fuzzy test engine, packages the variable seeds into a variable message and sends the variable message to the program to be tested. And finally, using the pipeline to send an end message to inform that the message interaction of the current round is finished, then continuing to wait for the ash box fuzzy test engine to send a start message, and repeating the whole flow until the test process reaches the preset timeout time or is manually terminated.
The invention takes automatic generation of model files as an example, and analyzes the advantages of the automatic generation technology of model files in terms of code input scale, grammar complexity and effectiveness of generating model files. The network protocol fuzzy test system designed by the invention can effectively simplify the model file construction process, improve the code coverage rate and has stronger expansibility and universality.
Claims (8)
1. The network protocol ambiguity test method is characterized by comprising the following steps:
s1, constructing a data packet;
s2, capturing a data packet by utilizing a WinPcap tool;
s3, after the data are captured, analyzing the captured data, and displaying the content of the data;
s4, after capturing the data, allowing a user to express the position where variation can be carried out in the data packet so as to carry out a fuzzy test;
s5, creating a bare data packet with any byte value in the data packet appointed by a user, ensuring that the bare data packet accords with a RFC defined structure, and carrying out fuzzy test on the protocol header through a fuzzy tester;
the specific steps of the step S4 are as follows: the user is allowed to add a label to the data content displayed in hexadecimal fashion, indicating the portion where the blur test was performed.
2. The network protocol fuzzing method of claim 1, wherein the tag comprises:
[ XX ] -denotes mandatory that all possible byte values will be tested for ambiguity with bracketed bytes, each byte will be tested for 256 times;
< XX > -represents a character string, a predefined, variable length character string is obtained from a user-controlled text file, and a fuzzy test is performed on the character string represented in hexadecimal fashion.
3. A network protocol fuzzing framework for implementing the network protocol fuzzing method according to any one of claims 1 or 2, characterized by comprising a test generator, an error monitoring module and a target program operator;
the test generator is used for constructing test cases;
the target program operator is used for starting a program to be tested before each round of test in a program execution stage;
the error monitoring module is used for identifying and recording abnormal conditions occurring in the running process of the program in the vulnerability monitoring stage.
4. The network protocol fuzzing framework of claim 3, wherein the building of test cases includes building test cases based on generation and building test cases based on mutation.
5. The network protocol fuzzing framework of claim 4, wherein the generating-based building test cases specifically comprises: and analyzing the input model by using the input model provided by the tester to obtain an input format, and generating a new test case according to the input format.
6. The network protocol fuzzing framework of claim 4, wherein the mutation-based construction test cases are specifically: and generating a new test case on the basis of modifying the test sample provided by the tester, directly modifying the existing data without knowing the input format, and constructing the test case.
7. The network protocol fuzzing framework of claim 3, wherein the object program operator supports 5 types of I/O interfaces, namely, transmitting and receiving raw IPv4 packets with IP headers, transmitting and receiving raw IPv6 packets with IP headers, transmitting and receiving TCP packets, transmitting and receiving UDP packets, and transmitting and receiving HTTP packets, respectively.
