基于模糊测试的网络协议自动化漏洞挖掘工具设计与实现

doi:10.3969/j.issn.1671-1122.2014.06.005

CORC > 北京大学 > 软件与微电子学院

	基于模糊测试的网络协议自动化漏洞挖掘工具设计与实现; Design and Implementation of Network Protocol Auto Vulnerability Mining Tool based on Fuzzing
	孙哲 ; 刘大光 ; 武学礼 ; 伟平
刊名	信息网络安全
	2014
关键词	漏洞挖掘协议分析模糊测试流量聚类 vulnerability discovery protocol analysis fuzzing lfow clustering
DOI	10.3969/j.issn.1671-1122.2014.06.005
英文摘要	文章针对传统网络协议挖掘的缺陷，着重分析了传统网络协议的分析手段、漏洞类型、产生原因和挖掘方法。文章针对传统网络协议挖掘中协议的分析过程不能自动化、构造Fuzz的数据不符合网络协议格式规范和交互的流程导致无法深入快速地进行漏洞挖掘的缺点，提出了一种基于自动化协议分析算法、流量聚类分类算法、深度数据包检测技术、Fuzz技术相互整合的自动化协议分析漏洞挖掘工具设计方案。文章设计了一套自动化协议分析的漏洞挖掘系统，给出了系统的工作流程和组织结构，以及各个模块的功能和相互之间的关系，实现了一个自动化协议分析漏洞挖掘系统的原型。文章的最大创新是通过自动化协议分析、流量聚类分类算法和DPI技术的有机结合，实现了自动化协议分析、自动形成测试路径的网络协议漏洞挖掘技术。; Due to defects of traditional discovery in networking protocol, this paper analyzes methods of traditional network protocol analysis, vulnerability types, causes and discovery approaches, and disadvantages of traditional network protocol discovery. Thus, this paper proposes a design plan of automatic analysis and discovery tool based on integration of automatic protocol analysis technology, trafifc clustering sorting algorithm, deep packet inspection technique and Fuzz. This paper designs a set of vulnerability discovery system for automatic protocol, which provides systematic working procedure and structure, and function of each module and their interrelations;and finally gives a system model realization, based on which vulnerability discovery is conducted to the FTP server software to verify validity and efifciency of the system design plan. The major innovation of this paper is the integration of automatic protocol analysis technology, trafifc clustering sorting algorithm and DPI technology, which forms the network protocol vulnerability discovery technology that can conduct automatic protocol analysis and generate test path automatically.; 国家自然科学基金; 0; 6; 23-30
语种	中文
内容类型	期刊论文
源URL	[http://ir.pku.edu.cn/handle/20.500.11897/217528]
专题	软件与微电子学院
推荐引用方式 GB/T 7714	孙哲,刘大光,武学礼,等. 基于模糊测试的网络协议自动化漏洞挖掘工具设计与实现, Design and Implementation of Network Protocol Auto Vulnerability Mining Tool based on Fuzzing[J]. 信息网络安全,2014.
APA	孙哲,刘大光,武学礼,&伟平.(2014).基于模糊测试的网络协议自动化漏洞挖掘工具设计与实现.信息网络安全.
MLA	孙哲,et al."基于模糊测试的网络协议自动化漏洞挖掘工具设计与实现".信息网络安全 (2014).