CN116366512A - Test case generation method and device and computer readable storage medium - Google Patents
Test case generation method and device and computer readable storage medium Download PDFInfo
- Publication number
- CN116366512A CN116366512A CN202310404984.9A CN202310404984A CN116366512A CN 116366512 A CN116366512 A CN 116366512A CN 202310404984 A CN202310404984 A CN 202310404984A CN 116366512 A CN116366512 A CN 116366512A
- Authority
- CN
- China
- Prior art keywords
- test case
- target
- data packet
- test
- mutation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 225
- 238000000034 method Methods 0.000 title claims abstract description 81
- 238000003860 storage Methods 0.000 title claims abstract description 17
- 238000004891 communication Methods 0.000 claims abstract description 65
- 230000008569 process Effects 0.000 claims abstract description 34
- 230000035772 mutation Effects 0.000 claims description 51
- 230000002159 abnormal effect Effects 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 9
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000005259 measurement Methods 0.000 description 9
- 230000003993 interaction Effects 0.000 description 8
- 238000006243 chemical reaction Methods 0.000 description 6
- 238000010998 test method Methods 0.000 description 6
- 230000005856 abnormality Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000003780 insertion Methods 0.000 description 4
- 230000037431 insertion Effects 0.000 description 4
- 238000011160 research Methods 0.000 description 4
- 238000011156 evaluation Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000007488 abnormal function Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 240000005809 Prunus persica Species 0.000 description 1
- 235000006040 Prunus persica var persica Nutrition 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000013522 software testing Methods 0.000 description 1
- 125000006850 spacer group Chemical group 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
Abstract
The invention discloses a test case generation method, a test case generation device and a computer readable storage medium. Wherein the method comprises the following steps: determining a target data packet for generating a test case in a target communication protocol, wherein the target data packet is a data packet for completing a data receiving and transmitting process between a client and a server; based on a protocol format of a target communication protocol, generating a first test case by adopting a test case generation strategy; based on the variant byte library, adopting a test case variant strategy to variant the data in the target data packet to obtain a second test case; and determining a target test case based on the first test case and the second test case. The invention solves the technical problem of lacking a method for efficiently and comprehensively carrying out fuzzy test on the MMS protocol of the intelligent substation.
Description
Technical Field
The present invention relates to the field of testing technologies, and in particular, to a method and apparatus for generating a test case, and a computer readable storage medium.
Background
The fuzzy test technology is used for detecting security holes of software or a system, but the supply means of security hole tests for a transformer substation communication protocol in the related technology are too single, the vulnerability exploration in the protocol connection process is lacked, the attack tests are not carried out for the structure of the intelligent transformer substation, and the like.
Therefore, in the related art, there is a technical problem that a fuzzy test method for an intelligent substation MMS protocol is not efficiently and comprehensively performed.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the invention provides a test case generation method, a test case generation device and a computer readable storage medium, which at least solve the technical problem of lack of a method for efficiently and comprehensively carrying out fuzzy test on an MMS protocol of an intelligent substation.
According to an aspect of an embodiment of the present invention, there is provided a test case generating method including: determining a target data packet for generating a test case in a target communication protocol, wherein the target data packet is a data packet for completing a data receiving and transmitting process between a client and a server; based on a protocol format of a target communication protocol, generating a first test case by adopting a test case generation strategy; based on the variant byte library, adopting a test case variant strategy to variant the data in the target data packet to obtain a second test case; and determining a target test case based on the first test case and the second test case.
Optionally, before determining the target data packet used for generating the test case in the target communication protocol, the method further includes: constructing a communication message corresponding to a target communication protocol by adopting a client; and based on data interaction between the communication message and a station control layer terminal in the intelligent substation, establishing connection-oriented transmission protocol connection and initialization connection of a target communication protocol, and constructing a communication path between the client and the intelligent substation based on the target communication protocol.
Optionally, the method further comprises: and analyzing the configuration file of the total station system in the intelligent substation to obtain a target address, wherein the target address is used for a client to send a target test case to the intelligent substation for testing.
