计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (12): 93-99.DOI: 10.3778/j.issn.1002-8331.1701-0138

• 网络、通信与安全 • 上一篇    下一篇

基于改进投票专家算法的专有协议模糊测试方法

刘津霖,付光远,李海龙,汪洪桥   

  1. 火箭军工程大学 信息工程系,西安 710025
  • 出版日期:2018-06-15 发布日期:2018-07-03

Proprietary protocol fuzzing method based on improved voting expert algorithm

LIU Jinlin, FU Guangyuan, LI Hailong, WANG Hongqiao   

  1. Department of Information Engineering, Rocket Force University of Engineering, Xi’an 710025, China
  • Online:2018-06-15 Published:2018-07-03

摘要: 为了解决由于专有协议的广泛应用给模糊测试带来的严峻挑战,提出了一种将协议逆向工程和模糊测试相结合的专有协议模糊测试方法。并针对现有协议关键字提取算法n-gram将报文划分成等长子序列,造成关键字提取不够精确的弊端,提出基于有损计数算法改进的投票专家算法,为专有协议的逆向过程提供更加精准的协议关键字划分。对改进的投票专家算法和报文格式的逆向过程进行了详细说明。最后从准确提取关键字信息、协议逆向效果和对目标进行模糊测试三个方面对提出的方法进行了实验分析。并且,讨论了该方法存在的不足及未来的研究方向。

关键词: 专有协议, 投票专家算法, 有损计数算法, 模糊测试

Abstract: In order to solve the serious problem about fuzzing due to the proprietary protocol is widely used, this paper proposes a proprietary protocol fuzzing method combining the protocol reverse engineering and the fuzzing technology. And aim at the disadvantage about the keywords extraction inaccurately due to existing n-gram algorithm breaks messages into the equal length subsequence, so this paper proposes an improved voting expert algorithm based on lossy counting algorithm to provide more accurate keywords extraction for proprietary protocol reverse process. Finally, the method has carried on the experimental analysis from three aspects that extracting keywords accurately, the effect of protocol reversing and the result of fuzzing. Then the existing problems of this method and the future research direction are discussed.

Key words: proprietary protocol, voting expert algorithm, lossy counting algorithm, fuzzing