基于消息序列归属优化的网络协议灰盒模糊测试方法

A Grey-Box Fuzzing Method for Network Protocols Based on Message Sequence Attribution Optimization

基于覆盖引导的网络协议灰盒模糊器AFLNET技术在网络安全测试领域较受关注,且已有较多优秀研究成果。在对AFLNET及其衍生工具进行分析后,文中发现其在对消息序列归属、消息序列评估以及消息序列变异点位置选取3个方面存在不足,并提出了基于消息序列归属优化的网络协议灰盒模糊方法。该方法定义了偏好度概念用于衡量消息序列能够给每个状态带来模糊收益的大小,同时提出了新的消息序列归属算法并结合偏好度对有趣消息序列进行重新归属。利用多维度的反馈信息构造出一个评估函数,用于更加准确地计算出每个消息序列真实的潜力。还提出了一种新的变异点分析算法,用于帮助模糊器过滤掉已变异位置,转而对其他更有趣的变异位置进行变异。实验结果表明,相比于主流方法,基于所提方法实现的QFuzzer在路径覆盖数方面提升了6.94%~11.04%,在漏洞发现数方面提升了7.24%~30.70%。

Network protocol grey box fuzzing AFLNET technology based on overlay guidance has attracted more attention in the field of network security testing,and there are many excellent research results.After the analysis of AFLNET and its derivatives,it is found that AFLNET has shortcomings in three aspects:message sequence attribution,message sequence evaluation and the selection of message sequence variation points,and a network protocol grey box fuzzy method based on message sequence attribution optimization is proposed.This method defines the concept of preference degree to measure the fuzzy benefit that message sequence can bring to each state,and proposes a new message sequence assignment algorithm combined with preference degree to re-assign interesting message sequences.Then,an evaluation function is constructed using the feedback information of multiple dimensions,which is used to more accurately calculate the true potential of each message sequence.In addition,a new mutation point analysis algorithm is proposed to help the fuzzer filter out the already mutated positions and mutate other more interesting mutated positions instead.The experimental results show that compared with the mainstream method,the QFuzzer implemented based on the proposed method increases the number of path coverage by 6.94%~11.04%,and the number of vulnerabilities found increases by 7.24%~30.70%.