Optionally, generating the first test case by using a test case generation policy based on a protocol format of the target communication protocol includes: combining the initial data blocks based on a protocol format of the target communication protocol; and adjusting an initial value in the initial data block according to the actual value range of the variable in the initial data block to obtain a first test case.
Optionally, based on the variant byte library, the data in the target data packet is mutated by adopting a test case mutation policy, so as to obtain a second test case, including: determining a data packet to be mutated in the target data packet; determining a field to be mutated in the data packet to be mutated and a field type corresponding to the field to be mutated; and carrying out mutation on the field to be mutated based on a test case mutation strategy corresponding to the field type to obtain a second test case.
Optionally, in the case that the test mutation policy is insertion mutation byte, the method further includes: updating the length field in the target data packet to enable the length field in the updated target data packet to be matched with the length of the second test case
Optionally, the method further comprises: obtaining a test result of a target test case; and when the test result is that the abnormality occurs, determining the target test case as the test case for the secondary test.
According to another aspect of the embodiment of the present invention, there is also provided a test case generating apparatus, including: the first determining module is used for determining a target data packet for generating a test case in a target communication protocol, wherein the target data packet is a data packet for completing a data receiving and transmitting process between a client and a server; the generating module is used for generating a first test case by adopting a test case generating strategy based on a protocol format of a target communication protocol; the mutation module is used for mutating the data in the target data packet by adopting a test case mutation strategy based on the mutation byte library to obtain a second test case; the second determining module is used for determining the target test case based on the first test case and the second test case.
According to another aspect of the embodiment of the present invention, there is further provided a computer readable storage medium, where the computer readable storage medium includes a stored program, and when the program runs, the device in which the computer readable storage medium is controlled to execute the test case generating method of any one of the above.
According to another aspect of an embodiment of the present invention, there is also provided a computer apparatus including: a memory and a processor, the memory storing a computer program; and the processor is used for executing the computer program stored in the memory, and the computer program enables the processor to execute the test case generation method of any one of the above steps when running.
In the embodiment of the invention, a mode of combining and optimizing the generated test cases and the variant test cases is adopted, a first test case or a variant test case is respectively generated by adopting two different strategies of a test case generation strategy and a test case variant strategy in a target data packet range for completing a data receiving and transmitting process between a client and a server to obtain a second test case, and then the target test case is determined based on the first test case and the second test case, wherein the target test case can be used for completing a fuzzy test when data interaction is carried out between the client and the server, so that a fuzzy test is carried out for a measurement and control equipment communication mechanism of an intelligent substation, the technical effect of receiving variant messages sent by a tester and detecting and excavating abnormal function bytes in MMS communication of the measurement and control equipment is realized, and the technical problem of lacking a high-efficiency comprehensive fuzzy test method for an intelligent substation MMS protocol is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention and together with the description serve to explain the invention and do not constitute a limitation on the invention. In the drawings:
FIG. 1 is a flow chart of a test case generation method provided according to an embodiment of the present invention;
fig. 2 is a flowchart of a power grid terminal ambiguity test method applying an MMS protocol according to an alternative embodiment of the present invention;
FIG. 3 is a schematic diagram of a data transceiving process provided in accordance with an alternative embodiment of the present invention;
fig. 4 is a block diagram of a test case generating apparatus according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Fuzzy test, an automated software testing method, injects illegal, malformed or unexpected inputs into the system to reveal software flaws and vulnerabilities.
MMS, manufacturing Message Specification, manufacture message specification MMS protocol, is a communication protocol based on the ISO/OSI reference model for transmitting data in smart grids. The MMS protocol is a protocol based on a client/server model that allows clients to send requests to servers and receive responses.
As more and more information elements, devices, with communication and information processing capabilities are deployed in various links of the power system, more uncertainties and risks are introduced to the power system. The transformer substation is an important part of a power system, a large number of measurement and control and protection devices and RTUs (real time units) are arranged on a station control layer and a spacer layer in the transformer substation, communication transmission data is carried out among the devices through a 61850 protocol, and a plurality of information safety problems can be generated through destroying the safety of the protocol whether the devices are connected from a side channel or physically.
