| 引用本文: |
-
陈乾,洪征,古津榜,张国敏,秦素娟.基于序列到序列模型的网络协议模糊测试方法[J].信息安全学报,已采用 [点击复制]
- ChenQian,HongZheng,GuJinbang,ZhangGuomin,QinSujuan.Network Protocol Fuzzing Based on Sequence-to-Sequence Model[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 基于变异的协议模糊测试方法由于不依赖于人工定义协议规范和良好的漏洞发现能力,受到了研究者的青睐。基于变异的网络协议模糊测试方法中测试用例由种子变异而来,种子的质量和多样性直接影响变异产生的测试用例质量。现有方法捕获网络流量作为种子,但由于其中包含的报文种类和字段的多样性有限,难以保证以这些种子实施变异可以有效提升测试覆盖率;此外,现有方法紧密耦合于有状态协议,状态机引导机制和用例的发送方式在运用于无状态协议时会出现低效甚至不可用等问题。针对上述问题,提出一种基于序列到序列模型的网络协议模糊测试方法。方法利用序列到序列模型模拟服务端和客户端的交互,产生丰富的交互数据作为种子,简化了种子的获取,保证质量的同时提高了种子的多样性。此外,针对现有方法紧耦合于有状态协议的问题,提出了适应性策略,打乱报文序列发送至目标,根据返回报文判断协议是否为有状态协议。针对有状态协议,利用状态机以及测试覆盖率引导模糊测试,并采用标准套接字进行测试用例的发送。针对无状态协议,可以绕过状态学习过程,通过重定向数据到本地通信管道的方法实现测试用例的高效投递。实验结果表明,所设计的方法能够有效运用于网络协议模糊测试。相较于基准方法,所设计的方法在针对有状态协议执行模糊测试时,增强了路径覆盖能力;在处理无状态协议时,具有更快的执行速度。总体上,所提方法有效地提高了网络协议模糊测试的效率。 |
| 关键词: 网络安全 协议安全 模糊测试 序列到序列模型 |
| DOI: |
| 投稿时间:2024-06-04修订日期:2024-08-27 |
| 基金项目:国家重点研发计划(2019YFB2101704) |
|
| Network Protocol Fuzzing Based on Sequence-to-Sequence Model |
|
ChenQian, HongZheng, GuJinbang, ZhangGuomin, QinSujuan
|
| (Command and Control Engineering College, Army Engineering University of PLA) |
| Abstract: |
| Researchers have shown a preference for mutation-based fuzzing methods for protocols due to their ability to discover vulnerabilities effectively without relying on manually defined protocol specifications. In mutation-based protocol fuzz-ing, test cases are derived through the mutation of seeds. The effectiveness of the generated test cases is directly affected by the quality and diversity of the seeds. Existing methods usually use network traffic samples as seeds. However, the seeds lack diversity, rendering it difficult to ensure the mutation on the seeds can effectively improve test coverage. In addition, existing methods are generally tightly coupled to stateful protocols: When the methods are applied to stateless protocols, the guidance of state machines and the test case delivery method may be inefficient or even impractical. Aim-ing at the problems, this paper proposes a network protocol fuzzing method based on Sequence-to-Sequence model. The Sequence-to-Sequence model is employed to simulate the server-client interactions, enabling generation of diverse data as seeds. This approach simplifies the process of seed generation and ensures the quality of the seeds while enhancing their diversity. Furthermore, in order to address the issue of tight couple with stateful protocols, an adaptive strategy is proposed. The strategy randomly sends the message sequence to the target program and determines whether the protocol is stateful based on the replies. For stateful protocols, this paper utilizes state machines and code coverage as guidance, employing standard sockets to deliver the test cases. For stateless protocols, the state machine learning process can be bypassed and the test cases are redirected through the local communication pipe, which boosts fuzzing efficiency tremendously. Experiments show that the method is effective for protocol fuzzing. Compared with the benchmark method, the proposed method can enhance the path coverage capability when fuzzing stateful protocols. When dealing with stateless protocols, the proposed method demonstrates high execution speed. To summarize, the proposed method effectively enhances the efficiency of network protocol fuzzing. |
| Key words: network security protocol security fuzzing test Sequence-to-Sequence model |
