Zhao Zhang,Qiao-Yan Wen,Wen Tang

DOI: https://doi.org/10.1109/csss.2012.208

2012-01-01

Abstract:Security flaws existed in protocol implementations might be exploited by malicious attackers and the consequences can be very serious. Therefore, detecting vulnerabilities of network protocol implementations is becoming a hot research topic recently. However, protocol security test is a very complex, challenging and error-prone task, as constructing test packets manually or randomly are not practical. This paper presents an efficient mutation-based approach for detecting implementation flaws of network protocol. Compared with other protocol testing tools, our approach divides the procedure of protocol testing into many phases, and flexible design can cover many testing cases for the protocol implementations under testing, and could apply for testing various protocol implementations quite easily. Besides, this approach is more comprehensible that makes the protocol security test easier to carry out. To assess the usefulness of this approach, several experiments are performed on four FTP server implementations and the results showed that our approach can find flaws of protocol implementation very easily. The method is of the important application value and can improve the security of network protocols.

Shijia Gu,Weihai Li,Zhao Long

DOI: https://doi.org/10.1109/icbnmt.2010.5704875

2010-01-01

Abstract:Protocol testing has become the most vital part in the protocol engineering. Before protocol is deployed to Internet or communication network, all kinds of testing must be done with adequate test cases, while robustness testing is one of them. In this paper, we presented an integrate system for vulnerability testing with some improved techniques, such as extended Petri net, automatic test cases generation based on regular expression, syntax analysis method and so on. Finally, we implemented the testing system to Apache HTTP server 2.2 to evaluate its protocol robustness and vulnerability tolerance, and thereby verify our testing mode.

xing han,qiaoyan wen,zhao zhang

DOI: https://doi.org/10.1109/ICCSNT.2012.6526099

2012-01-01

Abstract:Mutation-based fuzz testing is a very effective approach to improve the security and reliability of protocol implementations, however, present mutation-based fuzzing technique is only effective on one field at one time, and not effective on multiple fields. What's more, there are not effective tools on fuzzing protocols based on MAC Layer. This paper presents an efficient mutation-based approach based on RATM model for multi-fields fuzzing test, which analysis the relationship among the protocol fields and the influence relationship of the fields collected. Based on these relationships, it can directly mutate corresponding testing case that might trigger the suspect vulnerabilities. And also by analyzing the results of testing, it changes the parameters of RATM to improve the quality of testing cases; besides, our methods could also fuzz protocol implementations based on MAC layer very effectively. Moreover, we design a testing framework to validate the effectiveness of RATM. We applied our approach to compare with peach on several protocol implementations and the results showed that our approach can find flaws of protocol implementation in one field and also multiple fields very effectively.

Shu Xiao,Lijun Deng,Sheng Li,Xiangrong Wang

DOI: https://doi.org/10.1109/ICCNMC.2003.1243061

2003-01-01

Abstract:Many security holes stem from the defects in network protocol implementations. This paper presents an industry best practice of integrated TCP/IP network protocol testing that targets software robustness vulnerabilities. The deployed test system consists of a versatile test engine, a protocol data unit generator and a few auxiliary tools. The specially designed kernel test engine supporting IP/TCP/UDP as carrier protocols drives predefined fault-injected PDU (protocol data unit) to the network unit under test. Its novel callback mechanism and virtual network device connection capability cost-effectively enhance user controlled testing intelligence for verifying protocols with complicated state transitions. The PDU generator aims to provide a systematic solution for rapid test case creation, which is based on new strengthened BNF (Backus-Naur form) language for protocol specification mutation and fault injection. Established on this system, we propose an integrated industry test environment for network protocol code assessment. Initial experiments and case studies with multicast protocols unveiled several robustness violations, which have significant security impacts.

