Research On Unknown Protocol Fuzzing Method Based On Traffic Analysis

As Internet technology continues to evolve and massive amounts of data are transmitted around the world at breakneck speed in accordance with network protocols,the security of the network protocols themselves is becoming increasingly important for the entire Internet network system.In addition to various public protocols,there are also many unknown protocols on the current Internet,the details of which are not made public by various software vendors,groups,or individuals due to various factors such as economic interests,security,and privacy.In addition,some cybercriminal groups,to prevent being traced and tracked,have written malware that uses custom private protocols.Reverse analysis of unknown protocols plays a crucial role in traffic monitoring,software security assessment,intrusion prevention,network security policy formulation,vulnerability mining,etc.And it is very important to evaluate the security of unknown protocols,develop vulnerability mining techniques for unknown protocols,and minimize the security risks of unknown protocols.In this thesis,an unknown protocol fuzzing testing method based on traffic analysis is proposed for the vulnerability mining problem of unknown protocols,and the method is refined into an unknown protocol reverse algorithm based on traffic analysis and a state traversal type fuzzing testing algorithm based on reinforcement learning guided state transfer.On this basis,this thesis provides a detailed explanation of the algorithm idea and algorithm flow for each part of the algorithm and fully demonstrates the rationality and necessity of the algorithm.Under the guidance of the core algorithm,this thesis completes the design and implementation of the fuzzing test system and describes the fuzzing test system in detail from various perspectives,such as system architecture,subsystem design,and system workflow.Finally,the effectiveness and efficiency of this fuzzing testing system for unknown protocol vulnerability mining are demonstrated by conducting actual fuzzing tests with many different types of protocols.