Research On Protocol Fuzzy Testing Techniques Based On Syntax Generation And Coverage Information Guidance

Fuzzing is one of the important techniques for protocol vulnerability mining,but the variation-based grey-box protocol fuzzers tend to break the protocol message format;while the syntax-generated black-box protocol fuzzers lack the guidance of coverage information and the code coverage is not ideal.How to improve the coverage rate while ensuring a high acceptance rate of the generated test cases is a problem worthy of further study.Therefore,the research in this thesis focuses on protocol fuzzing testing techniques based on syntax generation and coverage information guidance.The core works are as follows:(1)A heuristic fuzzing method based on grammar generation and coverage guidance is proposed based on the coverage information guidance.The method dynamically learns the relationship between the current primary variation field and other variable fields in the same data model,and uses a relational table to quantify the relationship.The relational table is used to guide the combination of variation between fields in the same data model that is conducive to coverage growth when generating test cases,so that the test cases are generated in the direction of greater coverage.The fuzzer HGFuzz is implemented based on this method and experimentally evaluated,and the experimental results show the effectiveness of this method.(2)To address the problems of too random scheduling algorithm and easy destruction of the original variation of the seeds in the variation strategy of the fuzzer EPF in seed scheduling,a seed scheduling method based on fine-grained coverage information is proposed.For the seed scheduling problem,this thesis calculates the seed weights based on the coverage frequency of the branches covered by the seeds,and the lower the coverage frequency,the higher the contribution of the branches to the seed weights,so that the branches with lower coverage frequency get more chances to be covered.In addition,each seed is given an initial energy value,which is dynamically adjusted according to the feedback of coverage information to achieve the purpose of discarding poor performance seeds faster.For the variation strategy problem,this thesis keeps the original variation of the seeds in the process of mutating them,and mutates other fields one after another,so that the generated test cases explore newer branches on the basis of triggering the original branches.The experimental results demonstrate the effectiveness of the fuzzer FCIFuzz implemented based on this method.(3)To address the problem that existing protocol fuzz testing methods based on syntax generation and coverage information guidance cannot accurately represent the detailed state of the protocol entity program,a protocol fuzz testing method based on fine-grained state guidance is proposed.The state transition of the protocol entity program is represented in a fine-grained manner,and if a new branch override is triggered during the fuzzy testing process,the new state of the protocol entity program is considered to be triggered,and the message sequence is corresponded to the finegrained state one by one through the prefix message chain list,and while using the prefix message chain list to generate the message sequence,the protocol entity program can be guided to the corresponding state,and the fuzzy testing work is performed on that state Adequate fuzz testing work is performed on this state to explore deeper branching paths on this basis.Finally,the effectiveness of the method is demonstrated in terms of key metrics through comparative experiments.