The current discovery of the vulnerability of the protocol aiming at IEC61850 is still too thin, only the vulnerability of the protocol after the connection is completed is discovered, and the vulnerability of the protocol in the connection process is not explored. How to explore vulnerabilities existing in a protocol connection process and an interaction process according to an IEC61850 protocol implementation process and how to explore an effective space in a protocol fuzzy test, so that enough space and an implementation path can be covered, is a problem to be solved by the invention. On the other hand, the current intelligent substation protocol safety research is still relatively few, and most of the intelligent substation protocol safety research adopts an analog simulation environment or a semi-physical simulation environment. The corresponding attack mode is not explored aiming at the structure of the intelligent substation, the corresponding attack is carried out on the object, the attack mode is single, and the corresponding research is not carried out on equipment at the bottom layer of the substation.
Fuzzy test technology has been applied to the fields of software vulnerability discovery, kernel vulnerability discovery and protocol vulnerability discovery. For the main stream research direction, the important exploration direction is to improve the generation algorithm of the test case and the automation degree of each link. Security issues in the protocol may lead to more serious damage than software vulnerabilities, such as denial of service, information leakage, etc. Representative protocol blurring tools include SPIKE, reach, merge, arnold, and the like. SPIKE provides an open interface-the convenient access to interfaces and user customization functions through the form of APIs, which is the first open source technical tool for protocol fuzzing. Peach is a relatively widely used fuzzy test tool that uses python script, and is currently available for most network protocols.
In view of the foregoing, embodiments of the present invention provide a method embodiment for test case generation, it should be noted that the steps illustrated in the flowchart of the figures may be performed in a computer system, such as a set of computer-executable instructions, and that, although a logical order is illustrated in the flowchart, in some cases, the steps illustrated or described may be performed in an order other than that illustrated herein.
FIG. 1 is a flowchart of a test case generation method according to an embodiment of the present invention, as shown in FIG. 1, the method includes the following steps:
step S102, determining a target data packet for generating a test case in a target communication protocol, wherein the target data packet is a data packet for completing a data receiving and transmitting process between a client and a server;
step S104, generating a first test case by adopting a test case generation strategy based on a protocol format of a target communication protocol;
step S106, based on the variant byte library, adopting a test case variant strategy to variant the data in the target data packet to obtain a second test case;
step S108, determining a target test case based on the first test case and the second test case.
Through the steps, the mode of combining and optimizing the generated test cases and the variant test cases is adopted, in the range of the target data packet for completing the data receiving and transmitting process between the client and the server, the first test case is generated or the second test case is obtained by variation of two different strategies of the test case generation strategy and the test case variation strategy, and then the target test case is determined based on the first test case and the second test case, and can be used for completing fuzzy test when data interaction is performed between the client and the server, so that fuzzy test is performed on the communication mechanism of the measurement and control equipment of the intelligent substation, the technical effect of receiving variant messages sent by a tester and detecting and mining abnormal function bytes in MMS communication of the measurement and control equipment is achieved, and the technical problem of lack of a fuzzy test method for the MMS protocol of the intelligent substation is solved.
It should be noted that, in this embodiment, the target communication protocol may be an MMS protocol.
As an alternative embodiment, before determining the target data packet used for generating the test case in the target communication protocol, the method further includes: constructing a communication message corresponding to a target communication protocol by adopting a client; and based on data interaction between the communication message and a station control layer terminal in the intelligent substation, establishing connection-oriented transmission protocol connection and initialization connection of a target communication protocol, and constructing a communication path between the client and the intelligent substation based on the target communication protocol.
In this embodiment, a personal computer PC may be used as a test device, and a communication message is first constructed, and a connection is established between a client and a server (e.g., an intelligent substation) and data interaction is performed, so that a communication path between the client and the server is constructed, and the generated target test case can be sent to the client/server based on the communication path, so that a fuzzy test is completed by using the test case in the process of performing data interaction between the client and the server.
As an alternative embodiment, the method further comprises: and analyzing the configuration file of the total station system in the intelligent substation to obtain a target address, wherein the target address is used for a client to send a target test case to the intelligent substation for testing.
