Research On Network Protocol Vulnerability Mining Method Based On Deep Learning

With the rapid development of the Internet era,the importance of network security issues is increasing day by day.The security of network protocols as the infrastructure in the Internet is particularly important.Vulnerability mining technology can discover potential security vulnerabilities in advance.Actively digging vulnerabilities and preventing them before they occur is an important means of maintaining network security.Among the vulnerability mining methods for network protocols,fuzzing is the most commonly used and effective method today.The validity of test cases in fuzzing is the key to discovering unknown vulnerabilities in protocols or systems.In order to provide effective test cases,researchers usually learn and analyze the format specifications of a network protocol under test,then generate test cases based on prior knowledge of the network protocol specifications,and perform fuzz testing on specific network protocol implementations.However,the manual analysis of various protocols requires a certain amount of manpower and time,which also reduces the efficiency of network protocol vulnerability mining to a certain extent.Therefore,this paper designs a general network protocol vulnerability mining method based on fuzzing.This method is suitable for fuzzing the source code of various network protocols,and the manual analysis of network protocols in the process of traditional network protocol vulnerability mining is omitted through deep learning methods.The work of this paper mainly includes the following.(1)Aiming at the validity of test cases,a model and method for test case optimization based on deep learning is proposed.This method uses the deep learning mechanism to replace the process of acquiring prior knowledge of the protocol,and uses a universal modeling method.Therefore,it is suitable for generating test cases of multiple network protocols.(2)Aiming at the fuzzing problem of network protocols,the AFL(American Fuzz Lop)fuzzing tool has been improved.Combined with the test case optimization method,the fuzzing of network protocols has been implemented.So the efficiency of fuzzing test has been improved compared to the original AFL tool.(3)Aiming at the problem of multi-state fuzz testing of network protocols,a multistate fuzz testing auxiliary xml file(AXF)is defined to guide the fuzzing process.And it is combined with Netzob and the minimum inter-class distance clustering method offered in this paper,so as to realize the automatic generation of AXF by obtaining the protocol status.Compared with the configuration files of similar fuzzing tools,the AXF file is more concise and does not need to rely on manual configuration.(4)A multi-state fuzz testing algorithm is designed based on the AXF file.This algorithm can perform fuzz testing on multiple states of the protocol under test,thereby achieving the improvement from single-state coverage to multi-state coverage.The above methods have been implemented by a fuzzing system for network protocols in this paper,and have been verified with open source implementations of multiple protocols.The verification results show that the fuzzing method in this paper has a high degree of automation,high efficiency and wide application range.As a result,it can solve the problem of general network protocol vulnerability mining.