Machine Learning for Black-Box Fuzzing of Network Protocols

摘要

As the network services are gradually complex and important, the security problems of their protocols become more and more serious. Vulnerabilities in network protocol implementations can expose sensitive user data to attackers or execute arbitrary malicious code deployed by attackers. Fuzzing is an effective way to find security vulnerabilities for network protocols. But it is difficult to fuzz network protocols if the specification and implementation code of the protocol are both unavailable. In this paper, we propose a method to automatically generate test cases for black-box fuzzing of proprietary network protocols. Our method uses neural-network-based machine learning techniques to learn a generative input model of proprietary network protocols by processing their traffic, and generating new messages using the learnt model. These new messages can be used as test cases to fuzz the implementations of corresponding protocols.