Semi-valid Fuzz Testing Case Generation for Stateful Network Protocol

Rui Ma; Shuaimin Ren; Ke Ma; Changzhen Hu; Jingfeng Xue

doi:10.23919/TST.2017.8030535

AI Chat Paper

Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.

Chat more with AI

| Sign up

Browse by Subject

Search for peer-reviewed journals with full access.

Journals A - Z

About Us

Discover the SciOpen Platform and Achieve Your Research Goals with Ease.

About Us

Publish with Us

Support

Journals A - Z

About Us

Publish with Us

Support

PDF (2.5 MB)

Cite

EndNote(RIS) BibTeX

Collect

Submit Manuscript

AI Chat Paper

Show Outline

Outline

Show full outline

Hide outline

Outline

Show full outline

Hide outline

Open Access

Semi-valid Fuzz Testing Case Generation for Stateful Network Protocol

Rui Ma(

), Shuaimin Ren, Ke Ma, Changzhen Hu, Jingfeng Xue

Beijing Key Laboratory of Software Security Engineering Technology, School of Software, Beijing Institute of Technology, Beijing 100081, China.

Internet Center, Institute of Communication Standard Research, China Academy of Information and Communication Technology, Beijing 100191, China.

Show Author Information

Abstract

Network protocols are divided into stateless and stateful. Stateful network protocols have complex communication interactions and state transitions. However, the existing network protocol fuzzing does not support state transitions very well. This paper focuses on this issue and proposes the Semi-valid Fuzzing for the Stateful Network Protocol (SFSNP). The SFSNP analyzes protocol interactions and builds an extended finite state machine with a path marker for the network protocol; then it obtains test sequences of the extended finite state machine, and further performs the mutation operation using the semi-valid algorithm for each state transition in the test sequences; finally, it obtains fuzzing sequences. Moreover, because different test sequences may have the same state transitions, the SFSNP uses the state transition marking algorithm to reduce redundant test cases. By using the stateful rule tree of the protocol, the SFSNP extracts the constraints in the protocol specifications to construct semi-valid fuzz testing cases within the sub-protocol domain, and finally forms fuzzing sequences. Experimental results indicate that the SFSNP is reasonably effective at reducing the quantity of generated test cases and improving the quality of fuzz testing cases. The SFSNP can reduce redundancy and shorten testing time.

Keywords

network protocol fuzzing extended finite state machine test sequence state transition marking algorithm semi-valid algorithm

References

[1]

Stutton M., Greene A. and Amini P., Fuzzing: Brute Force Vulnerability Discoverytab: Threesome. London, UK: Pearson Education, 2007.

[2]

Wang W., Ding H., and Zeng Q., Research and implementation of test case generation based on formal description, (in Chinese), Journal of Computer Applications, vol. 28, no. 4, pp. 1018-1022, 2008.

Google Scholar

[3]

Zhu Z., Xu Y., and Zhou M., Generation method survey of network protocol testing, (in Chinese), Computer Engineering and Applications, vol. 41, no. 15, pp. 172-175, 2005.

Google Scholar

[4]

Shu G., Hsu Y., and Lee D., Detecting communication protocol security flaws by formal fuzz testing and machine learning, Lecture Notes in Computer Science, vol. 5048, pp. 299-304, 2008.

Crossref Google Scholar

[5]

Banks G., Cova M., Felmetsger V., Almeroth K., Kemmerer R., and Vigna G., SNOOZE: Toward a stateful network protocol fuzzer, Lecture Notes in Computer Science, vol. 4176, pp. 343-358, 2006.

Crossref Google Scholar

[6]

Abdelnur H. J., State R., and Festor O., KIF: A stateful SIP fuzzer, in Proc. 1st Int. Principles, Systems & Applications of IP Telecommunications Conf., New York, NY, USA, 2007, pp. 47-56.

Crossref

[7]

Raniwala A., Sharma S., De P., Krishnan R., and Chiueh T. C., Evaluation of a stateful tansport protocol for multi-channel wireless mesh networks, in Proc. 15th IEEE Int. Quality of Service Workshop, Evanston, IL, USA, 2007, pp. 74-82.

