Research on network protocol vulnerability discovery based on fuzz testing

摘要

Since the network application programs are developed rapidly, and the requirement of network protocol security is continually improved, the fuzz testing has become the research hotspot. On the basis of summarizing the current research direction, the identification method and test case generation of network protocol are researched emphatically. The heuristic fuzz testing framework based on parameter weight is proposed according to heuristic search algorithm and probability weights. The existing fuzz testing and vulnerability mining tool Peach is selected for extension, in which the heuristic input tracking technology based on parameter weight is adopted by the data generation module; IDAPRO is used to extract the function's heuristic factor to form the heuristic rules, and then the heuristic rules are used to guide the test case generation process; the transmission order of test cases is determined based on parameter weight. Finally, the commonly-used FTP protocol was verified with development tools. The test results verify that the heuristic fuzz testing framework based on parameter weight achieved the expected effect.