Research On Fuzz Testing Optimization Of Unknown Protocol Based On Association Rules

Unknown protocols often do not undergo extensive security testing and improvement,which makes unknown protocols often suffer from "design error" vulnerabilities,and the exploits of vulnerabilities are also remote.A large number of applications using unknown protocols bring serious security risks to the cyber space.In order to maintain the security of cyber space,it is necessary to test unknown protocols.As an efficient method,fuzz testing is widely used in security testing of unknown protocols.Therefore,this thesis studies the optimization of fuzz testing for unknown protocols based on association rules among message sequences.The research content is mainly divided into three aspects:(1)Data redundancy in protocol reverse research and test case generation optimization in fuzz testing research.In the clustering stage,this thesis adopts feature selection algorithm to carry out efficient hierarchical clustering and improves Term Frequency-Inverse Document Frequency,so that the clustering effect can take into account the meaning of the symbol itself and obtain the hierarchical clustering result with high cohesion.At the same time,due to the characteristics of hierarchical clustering,the clustering results are more explicit.In the protocol format inference stage,field division is carried out by constructing a conditional schema base to avoid the adverse influence of support on format extraction.Furthermore,according to field semantics,field mutation rules are set,which can effectively reduce the generation scale of test cases and optimize the generation of test cases.(2)Execution path generation problem of fuzz testing for unknown protocol.This thesis proposes a frequent pattern tree mining algorithm for time series of message types,and designs pruning strategy and storage structure for execution path generation.Compared with FP-growth algorithm,it has better execution efficiency and algorithm performance in constructing and mining frequent pattern tree of message type time series.The execution path tree is generated by searching the frequent pattern tree of message type time series with BFS algorithm while the redundant execution paths are removed.The simplification of the path improves the efficiency of testing.(3)Research on fuzz testing automation scheme for unknown protocol.Aiming at the problem of protocol reverse and fuzz testing engineering automation,a fuzz testing prototype system for unknown protocol is designed based on the Model-Template-View model.Low coupling of system modules is beneficial for system maintenance and update.The prototype system partially implements the automatic fuzz testing process of unknown protocol,which starts at protocol reverse and ends at fuzz testing.