Crossref

[8]

Alrahem T., Chen A., DiGiussepe N., Gee J., Hsiao S., and Mattox S., INTERSTATE: A stateful protocol fuzzer for SIP, presented at DEFCON 15, Las Vegas, NV, USA, 2007.

[9]

Chen T. Y., Kuo F. C., Merkel R. G., and Tse T. H., Adaptive random testing: The art of test case diversity, Journal of Systems and Software, vol. 83, no. 1, pp. 60-66, 2010.

Crossref Google Scholar

[10]

Kitagawa T., Hanaoka M., and Kono K., AspFuzz: A state-aware protocol fuzzer based on application-layer protocols, in Proc. IEEE Computers & Communications Symposium, Riccione, Italy, 2010, pp. 202-208.

Crossref

[11]

Akbar M. A. and Faroop M., RTP-miner: A real-time security framework for RTP fuzzing attacks, in Proc. 20th Int. Network & Operating Systems Support for Digital Audio & Video Workshop, Amsterdam, the Netherlands, 2010, pp. 87-92.

Crossref

[12]

Gorbunov S. and Rosenbloom A., Autofuzz: Automated network protocol fuzzing framework, International Journal of Computer Science & Network Security, vol. 10, no. 8, pp. 239-245, 2010.

Google Scholar

[13]

Li M. W., Zhang A. F., Liu J. C., and Li Z. T., An automatic network protocol fuzz testing and vulnerability discovering method, (in Chinese), Chinese Journal of Computers, vol. 34, no. 2, pp. 242-255, 2011.

Crossref Google Scholar

[14]

Sui A. F., Tang W., Hu J. J., and Li M. Z., An effective fuzz input generation method for protocol testing, in Proc. 13th IEEE Int. Communication Technology Conf., Ji’nan, China, 2011, pp. 728-731.

[15]

Tsankov P., Dashti M. T., and Basin D., SECFUZZ: Fuzz-testing security protocols, in Proc. 7th Int. Automation of Software Test Workshop, Zurich, Switzerland, 2012, pp. 1-7.

Crossref

[16]

Seo D., Lee H., and Nuwere E., SIPAD: SIP-VoIP anomaly detection using a stateful rule tree, Computer Communications, vol. 36, no. 5, pp. 562-574, 2013.

Crossref Google Scholar

[17]

Pan F., Hou Y., Hong Z., Wu L., and Lai H., Efficient model-based fuzz testing using higher-order attribute grammars, Journal of Software, vol. 8, no. 3, pp. 645-651, 2013.

Crossref Google Scholar

[18]

Ma R., Ji W. D., Hu C. Z., Shan C., and Peng W., Fuzz testing data generation for network protocol using classificaiton tree, in Proc. Communication Security Conf., Beijing, China, 2014, pp. 97-101.

[19]

Ma R., Wang D. G., Hu C. Z., Ji W. D., and Xue J. F., Test data generation for stateful network protocol fuzzing using a rule-based state machine, Tsinghua Science and Technology, vol. 21, no. 3, pp. 352-360, 2016.

Crossref Google Scholar

[20]

Hu C. Z., Ma R., Han X., Shan C., and Wang Y., A rule-based method of designing model for stateful network protocol, (in Chinese), China Patent CN201410333944.0, July 14, 2014.

[21]

RFC2821, https://www.ietf.org/rfc/rfc2821.txt, April, 2001.

[22]

Venustech, Everyday vulnerability weekly newspaper, http://202.85.219.10/NewsInfo/124/8109.Html, Sep. 14, 2010.

Tsinghua Science and Technology

Volume 22 Issue 5,
October 2017

Pages 458-468

DOI: 10.23919/TST.2017.8030535

Cite this article:

Ma R, Ren S, Ma K, et al. Semi-valid Fuzz Testing Case Generation for Stateful Network Protocol. Tsinghua Science and Technology, 2017, 22(5): 458-468. https://doi.org/10.23919/TST.2017.8030535

551

Views

Downloads

Crossref

N/A

Web of Science

Scopus

CSCD

Google Scholar
Citation

Altmetrics

Received: 30 September 2016

Accepted: 21 October 2016

Published: 11 September 2017