| 摘 要: 模糊测试是目前比较流行的网络协议漏洞挖掘技术之一,但是存在现有网络协议模糊器对字段间的关联性探索不足的问题。为此,提出了一种基于字段信息和覆盖率反馈的模糊测试方法。该方法通过两个参数定量表示协议数据模型中不同字段的关系和每一个字段本身的影响力,并利用覆盖率信息持续学习更新,从而指导模糊测试向更高效的方向变异。基于该方法实现了基于字段信息和覆盖率反馈的模糊测试模糊器FMFuzzer(Field Messagebased Fuzzer),并与模糊器Boofuzz和PAVFuzz进行了对比实验。实验结果显示,在3种网络协议上,FMFuzzer的代码覆盖率模糊器Boofuzz和PAVFuzz分别平均提升了10.97%和6.63%,证明了本方法的有效性。 |
| 关键词: 网络协议漏洞挖掘;灰盒模糊测试;协议字段信息;代码覆盖率 |
|
中图分类号: TP393
文献标识码: A
|
|
| Protocol Fuzzing Method Based on Field Information and Coverage Feedback |
|
DING Senyang1, XU Xianghua1,2
|
(1.Department of Computer Science and Technology, Hangzhou Dianzi University, Hangzhou 310018, China;
2.School of Computing, Hangzhou Dianzi University, Hangzhou 310018, China)
646540112@qq.com; xhxu@hdu.edu.cn
|
| Abstract: Fuzzing is one of the most popular techniques for discovering vulnerabilities in network protocols, but there is a problem of inadequate exploration of interdependencies between fields in existing network protocol fuzzers. Therefore, a fuzzing method based on field information and coverage feedback is proposed. This method quantitatively represents the relationship between different fields in the protocol data model and the influence of each field itself through two parameters, and continuously learns and updates using coverage information to guide fuzzing to mutate in a more efficient direction. With this method, a fuzzer called FMFuzzer (Field Message-based Fuzzer) is developed that utilizes field information and coverage feedback. It is then compared with the other fuzzers Boofuzz and PAVFuzz through experiments. Experimental results demonstrate that, across three network protocols, FMFuzzer improves code coverage by an average of 10.97% over Boofuzz and 6.63% over PAVFuzz, proving the effectiveness of the proposed method. |
| Keywords: network protocol vulnerability discovery; grey-box fuzzing; protocol field information; code coverage |