Chang-Ting Lin,Chunming Wu,Min Huang,Zhenyu Wen,Qiumei Cheng

DOI: https://doi.org/10.1109/SRDSW.2016.21

2016-01-01

Abstract:IP address mutation is a proactive defense method that is used to reduce the risk of network attacks, especially to deal with the worm propagation attacks. However, previous work did not give much consideration to the negative effects that IP address mutation could bring to network performance. To be specific, there is a trade-off between network performance and security, which implies that when a security mechanism is reinforced, network performance would be impaired and vice versa. Therefore, in order to achieve the optimal balance between performance and security, an optimal solution should be provided. In this paper, we propose an adaptive IP mutation defense method which is based on temporal-dimension, to dynamically control the mutation interval according to real-time measurable metrics, assurance and avoidance. This method leverages a genetic algorithm to achieve the optimization of performance-security trade-off. We then evaluate our method in a simulated computer cluster environment, including 1024 hosts, and demonstrate that our method can successfully find the optimal solution according to the experimental results. For example, it can reduce the worm propagation significantly, while maintaining the network performance in a predefined level.

Shijia Gu,Yueyang Song,Xin Zhao,Weihai Li

DOI: https://doi.org/10.1109/MILCOM.2011.6127448

2011-01-01

Abstract:Network protocol fuzzing tries to test the robustness of a protocol implementation through exploring the infinite amount of possible anomalous inputs to find the tests that cause invalid behaviors. Therefore, protocol fuzzing is regarded as security testing, since it is essential to prove robustness in networks. Although many good practices have been done to improve protocol fuzzing, problems in automated test case generation are still unsolved. Traditional methods using formal language and protocol specification have evident defects, especially in close networks. In order to provide useful references for test data generation, protocol reverse engineering becomes a suitable solution. But approaches adopted during the last decades cost much in computational complexity and time consumption. To break through these limitations, this paper proposes a novel message matrix perturbing mode to generate test case through data mutation for application layer protocol. It is established on the basis of the mapping relationship according to ASCII code. After the conversion from a protocol message to an integer matrix, meta-perturbations can be conducted to generate test data in all syntax levels, which preserves the flexibility in complex mutating combinations. Additionally, a new statistical keyword extracting technique with priority recursive splitting pattern is introduced to provide useful information for intelligent data mutation. Finally, we evaluate the method on HTTP request message. With the transformed message matrix and corresponding keyword reference, test cases examples for protocol fuzzing are generated through perturbing process with the combination of meta-operations. Fairly good outcomes are achieved which illustrate the feasibility and efficiency of the work in this paper.

章志燮,周颢,赵保华

DOI: https://doi.org/10.3321/j.issn:0253-987x.2009.12.003

2009-01-01

Abstract:A new protocol security testing method is proposed based on a fault model.The method utilizes the mutation analysis based on the specification of constructed type algebra.Mutant operators are designed to restrict the possible fault sets in protocol;then mutants are generated and equivalent mutants are deleted;and test cases are finally constructed based on resulting mutants.Compared with existing methods,the proposed method can effectively solve several problems in current protocol security testing,such as neglecting the protocol dataflow,infinite fault sets,the lack of the mechanism to judge results,and so on.It is beneficial to the quantification and appraisal of testing to limit the possible fault sets of protocol.The method can pointedly be used to construct test cases and to judge test results,and improves testing capacity.

Wen Tang,Aifen Sui,Wolfgang H A Schmid

DOI: https://doi.org/10.1109/ICCT.2011.6157962

2011-01-01

Abstract:Our modern society is increasingly depending on information and communication systems. This demands a high level of security and robustness on the implementations of network protocols. This paper presents a model-guided approach to discover security vulnerabilities of network protocol implementations. Our approach, resulted in security tool "Styx", introduces mutation analysis and model checking into fuzz testing and provides a synthesized protocol security testing. And it not only can perform syntax testing on the input data validation component of protocol implementations, but also is able to model the behaviors of a protocol and automatically generate test traces for the verification of its internal implemented functions. To proof the concept, experiments with the open source implementation of IKE/ISAKMP have also been provided. The results show that Styx can effectively be used to discover security vulnerabilities from network protocol implementations. © 2011 IEEE.

