摘要
现有的有状态网络协议模糊测试技术在测试时,辅助类型报文重复交互,测试效率低,且为确保测试用例有效性,仅向协议实体输入报文类型与被测状态相对应的测试用例,导致无法发现由报文异常输入顺序所引出的协议缺陷。针对这些问题,基于Q-学习算法设计出一种有状态网络协议模糊测试方法,不需要引导状态的辅助报文,且能在确保一定的测试用例有效性前提下,进行报文异常输入顺序测试。实验结果表明,所提出的模糊测试方法可以显著提高测试效率和漏洞挖掘能力。
For the current stateful network protocol fuzzing technology,the auxiliary type message repeated interaction affects the test efficiency and ensures the validity of the test case by inputting the corresponding test case according to the state of the protocol entity,so that the message abnormality input sequence test cannot be performed.In this paper,a stateful network protocol fuzzing method is designed based on Q-learning algorithm.The auxiliary message of the boot state is not required,and the message abnormality input sequence test can be performed under the premise of ensuring the validity of the test case.Experimental results show that this fuzzing method can significantly improve test efficiency and vulnerability mining capabilities.
作者
荆琛
傅晓彤
董伟
赵云飞
Jing Chen;Fu Xiaotong;Dong Wei;Zhao Yunfei(School of Cyber Engineering,Xidian University,Xi'an 710071,China;National Computer System Engineering Research Institute of China,Beijing 102209,China)
出处
《电子技术应用》
2020年第4期49-52,56,共5页
Application of Electronic Technique
关键词
模糊测试
漏洞挖掘
Q-学习算法
强化学习
fuzzing
vulnerability mining
Q-learning algorithm
reinforcement learning
