| ¡¡ | Chinese Journal of Computers Full Text |
| Title | An Automatic Network Protocol Fuzz Testing and Vulnerability Discovering Method |
| Authors | LI Wei-Ming ZHANG Ai-Fang LIU Jian-Cai LI Zhi-Tang |
| Address | (School of Computer Science, Huazhong University of Science and Technology, Wuhan 430074) |
| Year | 2011 |
| Issue | No.2(242¡ª255) |
| Abstract & Background | Abstract Along with the increasing complexity of the network application, network protocol security is now become more and more important. Fuzz Testing often is used to discover DoS, buffer overflow, format string and other kinds of serious vulnerabilities of network protocols. But manually Fuzz Testing is very low effective and need adequate detail information about the protocols. The paper presents an automatic vulnerability discovering method which combines automatic Protocol Reverse Engineering technology and Fuzz Testing. The method is a four steps program£¬involving packets clustering, multiple sequences alignment, special fields recognition and fuzzer production, which find the structure of network packets and pursue Fuzz Testing. After testing FTP, TNS, EM and ISQLPlus protocols, the results show that this method is more effective and accurate than manually analysis. The method is of the important application value and can improve the security of network protocols. Keywords protocol reverse engineering; fuzz testing; vulnerability discovering Background As we all know, network protocol robustness is the foundation of network security. How to test the security of a network protocol is remaining a difficult problem. Protocol Fuzz testing is a useful method by which we can find DoS, buffer overflow, format string and other kinds of serious vulnerabilities. But currently, Protocol fuzz testing is operated manually. Manual work needs priori knowledge and is notoriously slow. In this paper, we present an automatic network protocol fuzz testing method, which greatly improves the efficiency of fuzz testing. Based on network traces, the method can automatically reverse engineer the structure of the network protocol more precisely than previous methods, and automatically produce SPIKE scripts to test the security of the network server. Experiments show that this method can work excellent and in some cases even exceed the results of manual analysis. It is an integrity and effective scheme to enhance the security of text and binary network protocols and is a part of the work to build a more reliable next generation Internet. |