Research On Fuzzing Technology For Embedded Device Web Services

In recent years,there have been more and more cases of software being attacked and exploited,especially embedded devices in the Internet of Everything scenario,and Vulnerability mining for them become an important research field in cyberspace security.The application of fuzzing technology to the security testing of embedded devices is of great significance for preventing user privacy leakage and protecting key nodes of the Io T,which is one of the important research directions in the field of cyberspace security at present.In this paper,we take embedded devices as the research object,take fuzzing technology as the main research method,take Web services of embedded devices as the test target of fuzzing technology,and study the fuzzing method for embedded devices,the main work is as follows:1.Aiming at the problem of the lack of efficient exception monitoring mechanism and the low quality of test cases in the fuzzing technology for embedded devices Web services,this paper proposes a fuzzing method based on embedded devices Web services correlation information.The method considers the whole embedded devices firmware,and uses the embedded devices Web services correlation information to take into account the complex communication interaction constraints between the front end and the back end of the embedded devices Web services and uses the Web management interface of the front-end of the embedded devices as the entry point to detect vulnerabilities existing in the Web services of the embedded devices.2.Aiming at the problem that the fuzzing technology for embedded devices Web services lacks the adjustment mechanism for the execution intensity of the test cases and the test efficiency is low,this paper proposes an efficiency improvement method based on the ant colony optimization algorithm.This method designs a sensitive edges coverage collection model on the basis of the existing embedded devices Web services coverage collection model;this method uses the coverage information collected by the sensitive edges coverage collection model to realize the execution intensity of the test cases with the ant colony optimization algorithm.It can speed up the evolution process of test cases and improve the efficiency of fuzzing.3.This paper realizes the prototype system according to the stated principles and methods,evaluates the prototype system from the two dimensions of function and performance,and verifies the effectiveness of the prototype system.