摘要
为了解决现有网络协议测试数据生成方法中,在面对加密、压缩、校验等编码机制时,测试数据的代码覆盖范围过小的问题,文章提出了一种编码函数交叉定位网络协议测试数据生成方法。通过静态特征分析方法,找到网络输出的接口函数地址、库函数中编码函数地址及主模块中可疑编码函数地址。通过流量交叉比对方法,分析网络协议数据的特征并将影响网络协议流量数据的编码函数作为内存模糊测试中的变异点。采用断点调试方法,调试网络协议的二进制执行程序:当程序执行到快照点时,保存进程运行所需要的全部信息;执行到恢复点时,恢复进程上下文数据,使进程从快照点重新执行;执行到变异点时,对指定内存数据进行畸形变异;执行到网络输出接口函数时,生成测试数据发送到网络进行测试。通过实验证明,该方法可以在不需要协议语法细节的条件下,实现较高的代码覆盖率,生成有效的测试数据。
In order to solve the existing problem that the code coverage of network protocol test data generation method is too small,when facing the encoding mechanism such as encryption,compression,this paper presents a network protocol test data generation method based on cross location of encoding function.Through the static characteristic analysis method,finding the address of network output interface function,library encoding function and suspicious encoding function in main module.Through flow comparison method,analyzing the characteristics of network protocol data and use the encoding function address associated with the data flow of network protocol as mutation point in the test of fuzzy memory.Use software breakpoints callback method,debug network protocol binary executable program: running to the snapshot point,save process operation needs; running to the restore point,restore process context data,make the process re-execution from the snapshot point; running to the mutation point,mutate the memory data; running to network output interface function,generating test data sent to the network.
出处
《信息网络安全》
2016年第3期8-14,共7页
Netinfo Security
基金
国家242计划[2005C48]
北京理工大学科技创新计划重大项目[2011CX01015]
关键词
网络协议
漏洞挖掘
编码函数定位
network protocol
vulnerability discovery
encoding function positioning