Before the target test case is sent, the target sending address corresponding to the target test case needs to be determined first, for example, in this embodiment, by analyzing the total station system configuration file (SCD file) of the intelligent substation, the address of the line protection measurement and control device in the intelligent substation can be extracted according to the corresponding relationship between the address of the MMS control block of the intelligent terminal in the SCD file and the destination MAC address in the MMS data communication packet, and the address of the line protection measurement and control device can be used as the target address.
As an alternative embodiment, generating the first test case using the test case generation policy based on the protocol format of the target communication protocol includes: combining the initial data blocks based on a protocol format of the target communication protocol; and adjusting an initial value in the initial data block according to the actual value range of the variable in the initial data block to obtain a first test case.
When the first test case is generated by adopting a test case generation strategy, the first test case can be directly generated according to a message allowable length of a target communication protocol and a random value, or can be generated according to a protocol format of the target communication, the communication message is divided into different data blocks, namely initial data blocks, the values in the initial data blocks are preset initial values, and variable adjustment is respectively carried out on the initial values in each initial data block, wherein the adjustment basis for adjusting the initial data blocks can be an actual variable value range in the data blocks so as to ensure that the initial data blocks are effectively input, the test can be carried out, and the first test case can be generated based on the adjusted initial data blocks.
As an optional embodiment, based on a variant byte library, a test case variant policy is adopted to variant data in a target data packet to obtain a second test case, including: determining a data packet to be mutated in the target data packet; determining a field to be mutated in the data packet to be mutated and a field type corresponding to the field to be mutated; and carrying out mutation on the field to be mutated based on a test case mutation strategy corresponding to the field type to obtain a second test case.
When the second test case is obtained by adopting the variation strategy variation of the test case, the data packet can be obtained by constructing a variation byte library, namely, the data packet to be varied is obtained by carrying out data packet grabbing from the target data packet, and then the variation bytes are inserted into the data packet to be varied according to the variation byte library, wherein when the variation bytes are inserted, the insertion position of the variation bytes in the data packet to be varied can be randomly determined, a certain field or fields can be determined as fields to be varied according to the format of the data packet to be varied, the variation bytes are inserted into the fields to be varied, other ways of variation can be adopted to obtain the second test case besides the insertion of the variation bytes, for example, the variation strategy of the test case corresponding to the field type can be selected according to the field type of the field to be varied, and the field to be varied according to the variation strategy of the test case to obtain the second test case.
It should be noted that, based on the test case mutation policy corresponding to the field type, the mutation of the field to be mutated includes at least one of the following: the method comprises the steps of carrying out mutation on an integer type field based on an integer allowable boundary value and/or a random value, carrying out mutation on a character string type field based on an ultra-long character string and/or a special character and/or a formatted character string, carrying out mutation on a preset field value in a field to be mutated based on a preset coding mode, and carrying out bit flipping on one or more bits in the field to be mutated.
Where integer vulnerabilities may be exploited when mutating integer type fields based on integer allowed boundary values and/or random values, an attacker may conduct an attack such as denial of service. For integer fields in a message, the integer boundary values are used for mutation, in addition, the random number is also used as a mutation option in consideration of the randomness of mutation, and the numerical mutation strategy can be used for testing integer vulnerabilities, and specifically comprises integer overflow, symbol errors, truncation errors and the like.
When the character string type field is mutated based on the ultra-long character string and/or the special character and/or the formatted character string, the ultra-long character string easily triggers heap overflow loopholes, the terminal is easy to be abnormal when the terminal analyzes unexpected characters by inserting the special character, and the input of the formatted character string may cause the collapse of an application process.
In addition, in a single MMS message, only one MMS service is used, and field values such as read, write, infomationreport, variableListName in the message are defined in a substation configuration description file (substation configuration description, SCD) describing the communication parameter configuration information of all IEDs. Therefore, normal values defined in the SCD file but not used in the current message field can also be tested.
