| In recent years,the WIA-PA network has been widely used in factory monitoring,oilfield monitoring and other fields.In order to ensure that the increasing number of WIAPA devices can safely and stably provide services for the factory monitoring system,it seems that the vulnerability detection of the WIA-PA device protocol stack Extremely important.As a common method of vulnerability detection,fuzzing test is used to detect whether there are vulnerabilities in various software and applications.Fuzzing the WIAPA device protocol stack using the test data generated by the existing fuzzing test tool has the problems of high test data redundancy rate and weak vulnerability detection ability due to the poor pertinence and adaptability of the generated fuzzing test data.In addition,the WIA-PA device protocol stack runs on a radio frequency chip based on the ARM architecture,which leads to the failure of the abnormal monitoring module of the existing fuzzing test tool,and there is a problem that the WIA-PA device protocol stack cannot be effectively detected.In response to the above problems,the main work of this article includes several aspects:Aiming at the problems of high redundancy rate of fuzzing test data and weak vulnerability detection ability,this thesis established a unified description model of WIAPA protocol,and formulated fuzzy rules according to WIA-PA message format.Among them,the WIA-PA protocol unified description model was realized by introducing a fivetuple model,and the WIA-PA protocol script was constructed according to the five-tuple model for use by test tool.The formulation of the fuzzy rules was divided into the formulation of the WIA-PA message header byte variation factor and the formulation of the WIA-PA message load fuzzing strategy.Aiming at the problem that the existing fuzzing tools cannot effectively detect the vulnerabilities of the WIA-PA device protocol stack,In this thesis,by implementing the extended interface of the WIA-PA protocol conformance test platform,the fuzzing test function of the WIA-PA device protocol stack was added,and it was integrated into the conformance test platform in the form of a tool.According to the requirements of the fuzzing test tool,the protocol script analysis component,data fuzzing component,fuzzing data generation component,fuzzing data execution component,heartbeat detection component,testing log component and human-computer interaction interface required by the test tool were designed and implemented.This testing tool realized the functions of creating new test project,adding test case,analyzing protocol script,generating fuzzing test data,executing fuzzing test,test process monitoring,abnormal response determination,test log recording,and test data statistics.Set up a physical test environment to verify the function of the test tool designed in this thesis.The test tool designed in this paper was used to fuzzing test the WIA-PA equipment that had passed the protocol conformance test.The test results showed that the test tool had a certain vulnerability detection capability. |
PDF Full Text Request