Research On Fuzzing Technologies Of Network Protocol Based On Field Mutation

As a standard for communication between different entities in a network,network protocols’ security can affect thousands of network devices.However,according to recent statistics,high-risk vulnerabilities in network protocol software have been increasing,making it crucial to analyze their security.Fuzz testing,due to its high efficiency and ease of implementation,is one of the most effective testing techniques used in various fields.Current research on network protocol fuzz testing can be mainly divided into two categories: mutation-based and generation-based fuzz testing.Generation-based fuzz testing requires generating model files based on protocol specifications,which requires a lot of manual labor,and testing efficiency is low.Additionally,it cannot be applied to protocols with undisclosed specifications.Mutation-based fuzz testing,on the other hand,generates many test cases that do not comply with the protocol specifications due to the uncertainty of mutations,thereby affecting testing efficiency.To address the problems existing in current protocol fuzz testing research,this paper designs and implements a network protocol fuzz testing system based on field mutation.The main work of this paper is as follows:(1)This paper proposes a protocol reverse engineering method based on program execution traces,which extracts the syntax and semantic information of protocol messages.Based on the software’s parsing method for different parts of the message,the message is divided into different fields such as separators and keywords to obtain the basic format of the protocol message.The format information is then used to guide the fuzz testing process so that it can generate effective test cases without requiring protocol specifications.(2)This paper adopts an intelligent mutation strategy combining multiple mutation operators,designing different mutation strategies for fields with different semantic information in the message.Additionally,a mechanism for guiding field mutation direction is designed to ensure that mutations occur on fields more likely to cause errors,improving testing efficiency.In the fuzz testing process,the communication sequence between the server and client is defined as the current state of the protocol.A triple feedback mechanism is designed for code coverage,program state,and state transition,and the seed retention and selection algorithm under the triple feedback mechanism allow the fuzzer to fully test the different state spaces of the protocol.(3)Experiments are designed to compare the effectiveness of the network protocol fuzz testing system CNWFuzzer designed in this paper and existing protocol fuzz testing tools,and the experimental results are presented and analyzed.During the 24-hour testing process of four open-source protocol software,the network protocol fuzz testing system designed in this paper surpasses existing protocol fuzz testing tools in terms of discovered path numbers,unique crash numbers,and code coverage,improving protocol testing efficiency and effectively detecting errors in protocol software.