Design And Implement Of Vulnerability Mining System For OpenFlow Protocol Based On Genetic Algorithm And Finite State Machine

With the development of computer technology and the continuous expansion of network scale,the traditional network is not easy to expand,which increases the difficulty of network optimization and personalized customization.With the advent of 5G era,technologies such as softwaredefined networking and Network Functions Virtualization are applied to the Internet of things.Software-defined networking brings programmable features to the network.Its southbound protocol generally uses OpenFlow protocol.Attacks against software-defined networking based on OpenFlow emerge in an endless stream.In view of this situation,this paper proposes to mine the vulnerabilities of OpenFlow protocol based on genetic algorithm and finite state machine,so as to find the potential threats in OpenFlow protocol in advance and help software-defined networking providers improve their security awareness.At the same time,this paper designs and implements the OpenFlow protocol vulnerability mining system based on genetic algorithm and finite state machine.Firstly,this paper studies the southbound protocol OpenFlow of software-defined networking,analyzes the protocol flow by using Wireshark to capture packets and reading the source code of OpenFlow protocol,obtains the state transition table of OpenFlow protocol,and extends the corresponding finite state machine OpenFlow.The extended finite state machine is introduced into fuzzing to enhance the penetration of test cases and cover more OpenFlow messages.Secondly,this paper studies the genetic algorithm,designs a suitable fitness function according to the code coverage and test cases,applies and improves the genetic algorithm for the OpenFlow protocol,adds model constraints after mutation,and improves the selection of the next generation population.The improved genetic algorithm can guide the generation of test cases,make the test cases develop in a better direction,improve the efficiency and code coverage of fuzzing,and then discover more loopholes.Finally,according to genetic algorithm and finite state machine model,a vulnerability mining system OFuzzer for OpenFlow protocol is designed and implemented.In order to verify the effectiveness of the system,the function of the system is tested and compared with other fuzzers.The experimental results show that the code coverage and the number of vulnerabilities mined by OFuzzer are better than the reference object.The experimental results show that the system improves the code coverage of vulnerability mining for OpenFlow protocol and has good vulnerability mining ability.