Research And Implementation Of An Efficient Malformed Sip Signaling Set Generation Approach Based On Dangerous Functions

SIP protocol because of its flexibility and ease of expansion properties, is widely used in CS, NGN and IMS networks. While IETF focus on how to make the SIP easy to use in the design of SIP protocol, it is insufficient to consider security issues. So, SIP protocol has inherent safety issues. The rapid development of SIP leads to the safety problems of SIP, having become the key factor affecting the next generation network and information security. SIP protocol stack directly affects the safety of the many security SIP-based services, so the research on SIP security issues is very important.In recent years, the research on SIP security issues mainly based on random test generation and protocol analysis Fuzzing. However, Fuzzing, based on random test generation, generates more invalid test cases, which is not efficient. Fuzzing, based on protocol analysis, mingles easily subjective factors and make it difficult to test out the obscure loophole. Therefore, this thesis presents an efficient malformed SIP signaling set generation approach based on dangerous functions. First, through statically analyzing the source code of SIP protocol stack, this thesis heuristically generate the initial set of malformed SIP signaling, and reduce invalid test cases. Then, through genetic algorithm and dynamic analysis, this thesis optimize the test results and gain the final set of malformed SIP signaling. For the initial set of malformed SIP signaling, this thesis, firstly, conduct research and analysis on the danger library functions and their corresponding trigger to obtain dangerous function and trigger database. Secondly, it study the relationship between the SIP protocol specification and SIP protocol stack external interface to set up the mapping between SIP header fields and SIP protocol stack external interface. Thirdly, it statically analyzes and models the source code of SIP protocol stack, to gain the source structure of SIP protocol stack. Fourthly, it gets the relationship of the dangerous functions and SIP protocol stack external interface in reverse traceable way to set up the mapping between the dangerous functions and SIP header fields. Fifthly, it generate malformed SIP signalings aimed at target dangerous functions by dangerous functions and trigger database and SIP signaling template. Finally, it gets the initial set of malformed SIP signaling. In order to optimize the test results to obtain the final set of malformed SIP signaling, this thesis, firstly, it obtain malformed SIP signalings with higher value by the attack effect evaluation and genetic algorithm. Finally, with sub-optimal path covering algorithm, it obtain malformed SIP signalings that have significant effect of the attack. The malformed SIP messages finally produced could cover all test path of target dangerous function with more than the least signalings. The experimental results show that the approach proposed in this thesis could measure vulnerabilities of SIP server with1/26amount of PROTOS test suite. It significantly improve the efficiency of the SIP server Fuzzing.