8. A network protocol fuzzing framework according to claim 3 wherein during program execution, if unexpected conditions occur, the unexpected conditions including observable and unobservable abnormal behavior are considered to be present.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210287273.3A CN114666257B (en) | 2022-03-23 | 2022-03-23 | Network protocol fuzzy test method and framework |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210287273.3A CN114666257B (en) | 2022-03-23 | 2022-03-23 | Network protocol fuzzy test method and framework |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114666257A CN114666257A (en) | 2022-06-24 |
| CN114666257B true CN114666257B (en) | 2023-11-14 |
Family
ID=82032079
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210287273.3A Active CN114666257B (en) | 2022-03-23 | 2022-03-23 | Network protocol fuzzy test method and framework |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114666257B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20190107373A (en) * | 2018-03-12 | 2019-09-20 | 주식회사 아이오티큐브 | Fuzzing method and device for network protocol vulnerability detection |
| CN113114534A (en) * | 2021-04-08 | 2021-07-13 | 苏煜程 | Hybrid network fuzzy test tool based on neural network |
| CN113760753A (en) * | 2021-08-19 | 2021-12-07 | 东北大学 | QUIC protocol testing method based on gray box fuzzy technology |
| CN114050979A (en) * | 2021-11-19 | 2022-02-15 | 成都卓源网络科技有限公司 | Industrial control protocol safety test system and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10831646B2 (en) * | 2019-01-02 | 2020-11-10 | International Business Machines Corporation | Resources usage for fuzz testing applications |
-
2022
- 2022-03-23 CN CN202210287273.3A patent/CN114666257B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20190107373A (en) * | 2018-03-12 | 2019-09-20 | 주식회사 아이오티큐브 | Fuzzing method and device for network protocol vulnerability detection |
| CN113114534A (en) * | 2021-04-08 | 2021-07-13 | 苏煜程 | Hybrid network fuzzy test tool based on neural network |
| CN113760753A (en) * | 2021-08-19 | 2021-12-07 | 东北大学 | QUIC protocol testing method based on gray box fuzzy technology |
| CN114050979A (en) * | 2021-11-19 | 2022-02-15 | 成都卓源网络科技有限公司 | Industrial control protocol safety test system and device |
Non-Patent Citations (4)
| Title |
|---|
| 基于Fuzzing测试的工业控制协议漏洞挖掘技术研究;李航;董伟;朱广宇;;电子技术应用(第07期);全文 * |
| 基于网络协议的模糊测试工具设计;赵鑫;巫忠跃;易冬阳;付枭;;通信技术(第11期);全文 * |
| 李航 ; 董伟 ; 朱广宇 ; .基于Fuzzing测试的工业控制协议漏洞挖掘技术研究.电子技术应用.2016,(第07期),全文. * |
| 赵鑫 ; 巫忠跃 ; 易冬阳 ; 付枭 ; .基于网络协议的模糊测试工具设计.通信技术.2019,(第11期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114666257A (en) | 2022-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Pham et al. | Aflnet: a greybox fuzzer for network protocols | |
| CN110505111B (en) | Industrial control protocol fuzzy test method based on flow playback | |
| US8489926B2 (en) | System and method for grammar based test planning | |
| US8006136B2 (en) | Automatic grammar based fault detection and isolation | |
| CN110401581B (en) | Industrial control protocol fuzzy test case generation method based on flow tracing | |
| US20090156314A1 (en) | System and method for re-generating packet load for load test | |
| US11316748B2 (en) | Method and system for generating and managing virtual industrial devices in an industrial network | |
| US9473346B2 (en) | System and method for network path validation | |
| CN108600193A (en) | A kind of industry control honey jar recognition methods based on machine learning | |
| CN112714047A (en) | Industrial control protocol flow based test method, device, equipment and storage medium | |
| CN113938395B (en) | Data analysis method, system, equipment and storage medium | |
| CN113114534B (en) | Hybrid network fuzzy test tool based on neural network | |
| Pfrang et al. | Advancing Protocol Fuzzing for Industrial Automation and Control Systems. | |
| CN114050979A (en) | Industrial control protocol safety test system and device | |
| CN113067738A (en) | Network topology visualization function equipment compatibility testing method and system | |
| CN107113199A (en) | Analytical equipment for analyzing and handling communication sequence | |
| CN115001829A (en) | Protocol vulnerability mining method, device, equipment and storage medium | |
| CN114666257B (en) | Network protocol fuzzy test method and framework | |
| CN107733743B (en) | Method and system for realizing automatic test of Ethernet bus data | |
| CN106301994B (en) | Network communication abnormity testing method and device | |
| CN111931182B (en) | Automatic security vulnerability scanning system and method | |
| CN117254964A (en) | Power grid intelligent terminal protocol vulnerability detection method based on high-order attribute grammar | |
| CN113760753B (en) | QUIC protocol testing method based on gray box blurring technology | |
| CN113032255B (en) | Response noise identification method, model, electronic device and computer storage medium | |
| EP1505505A1 (en) | Method and System for Remotely Diagnosing Devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |