AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (622.9 KB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Test Data Generation for Stateful Network Protocol Fuzzing Using a Rule-Based State Machine

Rui Ma( )Daguang WangChangzhen HuWendong JiJingfeng Xue
Beijing Key Laboratory of Software Security Engineering Technology, School of Software, Beijing Institute of Technology, Beijing 100081, China.
Show Author Information

Abstract

To improve the efficiency and coverage of stateful network protocol fuzzing, this paper proposes a new method, using a rule-based state machine and a stateful rule tree to guide the generation of fuzz testing data. The method first builds a rule-based state machine model as a formal description of the states of a network protocol. This removes safety paths, to cut down the scale of the state space. Then it uses a stateful rule tree to describe the relationship between states and messages, and then remove useless items from it. According to the message sequence obtained by the analysis of paths using the stateful rule tree and the protocol specification, an abstract data model of test case generation is defined. The fuzz testing data is produced by various generation algorithms through filling data in the fields of the data model. Using the rule-based state machine and the stateful rule tree, the quantity of test data can be reduced. Experimental results indicate that our method can discover the same vulnerabilities as traditional approaches, using less test data, while optimizing test data generation and improving test efficiency.

References

[1]
Pan Z., Liu C., Liu S., and Guo S., Vulnerability discovery technology and its applications, Journal of Software, vol. 8, no. 8, pp. 2000-2007, 2013.
[2]
Chen J., Wang H., Towey D., Mao C., Huang R., and Zhan Y., Worst-input mutation approach to Web services vulnerability testing based on SOAP messages, Tsinghua Science & Technology, vol. 19, no. 5, pp. 429-441, 2014.
[3]
Stutton M., Greene A., and Amini P., Fuzzing: Brute Force Vulnerability Discovery. London, UK: Pearson Education, 2007.
[4]
Banks G., Cova M., Felmetsger V., Almeroth K., Kemmerer R., and Vigna G., SNOOZE: Toward a stateful network protocol fuzzer, Lecture Notes in Computer Science, vol. 4176, pp. 343-358, 2006.
[5]
Abdelnur H. J., State R., and Festor O., KIF: A stateful SIP fuzzer, in Proc. 1st Int. Principles, Systems & Applications of IP Telecommunications Conf., New York, NY, USA, 2007, pp. 47-56.
[6]
Raniwala A., Sharma S., De P., Krishnan R., and Chiueh T. C., Evaluation of a stateful tansport protocol for multi-channel wireless mesh networks, in Proc. 15th IEEE Int. Quality of Service Workshop, Evanston, IL, USA, 2007, pp. 74-82.
[7]
Alrahem T., Chen A., DiGiussepe N., Gee J., Hsiao S., and Mattox S., INTERSTATE: A stateful protocol fuzzer for SIP, Defcon, no. 15, pp. 1-5, 2007.
[8]
Yu H. H., Research on vulnerbility discovering for network protocol based on fuzz testing, (in Chinese), MS thesis, Dept. Sci. & Tech., Huazhong University, Wuhan, China, 2008.
[9]
Kitagawa T., Hanaoka M., and Kono K., AspFuzz: A state aware protocol fuzzer based on application-layer protocols, in Proc. IEEE Computers & Communications Symposium, Riccione, Italy, 2010, pp. 202-208.
[10]
Akbar M. A. and Faroop M., RTP-miner: A real-time security framework for RTP fuzzing attacks, in Proc. 20th Int. Network & Operating Systems Support for Digital Audio & Video Workshop, Amsterdam, Netherlands, 2010, pp. 87-92.
[11]
Gorbunov S. and Rosenbloom A., Autofuzz: Automated network protocol fuzzing framework, International Journal of Computer Science & Network Security, vol. 10, no. 8, pp. 239-245, 2010.
[12]
Li M. W., Zhang A. F., Liu J. C., and Li Z. T., An automatic network protocol fuzz testing and vulnerability discovering method, (in Chinese), Chinese Journal of Computer, vol. 34, no. 2, pp. 242-255, 2011.
[13]
Sui A. F., Tang W., Hu J. J., and Li M. Z., An effective fuzz input generation method for protocol testing, in Proc. 13th IEEE Int. Communication Technology Conf., Jinan, China, 2011, pp. 728-731.
[14]
Tsankov P., Dashti M. T., and Basin D., SECFUZZ: Fuzztesting security protocols, in Proc. 7th Int. Automation of Software Test Workshop, Zurich, Switzerland, 2012, pp. 1-7.
[15]
Seo D., Lee H., and Nuwere E., SIPAD: SIP-VoIP anomaly detection using a stateful rule tree, Computer Communications, vol. 36, no. 5, pp. 562-574, 2013.
[16]
Pan F., Hou Y., Hong Z., Wu L., and Lai H., Efficient model based fuzz testing using higher-order attribute grammars, Journal of Software, vol. 8, no. 3, pp. 645-651, 2013.
[17]
Ma R., Ji W. D., Hu C. Z., Shan C., and Peng W., Fuzz testing data generation for network protocol using classification tree, in Proc. Communication Security Conf., Beijing, China, 2014, pp. 97-101.
[18]
Hu C. Z., Ma R., Han X., Shan C., and Wang Y., A rule-based method of designing model for stateful network protocol, (in Chinese), China Patent CN201410333944.0, Nov. 12, 2014.
[19]
Tsinghua Science and Technology
Pages 352-360
Cite this article:
Ma R, Wang D, Hu C, et al. Test Data Generation for Stateful Network Protocol Fuzzing Using a Rule-Based State Machine. Tsinghua Science and Technology, 2016, 21(3): 352-360. https://doi.org/10.1109/TST.2016.7488746

618

Views

27

Downloads

13

Crossref

N/A

Web of Science

18

Scopus

10

CSCD

Altmetrics

Received: 22 January 2016
Accepted: 24 March 2016
Published: 13 June 2016
© The author(s) 2016
Return