| 针对私有协议的模糊测试技术研究 |
| |
| 引用本文: | 彭勇,王婷,熊琦,戴忠华,伊胜伟,高海辉.针对私有协议的模糊测试技术研究[J].北方交通大学学报,2013(5):8-12. |
| |
| 作者姓名: | 彭勇 王婷 熊琦 戴忠华 伊胜伟 高海辉 |
| |
| 作者单位: | 中国信息安全测评中心,北京100085 |
| |
| 基金项目: | 国家科技重大专项资助(2012ZX03002002) |
| |
| 摘 要: | 模糊测试(Fuzzing)技术是一种很有效的自动化软件漏洞挖掘技术,将其运用到网络协议测试领域非常具有现实意义.本文结合网络协议本身的特点,分析了对网络协议进行模糊测试需要注意的关键问题,并在传统模糊测试框架的基础上,在代码覆盖和目标监控等方面加以改进,提出一个基于自动化的网络协议模糊测试框架;同时,针对私有网络协议,特别是经过编码的私有网络协议模糊测试提出有效的测试思路,以减少在协议解析过程中,对加密例程进行逆向工程的艰难过程,提高漏洞挖掘的效率.
|
| 关 键 词: | 模糊测试 漏洞挖掘 私有协议 协议解析 |
Fuzzing technology for private network protocol testing |
| |
| PENG Yong,WANG Ting,XIONG Qi,DAI Zhonghua,YI Sheng'wei,GAO Haihui.Fuzzing technology for private network protocol testing[J].Journal of Northern Jiaotong University,2013(5):8-12. |
| |
| Authors: | PENG Yong WANG Ting XIONG Qi DAI Zhonghua YI Sheng'wei GAO Haihui |
| |
| Institution: | ( China Information Technology Evaluation Center, Beijing 100085, China ) |
| |
| Abstract: | Fuzzing is an effective automated vulnerability finding technology. It is significant to apply it to the field of testing for network protocols. According to the characteristics of network protocols, the paper analyses the basic principles of fuzzing in network protocols, and proposes an automated framework of fuzzing in network protocols. Meanwhile, it has proposed an effective testing method for the fuzzing in encrypted network protocols. The method has decreased the pro- cedure, which is used to reverse engineering for the encryption routines in the course of protocol analysis. In addition, the efficiency in vulnerability detecting has greatlv imDroved. |
| |
| Keywords: | fuzzy testing vulnerability detecting private network protocol protocol dissection |
| 本文献已被 维普 等数据库收录! |
|