When the predetermined field value in the field to be mutated is mutated based on the predetermined coding mode, the predetermined coding mode may be an asn.i coding mode, and the predetermined field value may be a Tag value and/or a Length value in the packet to be mutated. For example, the asn.i coding scheme enables the data of the application layer to have a unified representation method, and whether the terminal can process the abnormally coded data can be tested based on the mutation policy of the asn.1 coding scheme. The Tag Value variation may cause the parsing of the field Value according to the type of the error, and the Length Value variation may cause the parsing of the next TLV partial data as the data of the field or only the partial Value data when the field Value is parsed.
The bit flipping refers to that one or more bits in data are bit flipped, for example, 1 is changed to 0 or 0 is changed to 1, which is easy to happen under the condition that a Central Processing Unit (CPU) is unstable in operation or a communication channel is interfered.
As an alternative embodiment, in the case that the test mutation policy is to insert mutation bytes, the method further includes: updating the length field in the target data packet to enable the length field in the updated target data packet to be matched with the length of the second test case.
After a mutation byte is inserted into a field to be mutated in a data packet to be mutated according to a test mutation strategy, the field length in the data packet is correspondingly changed, so that the second test case mutated by the method is effectively input.
As an alternative embodiment, the method further comprises: obtaining a test result of a target test case; and when the test result is that the abnormality occurs, determining the target test case as the test case for the secondary test.
If the test equipment generates abnormal reaction to the received target test case in the test process, collecting abnormal reaction data, recording the abnormal test case causing the abnormal reaction, and then verifying the feasibility of testing the abnormality by taking the abnormal test case as a secondary test case.
As an alternative embodiment, the method further comprises: and evaluating the test process based on the target test case. In this embodiment, after the fuzzy test is performed based on the target test case, the current fuzzy test may be evaluated, for example, whether the code coverage rate of the running process between the client and the server is down, the number of times of generation of other abnormal times, and the like may be evaluated, and in addition, the code coverage rate of the running system when interacting with the system in the fuzzy test process may be evaluated.
Wherein the evaluation index when evaluating the code coverage includes at least one of: statement coverage index for evaluating whether each line or each segment is executed; a judgment coverage index for evaluating whether or not the input of the structure can cover all the inputs satisfying the judgment condition; the input for evaluating the construction not only meets the input of the judgment condition, but also all the possibility inputs of the judgment condition need to construct and test the condition coverage index; a path coverage indicator for evaluating whether each branch of the function is executed.
Based on the foregoing embodiment and the optional embodiments, an optional embodiment of the present invention is set forth, and is described below.
An alternative embodiment of the present invention proposes a power grid terminal ambiguity test method using an MMS protocol, where a personal computer PC may be used as a test device, and fig. 2 is a flowchart of the power grid terminal ambiguity test method using the MMS protocol according to the alternative embodiment of the present invention, as shown in fig. 2, where the method includes the following steps:
(1) And using the PC client to establish COTP connection and MMS initialization connection through constructing MMS messages and carrying out data interaction with a station control layer terminal in the intelligent power station, and constructing a communication channel.
(2) And extracting the address of the line protection measurement and control device through the corresponding relation between the MMS control block address of the intelligent terminal in the SCD configuration file of the intelligent substation and the destination MAC address in the MMS data communication data packet, wherein the SCD configuration file information can be read through an SAC system configuration tool to obtain corresponding information.
(3) And resolving the remote signaling remote control data in the MMS communication message, resolving an initial-TAG in the protocol according to an ASN.1 coding format, and sending variant data to a station control layer terminal in the intelligent power station by constructing an MMS protocol test case by using a PC client according to the protection measurement and control device address resolved by the SCD file.
(4) Fig. 3 is a schematic diagram of a data transceiving process provided according to an alternative embodiment of the present invention, where the data packets with an initiation-TAG of getNameList, getNameVarible, read, write range of the MMS protocol are generated by test cases of the MMS protocol ambiguity test variation, and the main processes of transceiving data of the server and the client are covered by the messages, as shown in fig. 3.
(5) Wherein GetNameList, getNameVarible is the process of obtaining basic data, and Read and Write are the Read and Write in the actual operation process.
(6) The fuzzy test case generation strategy is a strategy for generating the test case oriented to the generation and performing combination optimization on the test case oriented to the variation.