Syed Md Mukit Rashid,Tianwei Wu,Kai Tu,Abdullah Al Ishtiaq,Ridwanul Hasan Tanvir,Yilu Dong,Omar Chowdhury,Syed Rafiul Hussain

DOI: https://doi.org/10.1145/3658644.3690312

2024-10-03

Abstract:This paper proposes Proteus, a protocol state machine, property-guided, and budget-aware automated testing approach for discovering logical vulnerabilities in wireless protocol implementations. Proteus maintains its budget awareness by generating test cases (i.e., each being a sequence of protocol messages) that are not only meaningful (i.e., the test case mostly follows the desirable protocol flow except for some controlled deviations) but also have a high probability of violating the desirable properties. To demonstrate its effectiveness, we evaluated Proteus in two different protocol implementations, namely 4G LTE and BLE, across 23 consumer devices (11 for 4G LTE and 12 for BLE). Proteus discovered 25 unique issues, including 112 instances. Affected vendors have positively acknowledged 14 vulnerabilities through 5 CVEs.

Cryptography and Security

Meng Ma,Guoai Xu

DOI: https://doi.org/10.1049/cp.2010.0774

2010-01-01

Abstract:Protocol identification is the key technology of intrusion detection. There're much of traditional limitations exist in the process of character database development. This paper introduces the concept of mutation testing and designs several mutation operators for protocol identification based on Snort rules. A self-revised method is proposed and the efficiency of which is promoted. Experiment has shown that the method is effective in making automatic amendment against protocol rules within certain scope to improve the accuracy and efficiency.

Bo Huang,Qiaoyan Wen

DOI: https://doi.org/10.1109/ICCSNT.2011.6182047

2012-01-01

Abstract:Nowadays more fuzz testing research mainly focuses on some certain phase and on some certain protocol, there is not an research on integrated system realization has been emerged. This paper presents the idea of an automated fuzz testing method for all protocols. First it adopted Finite State Machine (FSM) model in fuzz testing, and after a FSM constructed an efficient algorithm is presented for state space reduction. Last it selected every sequence for the mutation test. In this method, the FSM is created by program other than mannual work that make the fuzz testing automated and suit for all protocols.

Yanmei Zhang,Jianming Zhu

DOI: https://doi.org/10.1109/icycs.2008.260

2008-01-01

Abstract:A hybrid analysis method for protocol is proposed which combines the power of both manual and automatic methods. At first, it defines a number of attack goals and then studies how to achieve these goals by misusing the messages. An automatic analysis tool is applied in order to reach completeness based on the manual analysis. Some of the found attacks are excluded because of the low feasibility in the practical environment, and the other feasible attacks might be combined to launch more powerful compound attacks. Some vulnerability is found when applying the hybrid method to check mobile IPv6 protocol. The result shows the hybrid method is a systematic method with completeness guarantee. It fits for analyzing non-security protocols and finding the subtle vulnerability.

Chuanming Jing,Zhiliang Wang,Xingang Shi,Xia Yin,Jianping Wu

DOI: https://doi.org/10.1109/AINA.2008.98

2008-01-01

Abstract:The critical requirement on reliability, fault-tolerance and security of network devices highlights the necessity of protocol robustness testing. Mutation testing of protocol messages is an important part of robustness testing, but related theory and practices are not well developed. This paper builds a NFSM model for mutation testing of protocol messages and proposes two types of normal-verification sequence to enhance verdict mechanism. For single-field mutation testing of protocol messages, we propose the concept of compound anomalous test case to further simplify test sequences. As a standard test specification language, TTCN-3 reveals strong excellence in conformance testing, so we apply TTCN-3 to mutation testing and extend it according to test requirements. Using our method we test OSPFv2 sufficiently with a test system based on extended TTCN-3. The results indicate that our method has good capability of error-finding.

WANG Zhiqiang,ZHANG Yuqing,LIU Qixu,HUANG Tingpei

DOI: https://doi.org/10.3969/j.issn.1001-2400.2015.04.004

2015-01-01

Abstract:An algorithm for discovering SNMP protocol vulnerabilities is proposed , which solves several problems including single and one‐dimensional strategies of constructing test cases , lack of the exception monitor and debugger or inapplicability of the network and SNMP‐related software . First , by analyzing the SNM P RFC specification , the algorithm adopts the generation strategy for constructing test cases . Second , the mutation strategy is adopted to construct test cases on the basis of known information about SNMP vulnerabilities and the previous malformed data . According to the algorithm , a tool named tje SRPFuzzer is developed for bug hunting . Finally , an experiment is done on routers and software , including the Cisco router , wireshark and so on . Four groups of vulnerabilities are found , which verifies the SRPFuzzer's validity . Meanwhile , comparing with the PROTOS and other 3 tools , the SRPFuzzer is superior to these tools at test case construction , monitoring , debugging , bug hunting ability and so on .

