Research On Gray Box Fuzzy Testing Method For Stateful Protocol Implementation

With the development of computer network technology,the attack on network protocol implementation software comes one after another,and network security becomes more and more important.Fuzzy testing is one of the commonly used techniques to detect network security vulnerabilities.However,the existing protocol fuzzy testing still has some problems,such as low scalability,blind state selection and insufficient diversity of test cases,which affect the testing efficiency.Therefore,this thesis focuses on the research of vulnerability mining of network protocol implementation based on fuzzy testing.The specific research works are as follows:(1)Aiming at the problems of poor scalability and missing state transition path in the existing network protocol fuzzy testing work when constructing protocol to implement state machine,a scalable stateful gray box fuzzy testing method based on model learning is proposed.The traffic message of the protocol under test and its corresponding message type are used as the input of the fuzzer,and fuzzy correction is used to maintain the correspondence between test cases and input symbols,so as to avoid the customized development of learning components and fuzzers for specific protocols.Model learning is used to build state machines,and coverage guidance is used to explore the internal state space of protocol implementation.The experimental results show that the proposed method can effectively test different protocol implementations.Meanwhile,compared with AFLNET,the number of trigger crash vulnerabilities increases by 14.5% and the number of cover paths increases by 22.0%,which proves the effectiveness of the proposed method.(2)Aiming at the blindness of state selection and message sequence selection in the automatic testing of complete state space implemented by the existing network protocol differential fuzzy testing,a network protocol differential fuzzy testing method based on behavior difference feedback guidance is proposed.The idea of evolutionary testing is adopted,and the target state selection strategy guided by feedback of behavioral differences is adopted to focus the testing on certain states that can trigger behavioral differences most.A message sequence selection strategy based on behavioral difference feedback guidance is proposed,which can determine which message sequence as a seed can trigger more behavioral differences between programs.Experimental results show that the proposed method has a maximum increase of 14.6% in the number of triggered differences compared with NEZHA and a maximum increase of 15.6% in the number of covered paths compared with existing methods,which can prove the effectiveness of the proposed method.(3)Aiming at the problems of insufficient diversity of test cases and insufficient validity of certificate generation strategy in the existing network protocol differential fuzzy testing work in the in-depth verification of X.509 certificates implemented by SSL/TLS protocol,a differential fuzzy testing method based on differential information transfer graph is proposed.The differential information transfer graph is used for test guidance to make full use of the differential information generated by the test.Backtracking is used to ensure that the generated test cases conform to the syntax specification of the certificate.The experimental results show that the proposed method has a maximum increase of 6.8% in the number of verification differences triggered by each iteration and a maximum increase of 3.4% in the number of covered paths compared with the existing method,which can prove the effectiveness of the proposed method.