Abstract
In recent years, due to the large number of unknown protocols, it is necessary to study the security of unknown protocols. IFuzzing is a universal method that can be used to study unknown protocols. In unknown protocol fuzzy test, the test object in reality often tend to be in a state of isolation, in most cases only black box testing is used, and black box testing can get feedback information is very little, which makes the black box testing of unknown protocol is often a violent test method, and it is difficult to optimize. In view of the above situation, this paper proposes a method to optimize fuzzy testing by analyzing the message of unknown protocol and combining the concept of path testing to build the message type time series tree (MTTS-Tree). Experiments show that this approach makes black-box testing of unknown protocols more strategic.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhang, X., Li, Z.: Survey of fuzz testing technology. Comput. Sci. 43(05), 1–8 (2016)
Paes, R., Mazur, D.C., Venne, B.K., Ostrzenski, J.: A guide to securing industrial control networks: integrating IT and OT systems. IEEE Ind. Appl. Mag. 26, 47–53 (2020)
Goo, Y., Shim, K., Lee, M., Kim, M.: Protocol specification extraction based on contiguous sequential pattern algorithm. IEEE Access 7, 36057–36074 (2019)
Khan, Z., Aalsalem, Y.M., Khan, K.: Five acts of consumer behavior: a potential security and privacy threat to Internet of Things. In: 2018 IEEE International Conference on Consumer Electronics (ICCE), pp. 1–3 (2018)
Kim, S., Ryou, J.: Source code analysis for static prediction of dynamic memory usage. In: International Conference on Platform Technology and Service (PlatCon), pp. 1–4 (2019)
Zolanvari, M., Teixeira, M.A., Gupta, L., Khan, K.M., Jain, R.: Machine learning-based network vulnerability analysis of industrial Internet of Things. IEEE Internet Things J. 6, 6822–6834 (2019)
Li, Z., Zhang, J., Liao, X., Ma, J.: Survey of software vulnerability detection techniques. Jisuanji Xuebao/Chin. J. Comput. 38, 717–732 (2015)
Sutton, M., Greene, A., Amini, P.: Fuzzing: Brute Force Vulnerability Discovery. Addison-Wesley Professional, Massachusetts (2007)
Wang, H., Wen, Q., Zhang, Z.: Improvement of peach platform to support GUI-based protocol state modeling. In: 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, pp. 1094–1097 (2013)
Lee, H., Shin, S., Chio, K., Chung, K., Park, S., Chio, J.: Detecting the vulnerability of software with cyclic behavior using Sulley. In: 2011 7th International Conference on Advanced Information Management and Service (ICIPM), pp. 83–88 (2011)
Aitel, D.: The advantages of block-based protocol analysis for security testing. Immunity Inc. (2002)
Zhang, L., Liang, J., Liu, L., Jiang, Z., Liu, J.: Improvement of the sample mutation strategy based on fuzzing framework peach. In: International Conference on Artificial Intelligence and Big Data, pp. 33–37 (2018)
Bratus, S., Hansen, A., Shubina, A.: LZfuzz: A Fast Compression-based Fuzzer for Poorly Documented Protocols. Darmouth College, Hanover (2008)
DeMott, J., Enbody, R., Punch, F.: Revolutionizing the Field of Grey-Box Attack Surface Testing with J. Clerk Maxwell, A Treatise on Electricity and Magnetism, 3rd edn., vol. 2, pp.68–73. Clarendon, Oxford (1892)
Amini, P.: PaiMei - reverse engineering framework. In: Reverse Engineering Conference, Benevento, Italy, pp. 21–49 (2006)
Kitagawa, T., Hanaoka, M., Kono, K.: AspFuzz: a state-aware protocol fuzzer based on application-layer protocols. In: The IEEE symposium on Computers and Communications, Riccione, Italy, pp. 202–208 (2010)
Chen, J., Diao, W., Zhao, Q., Zuo, C., Zhang, K.: IoTFuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: Network and Distributed System Security Symposium, San Diego, California, USA, pp. 1–15 (2018)
Zhang, W., Zhang, L., Mao, J., Xu, Z., Zhang, Y.: An automated method of unknown protocol fuzzing test. Jisuanji Xuebao/Chin. J. Comput. 43, 653–667 (2020)
Shen, Y., Gu, C., Chen, X., Zhang, X., Lu, Z.: Vulnerability analysis of OpenVPN system based on model learning. Ruan Jian Xue Bao/J. Softw. 30, 3750–3764 (2019)
Acknowledgment
The subject is sponsored by the National Natural Science Foundation of P. R. China (No. 61872196, No. 61872194, and No. 61902196), Scientific and Technological Support Project of Jiangsu Province (No. BE2019740, No. BK20200753, and No. 20KJB520001), Major Natural Science Research Projects in Colleges and Universities of Jiangsu Province (No. 18KJA520008), Six Talent Peaks Project of Jiangsu Province (RJFW-111), Postgraduate Research and Practice Innovation Program of Jiangsu Province (No. SJKY19_0761, No. SJKY19_0759, No. KYCX20_0759).
I would like to thank Nanjing University of Posts and Telecommunications for the help provided in this research, and also for the support provided by Computer Academy. In addition, this research is also inseparable from the help of every reference author mentioned in the article.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Fang, W., Li, P., Zhang, Y., Chen, Y. (2022). Research on Optimization of Fuzzing Test of Unknown Protocol Based on Message Type. In: Tian, Y., Ma, T., Khan, M.K., Sheng, V.S., Pan, Z. (eds) Big Data and Security. ICBDS 2021. Communications in Computer and Information Science, vol 1563. Springer, Singapore. https://doi.org/10.1007/978-981-19-0852-1_22
Download citation
DOI: https://doi.org/10.1007/978-981-19-0852-1_22
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-0851-4
Online ISBN: 978-981-19-0852-1
eBook Packages: Computer ScienceComputer Science (R0)