Shameng Wen,Qingkun Meng,Chao Feng,Chaojing Tang

DOI: https://doi.org/10.1371/journal.pone.0186188

IF: 3.7

2017-10-19

PLoS ONE

Abstract:Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE.

Yan Pan,Wei Lin,Liang Jiao,Yuefei Zhu

DOI: https://doi.org/10.1155/2022/6880677

IF: 1.968

2022-05-06

Security and Communication Networks

Abstract:The widely used network protocols play a crucial role in various systems. However, the protocol vulnerabilities caused by the design of the network protocol or its implementation by programmers lead to multiple security incidents and substantial losses. Hence, it is important to study the protocol fuzzing in order to ensure its correctness. However, the challenges of protocol fuzzing are the mutation of protocol messages and the deep interactivity of the protocol implementation. This paper proposes a model-based grey-box fuzzing approach for protocol implementations, including the server-side and client-side. The proposed method is divided into two phases: automata learning based on the minimally adequate teacher (MAT) framework and grey-box fuzzing guided by the learned model and code coverage. The StateFuzzer tool used for evaluation is presented to demonstrate the validity and feasibility of the proposed approach. The server-side fuzzing can achieve similar or higher code coverage and vulnerability discovery capability than those of AFLNET and StateAFL. Considering the client, the results show that it achieves 1.5X branch coverage (on average) compared with the default AFL, and 1.3X branch coverage compared with AFLNET and StateAFL, using the typical implementations such as OpenSSL, LibreSSL, and Live555. The StateFuzzer identifies a new memory corruption bug in Live555 (2021-08-25) and 14 distinct discrepancies based on differential testing.

computer science, information systems,telecommunications

Li Weihai,Ma Yan,Huang Xiaohong

DOI: https://doi.org/10.1109/icbnmt.2009.5347784

2009-01-01

Abstract:An extend vulnerability testing method for communication protocol is brought forward first, which is combined protocol Syntax analysis with Petri Net system. Then vulnerability testing of implementation of WAP protocol is made and the process is analyzed to prove the feasibility of the method.

Weilin CHEN,Hao ZHOU,Baohua ZHAO

DOI: https://doi.org/10.3321/j.issn:0253-987X.2008.12.010

2008-01-01

Abstract:Considering the data flow description in protocol security testing, mutation analysis is introduced based on constructed type algebra, and a new protocol security testing method is proposed. Mutant operators are designed based on protocol specification, security mutation formulas are generated from existing conformance testing expressions, and then practical security testing cases are transformed from these formulas. The steps of protocol security testing using the method are described. The method is well integrated with conformance testing to cover some known protocol security vulnerabilities, and has the ability to reveal potential problems.

Wei Pan,Weihua Li

DOI: https://doi.org/10.1109/ICMeCG.2009.111

2009-01-01

Abstract:E-Commerce systems are suffering more and more security issues. Vulnerabilities of authentication systems are revealed when various attacks and malicious abuses are developed and deployed to violate security of system and information. To improve the ability to defend authentication system against invasion and abuse, a novel penetration testing method for E-Commerce authentication system is proposed to scrutinize the vulnerabilities of e-Commerce authentication system and evaluate severity level of potential vulnerabilities. The penetration testing method is an active vulnerability analysis and verification method that can mimic active attacks and perform exploitations by constructing effective and concise penetration testing cases. Through analyzing dynamic taint propagation, the presented method can determine feasibility of the attacks and evaluate security of authentication system. The experiment demonstrates the proposed method can serve as a viable and effective candidate for security detection of authentication system.

LI Hong-bin,LEI Wei-min,YANG Xue-hua

2010-01-01

Abstract:VoIP security testing tool has become an indispensable means to develop or test the robustness of SIP service and program for developers or managers.By analyzing the SIP network security threats in detail and discussing several open source VoIP security testing tools for its security vulnerabilities,the paper gives a simple SIP attack description model and a novel VoIP security testing tools.Through the establishment of a simple XML-based SIP message flow,a tester initiates all kinds of attack scenarios to test the security and robustness of the SIP program and service,and the test results are presented to the tester.