1) Test case generation for generation
For the test case generation strategy, the combination of the data packet byte blocks is carried out based on the MMS protocol format based on the generation mode, each independent data block has own initial value, and the initial value is a normal and reasonable numerical value. The mutation method is to carry out related mutation strategy on all independent byte blocks to generate test cases, and ensure that the mutation data range of each byte block is the data value range of the actual variable represented by the byte block, and ensure that the test cases generated after mutation are effectively input.
2) Variant-oriented test case generation
The mutation-based mode is to insert mutation bytes into the grabbed data packet without distinction by constructing a mutation byte library, so as to generate required input. Wherein the test cases come from the interactive process of a typical MMS protocol. For the test case, after the abnormal byte is inserted, the optional embodiment of the invention updates all the length fields in the data packet, ensures that the length fields are still reasonable and matches the data length of the data packet. The variant bytes of the variant byte library are divided into four types, namely, integer values (integer values exceeding the boundary may cause integer overflow), repeated character strings (such as a×1000), field separators (such as field separators and terminators), format character strings (such as% d and% 08 x), and meanwhile, the data packet fields are divided into different types, and the functions of the data packet fields are used for judging which fields should be inserted into which fields in the variant library.
In order to not destroy the basic structure of the Ethernet frame and ensure the normal transmission of the message in the Ethernet, the message variation is mainly in the APDU domain. According to common loopholes types (buffer overflow loopholes, integer loopholes, formatted character string loopholes and the like) and characteristics of MMS messages in a traditional network protocol, the alternative embodiment of the invention provides that the variation strategies based on MMS message segment types comprise a numerical variation strategy, a character string variation strategy, an ASN.1 variation strategy and a bit flip variation strategy.
1. Numerical variation strategy
The numerical mutation strategy aims at integer loopholes and specifically comprises integer overflow, symbol errors and truncation errors. With integer vulnerabilities, an attacker can implement an attack such as denial of service. For integer fields in the message, the integer boundary values are used for mutation, and in addition, the random number is also used as a mutation option in consideration of the randomness of mutation.
2. String mutation strategy
For the character string type field, the alternative embodiment of the invention adopts a variation mode which is easy to trigger loopholes, wherein the overlength character string is easy to trigger heap overflow loopholes, and the insertion of special characters easily causes the terminal to be abnormal when analyzing unexpected characters, and the input of the formatted character string can cause the collapse of an application process. In addition, in a single MMS message, only one MMS service is used, and field values such as read, write, infomationreport, variableListName in the message are defined in a substation configuration description file (substation configuration description, SCD) describing the communication parameter configuration information of all IEDs. Therefore, normal values defined in the SCD file but not used in the current message field must be tested.
3. ASN.1 mutation strategy
The ASN.I coding mode enables the data of the application layer to have a unified representation method, and whether the terminal can process the abnormal coded data can be tested based on the variation strategy of the ASN.1 coding mode. The Tag Value variation may cause the parsing of the field Value according to the type of the error, and the Length Value variation may cause the parsing of the next TLV partial data as the data of the field or only the partial Value data when the field Value is parsed.
4. Bit flip variation strategy
Bit flipping refers to a situation where one or more bits in the data undergo bit flipping, such as a 1 to 0 or a 0 to 1, which is easily the case where the Central Processing Unit (CPU) is not operating stably or the communication channel is disturbed. The data after bit flipping has the possibility of triggering unknown vulnerabilities.
(7) The evaluation index of the fuzzy test is the code coverage rate, whether downtime or the number of times of other abnormality generation in the running process of the server and the client.
In addition, if the target equipment generates abnormal reaction to the sent instruction in the test process, abnormal reaction data are collected, an abnormal test case generating the abnormal reaction is recorded, and the abnormal test case is used as 2 test cases to test and verify the feasibility of the abnormality.
(8) Another index for evaluating the fuzzy test is the code coverage rate of the system operation when interacting with the system in the fuzzy test process, and the implementation strategy for code coverage rate monitoring is to use gcov and lcov tools, which can detect the corresponding object code coverage rate. The monitoring implementation of gcov and lcov tools is also through compiling and inserting, so as to realize the monitoring of code coverage rate.
