摘要
针对现有应用层工控协议在模糊测试过程中用例冗余度高、测试效率低和随机性强等问题,提出一种基于改进变异树的测试用例生成方法。该方法将协议样本数据序列进行树结构化,同时提取协议规约中字段优先级信息,并利用其有效地控制树中各节点属性值的变异程度,从而达到降低测试成本、提高测试效率以及增大发掘漏洞几率的目的。实验结果表明,该测试用例生成方法对提高协议模糊测试性能具有显著的优化效果和漏洞检测能力。
There are some problems of high redundancy,low test efficiency and strong randomness in the processing of fuzzing test for the existing application layer industrial control protocol,this paper proposed a test case generation method based on improved mutation-tree.The method performed tree structure on the protocol sample data sequence,extracted the field priority information in the protocol specification,and used it to effectively control the degree of variation of the attribute values of each node in the tree,thereby reducing test cost,improving test efficiency,and increasing the probability of exploiting vulnerabilities.The experimental results show that the test case generation method has significant optimization effect and vulnerability detection ability for improving the protocol fuzzy test performance.
作者
李文轩
尚文利
和晓军
陈春雨
曾鹏
Li Wenxuan;Shang Wenli;He Xiaojun;Chen Chunyu;Zeng Peng(School of Automation&Electrical Engineering,Shenyang Ligong University,Shenyang 110159,China;Shenyang Institute of Automation,Chinese Academy of Sciences,Shenyang 110016,China;Institutes for Robotics&Intelligent Manufacturing,Chinese Academy of Sciences,Shenyang 110169,China;Key Laboratory of Networked Control Systems,Chinese Academy of Sciences,Shenyang 110016,China;University of Chinese Academy of Sciences,Beijing 100049,China)
出处
《计算机应用研究》
CSCD
北大核心
2020年第12期3662-3666,共5页
Application Research of Computers
基金
国家重点研发计划项目(2018YFB2004200)
中科院战略性先导科技专项项目(XDC02020200)
国家自然科学基金资助项目(61773368)。
关键词
工控协议
变异树
模糊测试
测试用例
industrial control protocol
mutation-tree
fuzzing test
test case
