Toward Fuzz Test Based on Protocol Reverse Engineering

摘要

Fuzz test is effective and efficient technique in discovering serious vulnerability in a network protocol by inserting unexpected data into the input message of the protocol and finding its bugs or errors. However, traditional fuzz test requires a large number of test cases to cover every test case, which is a time-consumed and inefficient process. In order to address this problem, we propose a novel method to reduce the number of test cases. The proposed method uses the technique of protocol reverse engineering to reconstruct the protocol's specification and create test cases by inserting fault fields into protocol input according to its format. The experimental results show that the proposed method can effectively identify the message fields of protocol and the total number of test cases is dramatically reduced.