How to evaluate the code coverage, its main evaluation indexes include:
1) Statement coverage: whether each row or each segment is executed;
2) Judging coverage: the constructed inputs can cover all inputs meeting the judgment conditions;
3) And (3) condition coverage: further, in the aspect of judging coverage, not only is the constructed input satisfied with the input of the judging condition, but also all the possibility inputs of the judging condition are constructed and tested;
4) Path coverage: each branch of the function is executed.
According to an embodiment of the present invention, there is further provided a test case generating device, and fig. 4 is a block diagram of a test case generating device according to an embodiment of the present invention, where, as shown in fig. 4, the device includes: the first determining module 41, the generating module 42, the mutation module 43 and the second determining module 44 are explained below.
The first determining module 41 is configured to determine a target data packet for generating a test case in a target communication protocol, where the target data packet is a data packet for completing a data transceiving process between the client and the server; the generating module 42 is connected to the first determining module 41, and is configured to generate a first test case by adopting a test case generating policy based on a protocol format of the target communication protocol; the mutation module 43 is connected to the generation module 42, and is configured to mutate the data in the target data packet by using a test case mutation policy based on the mutation byte library, so as to obtain a second test case; the second determining module 44 is connected to the mutation module 43, and is configured to determine a target test case based on the first test case and the second test case.
According to an embodiment of the present invention, there is further provided a computer readable storage medium, where the computer readable storage medium includes a stored program, and when the program runs, the device where the computer readable storage medium is controlled to execute the test case generating method of any one of the above.
According to an embodiment of the present invention, there is also provided a computer apparatus including: a memory and a processor, the memory storing a computer program; and the processor is used for executing the computer program stored in the memory, and the computer program enables the processor to execute the test case generation method of any one of the above steps when running.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present invention, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology content may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.
Claims (10)
1. A test case generation method, comprising:
determining a target data packet for generating a test case in a target communication protocol, wherein the target data packet is a data packet for completing a data receiving and transmitting process between a client and a server;
generating a first test case by adopting a test case generation strategy based on the protocol format of the target communication protocol;
based on the variant byte library, adopting a test case variant strategy to variant the data in the target data packet to obtain a second test case;
and determining a target test case based on the first test case and the second test case.
2. The method of claim 1, further comprising, prior to determining the target data packet for generating the test case in the target communication protocol:
constructing a communication message corresponding to the target communication protocol by adopting a client;
and based on the communication message and a station control layer terminal in the intelligent substation, establishing connection-oriented transmission protocol connection and initializing connection of the target communication protocol, and constructing a communication path between the client and the intelligent substation based on the target communication protocol.
3. The method according to claim 1, wherein the method further comprises:
analyzing a total station system configuration file in the intelligent substation to obtain a target address, wherein the target address is used for a client to send the target test case to the intelligent substation for testing.
4. The method of claim 1, wherein the generating a first test case using a test case generation policy based on the protocol format of the target communication protocol comprises:
combining the initial data blocks based on the protocol format of the target communication protocol;
and adjusting an initial value in the initial data block according to the actual value range of the variable in the initial data block to obtain the first test case.
5. The method of claim 1, wherein the mutating the data in the target data packet with a test case mutation policy based on the mutation byte library to obtain a second test case comprises:
determining a data packet to be mutated in the target data packet;
determining a field to be mutated in the data packet to be mutated and a field type corresponding to the field to be mutated;
and mutating the field to be mutated based on a mutation strategy of the test case corresponding to the field type to obtain the second test case.
6. The method of claim 5, wherein in the event that the test mutation policy is an insert mutation byte, the method further comprises:
updating the length field in the target data packet to enable the length field in the updated target data packet to be matched with the length of the second test case.
7. The method according to any one of claims 1 to 6, further comprising:
obtaining a test result of the target test case;
and under the condition that the test result is abnormal, determining the target test case as a test case for secondary test.
