Networking Protocol Fuzzing Of Weight-based Measurement

With the increasing popularity of the network, network security is becoming a serious problem of Web services and communication. Then the corresponding network security testing has emerged. Most of the network services are provided by the network protocol-based software, Therefore, the network security testing methods for protocol software for have gradually emerged, but the traditional method has low efficiency and the inherent default.In recent years, the fuzzing test method is gradually rising. Fuzzing test is a dynamic method between black and white box testing. The network protocol fuzzing analysis in the software testing has a unique advantage, but the traditional network protocol fuzzing test has a disadvantage of low efficiency in handling the input data. This paper puts forward the weight-based fuzzing test of network protocols. With debugging the weight-based fuzzing test handles input data with some weighting values, making the fuzzing data on software security flaws testing more targeted. Also the implementation of the fuzzing test automation processing.Dealing with fuzzing input data, this paper uses block-based protocol description language to describe the network protocol format. It solves the protocol data packets to be dynamically calculated in the length of the data portion of the problem, resulting in a real and effective fuzzing test data. And we created the fuzzing database of the input parameters, who can produce a large number of relatively effective test data. The weight-based fuzzing test of network protocols measure parameters by dynamic fuzzing technology of debug tracing, and then giving some input parameters weighting values, which reduces the amount of test data to improve analysis efficiency.On Linux platform, our software of automating testing processes includes the following fuzzing modules:protocol analysis and script processing module, debugger module and fuzzer module. Protocol analysis and script processing module can automatically resolve the protocol and generate the test scripts; Debugger connects to the fuzzer and tracking markers which were used in the dangerous functions of the tested programme, and then mark values on the markers depending on the useness of the dangerous functions. Then the markers with heavier weights ware fuzzed first by fuzzer. It have some practical and efficient.