Research On Network Protocol Vulnerability Mining Technology Based On Fuzzing

In today's society,information technology is developing at an unprecedented speed,making the connection between society and information technology more and more inseparable.But at the same time,the development of computers and networks has brought more and more security problems.The frequency and impact of network security incidents caused by vulnerabilities are gradually increasing.Therefore,it has a long way to go to research on network protocol vulnerability mining technology to ensure computer and network security.An important method in vulnerability mining technology is Fuzzing testing.Fuzzing test judges whether the target program has loopholes by sending a large number of illegal inputs to the target and monitoring whether the target's operating status is abnormal.Aiming at the problem that the checksum calculation cannot pass and a large number of redundant calculations encountered in the process of network protocol vulnerability mining,with seed optimization as the direction of improvement,the protocol format analysis model and vulnerability probability prediction model are designed to guide the use cases of the Fuzzing model Generated,combined with Boofuzz to realize the tool prototype,and completed the verification experiment,which proved the effectiveness of the test tool.The following four main tasks have been carried out:1)Design and implement a protocol format analysis model based on communication data.Take the network communication data stream as the input,after processing,the network protocol format is obtained,which is added to the seed input pool as a seed,and the mutation data is filled into the network protocol format when the use case is generated,and then the checksum is calculated,and the seed is optimized from the source Solve the problem that the checksum calculation cannot pass;2)Design and realize the use of graph embedding to construct a vulnerability prediction model.Use graph embedding to analyze the test target in advance,and label the vulnerability probability of the test target function to influence the seed selection of the Fuzzing model,guide the Fuzzing model to construct more test cases for functions with higher vulnerability probability,and reduce invalid tests.The number of use cases to reduce the redundant calculation of the Fuzzing model;3)Design and implement the Fuzzing model of the predictive model.According to the seed optimization results of the format analysis model and the vulnerability prediction model,the Boofuzz framework is improved,and a Fuzzing model that improves the effectiveness of test cases is realized;4)Design an improved Fuzzing test tool effectiveness verification experiment.Through the Fuzzing test of the FTP protocol,the vulnerability in the FTP software was successfully triggered.The simulation results were consistent with the experimental expectations,which proved the effectiveness of the tool.