8. A test case generating apparatus, comprising:
the first determining module is used for determining a target data packet for generating a test case in a target communication protocol, wherein the target data packet is a data packet for completing a data receiving and transmitting process between a client and a server;
the generation module is used for generating a first test case by adopting a test case generation strategy based on the protocol format of the target communication protocol;
the mutation module is used for carrying out mutation on the data in the target data packet by adopting a test case mutation strategy based on a mutation byte library to obtain a second test case;
and the second determining module is used for determining a target test case based on the first test case and the second test case.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium includes a stored program, wherein the program, when run, controls a device in which the computer-readable storage medium is located to execute the test case generating method according to any one of claims 1 to 7.
10. A computer device, comprising: a memory and a processor, wherein the memory is configured to store,
the memory stores a computer program;
the processor configured to execute a computer program stored in the memory, the computer program when executed causing the processor to perform the test case generating method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310404984.9A CN116366512A (en) | 2023-04-14 | 2023-04-14 | Test case generation method and device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310404984.9A CN116366512A (en) | 2023-04-14 | 2023-04-14 | Test case generation method and device and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116366512A true CN116366512A (en) | 2023-06-30 |
Family
ID=86917258
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310404984.9A Pending CN116366512A (en) | 2023-04-14 | 2023-04-14 | Test case generation method and device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116366512A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117453573A (en) * | 2023-12-22 | 2024-01-26 | 信联科技(南京)有限公司 | Fuzzy test case generation method and engine based on protocol feature matching and mutation policy selection |
-
2023
- 2023-04-14 CN CN202310404984.9A patent/CN116366512A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117453573A (en) * | 2023-12-22 | 2024-01-26 | 信联科技(南京)有限公司 | Fuzzy test case generation method and engine based on protocol feature matching and mutation policy selection |
| CN117453573B (en) * | 2023-12-22 | 2024-04-02 | 信联科技(南京)有限公司 | Fuzzy test case generation method and engine based on protocol feature matching and mutation policy selection |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zolanvari et al. | Machine learning-based network vulnerability analysis of industrial Internet of Things | |
| CN109167796B (en) | Deep packet inspection platform based on industrial SCADA system | |
| CN109818985B (en) | Industrial control system vulnerability trend analysis and early warning method and system | |
| Lemay et al. | Providing {SCADA} network data sets for intrusion detection research | |
| McLaughlin et al. | Multi-vendor penetration testing in the advanced metering infrastructure | |
| CN101447991A (en) | Test device used for testing intrusion detection system and test method thereof | |
| CN112235241B (en) | Industrial control honeypot feature extraction method, system and medium based on fuzzy test | |
| Pliatsios et al. | A novel and interactive industrial control system honeypot for critical smart grid infrastructure | |
| CN110716872B (en) | Vulnerability mining system and method for electric energy metering automation equipment | |
| CN114050979B (en) | Industrial control protocol safety test system and device | |
| CN116366512A (en) | Test case generation method and device and computer readable storage medium | |
| CN112217800A (en) | Honeypot identification method, system, device and medium | |
| Matoušek et al. | Efficient modelling of ICS communication for anomaly detection using probabilistic automata | |
| CN113886225A (en) | Unknown industrial control protocol-oriented fuzzy test system and method | |
| Şen et al. | A grammatical evolution approach to intrusion detection on mobile ad hoc networks | |
| Cao et al. | Learning state machines to monitor and detect anomalies on a kubernetes cluster | |
| Havlena et al. | Accurate Automata-Based Detection of Cyber Threats in Smart Grid Communication | |
| CN117061236A (en) | Fuzzy test method for network protocol | |
| CN117560196A (en) | Intelligent substation secondary system testing system and method | |
| Pan et al. | Anomaly behavior analysis for building automation systems | |
| CN117155831A (en) | Network protocol fuzzy test method, device, equipment and medium based on source code | |
| CN116743447A (en) | Electric power Internet of things equipment vulnerability mining method and system based on fuzzy test | |
| Hoeve | Detecting intrusions in encrypted control traffic | |
| Whalen et al. | Hidden markov models for automated protocol learning | |
| Wang et al. | Feature selection for precise anomaly detection in substation automation systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |