{"title":"A Model-Based Behavioral Fuzzing Approach for Network Service","authors":"Jiajie Wang, Tao Guo, Puhan Zhang, Qixue Xiao","doi":"10.1109/IMCCC.2013.250","DOIUrl":null,"url":null,"abstract":"Network services face various security challenges such as targeted attacks exploiting security vulnerabilities. Fuzz testing plays an important role in security testing of network service. However, current fuzzing approaches focus on protocol syntax and packet structure, more than multi-phase behavioral interactions between client and server of network service. This paper presents a model-based behavioral fuzzing approach to discover vulnerabilities of network services, which supports state-aware and multi-phase fuzz testing. Based on the model-based fuzzing framework, a finite state machine model EXT-NSFSM is proposed to manipulate the fuzzing process and guarantee the validation of fuzz test cases. The approach is implemented and then is experimented on several network services of DBMS and FTP. The test result has proved effectiveness of this approach.","PeriodicalId":360796,"journal":{"name":"2013 Third International Conference on Instrumentation, Measurement, Computer, Communication and Control","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 Third International Conference on Instrumentation, Measurement, Computer, Communication and Control","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMCCC.2013.250","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 11
Abstract
Network services face various security challenges such as targeted attacks exploiting security vulnerabilities. Fuzz testing plays an important role in security testing of network service. However, current fuzzing approaches focus on protocol syntax and packet structure, more than multi-phase behavioral interactions between client and server of network service. This paper presents a model-based behavioral fuzzing approach to discover vulnerabilities of network services, which supports state-aware and multi-phase fuzz testing. Based on the model-based fuzzing framework, a finite state machine model EXT-NSFSM is proposed to manipulate the fuzzing process and guarantee the validation of fuzz test cases. The approach is implemented and then is experimented on several network services of DBMS and FTP. The test result has proved effectiveness of this approach.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
