The Design And Implementation Of Malformed SIP Message Selection Subsystem Based On Test Effect Evalutaion

SIP is a multimedia communication protocol developed by the IETF. Because of its good semantic, simple structure and good extensibility, SIP has been applied to many actual scenarios such as distant learning, multimedia conferencing, VoIP, etc., which raises the safety requirements of SIP to a higher level.Recent research in SIP availability focuses on DoS evaluation whereas few research mentions fuzzing test on SIP server, which is a major way to detect robustness problems. Fuzzing test produces massive inputs to the target in order to explore potential vulnerabilities, the fatal shortcomings of which are low efficiency and poor pertinence.In order to improve the efficiency, effectiveness and pertinence of fuzzing test for SIP server, this thesis designs and implements a selection subsystem regarding the test cases. The thesis proposes a method to measure the test effect and select effective cases from a set of test cases.This thesis defines and uses average CPU usage, significance of test effect and deviation of malformed message to measure the effectiveness of test cases. Based on the measurement, the filter method first selects effective cases by malformation type and then uses BFS algorithm to find effective cases within each type. Through the evaluation and selection of malformed SIP messages, the system can provide the user with different test cases sets towards different targets so that fewer test cases will be sent in one testing process, which cuts the total test time and improves the test effect. By making report of each test, it shows the features of effective cases and provides directions when generating new test cases. Based on the above method, this thesis accomplishes the integration of the malformed sip message selection subsystem and the original SIP security test system. In practice, the subsystem launched the evaluation and selection process towards different targets so that in the subsequent testing process, the average amount of test cases sent decreased by about54%and the average test effect increased by about32%.