{"title":"基于模糊的网络协议漏洞自动挖掘技术","authors":"Jintao Zhang, Duyu Liu, Wei Xiang","doi":"10.1109/ISKE47853.2019.9170295","DOIUrl":null,"url":null,"abstract":"With the increasing complexity and importance of network applications, the security requirements for network protocols are getting higher and higher. Fuzzing, as one of the important Testing techniques to discover undisclosed vulnerabilities, tests the security of network protocols by producing and sending large amounts of data and injecting them into software, many important vulnerabilities such as denial of service, buffer overflows, and formatting strings can be found. Manual generation of test cases can be more appropriate to the target under test, but manual Fuzzing requires accurate understanding of network protocol details and tedious work to construct a large number of test data sets, resulting in limited coverage and poor effect. In order to solve this problem, this paper first investigates the types of vulnerabilities, summarizes the fuzzy strategies, and then constructs a fuzzer based on the existing framework, adopts mutation strategy to construct malformed network packets, which are sent to the tested target for testing. The results show that this method is more efficient than manual analysis in vulnerability mining, which provides a good foundation for improving the security of network protocols.","PeriodicalId":399084,"journal":{"name":"2019 IEEE 14th International Conference on Intelligent Systems and Knowledge Engineering (ISKE)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Network Protocol Automatic Vulnerability Mining Technology Based on Fuzzing\",\"authors\":\"Jintao Zhang, Duyu Liu, Wei Xiang\",\"doi\":\"10.1109/ISKE47853.2019.9170295\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the increasing complexity and importance of network applications, the security requirements for network protocols are getting higher and higher. Fuzzing, as one of the important Testing techniques to discover undisclosed vulnerabilities, tests the security of network protocols by producing and sending large amounts of data and injecting them into software, many important vulnerabilities such as denial of service, buffer overflows, and formatting strings can be found. Manual generation of test cases can be more appropriate to the target under test, but manual Fuzzing requires accurate understanding of network protocol details and tedious work to construct a large number of test data sets, resulting in limited coverage and poor effect. In order to solve this problem, this paper first investigates the types of vulnerabilities, summarizes the fuzzy strategies, and then constructs a fuzzer based on the existing framework, adopts mutation strategy to construct malformed network packets, which are sent to the tested target for testing. The results show that this method is more efficient than manual analysis in vulnerability mining, which provides a good foundation for improving the security of network protocols.\",\"PeriodicalId\":399084,\"journal\":{\"name\":\"2019 IEEE 14th International Conference on Intelligent Systems and Knowledge Engineering (ISKE)\",\"volume\":\"89 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE 14th International Conference on Intelligent Systems and Knowledge Engineering (ISKE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISKE47853.2019.9170295\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 14th International Conference on Intelligent Systems and Knowledge Engineering (ISKE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISKE47853.2019.9170295","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Network Protocol Automatic Vulnerability Mining Technology Based on Fuzzing
With the increasing complexity and importance of network applications, the security requirements for network protocols are getting higher and higher. Fuzzing, as one of the important Testing techniques to discover undisclosed vulnerabilities, tests the security of network protocols by producing and sending large amounts of data and injecting them into software, many important vulnerabilities such as denial of service, buffer overflows, and formatting strings can be found. Manual generation of test cases can be more appropriate to the target under test, but manual Fuzzing requires accurate understanding of network protocol details and tedious work to construct a large number of test data sets, resulting in limited coverage and poor effect. In order to solve this problem, this paper first investigates the types of vulnerabilities, summarizes the fuzzy strategies, and then constructs a fuzzer based on the existing framework, adopts mutation strategy to construct malformed network packets, which are sent to the tested target for testing. The results show that this method is more efficient than manual analysis in vulnerability mining, which provides a good foundation for improving the security of network protocols.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
