NetFuzz: multi-objective fuzzy testing of network protocols based on classification tree

导出

摘要 Addressing the issues of high redundancy,poor targeting,and low efficiency in the fuzzy testing process of application-layer network protocols,NetFuzz,a novel multi-objective fuzzy testing tool based on a classification tree was introduced in this paper. NetFuzz utilizes a four-tiered classification tree protocol description method for application-layer network protocols,encompassing the protocol under test,its functions,specific commands,parameters,and variant markers. A multi-objective optimization model is designed to enhance the coverage,validity,and diversity of test cases,with a genetic algorithm employed to generate these cases. The tool is evaluated by testing file transfer protocol( FTP) and hypertext transfer protocol( HTTP) servers with known vulnerabilities,comparing its performance against the Peach fuzzing tool. NetFuzz can effectively detect security vulnerabilities that Peach Fuzzer tool failed to identify. While ensuring the detection of vulnerabilities,the testing time is reduced by approximately 58%,and the number of valid test cases increases by 47. 67%.

作者 Sun Jiaze Zhao Yang Qiang Yixing

机构地区 School of Computer Science and Technology Shaanxi Key Laboratory of Network Data Analysis and Intelligent Processing Xi'an Key Laboratory of Big Data and Intelligent Computing School of Marxism

出处《The Journal of China Universities of Posts and Telecommunications》 2025年第3期106-114,共9页 中国邮电高校学报(英文版)

关键词 fuzzy testing network protocol MULTI-OBJECTIVE test case classification tree

分类号 TP393.0 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献12

1喻波,苏金树,杨强,黄见欣,盛周石,刘润昊,卢建君,梁晨,陈晨,赵磊.网络协议软件漏洞挖掘技术综述[J].软件学报,2024,35(2):872-898. 被引量：11
2李伟明,张爱芳,刘建财,李之棠.网络协议的自动化模糊测试漏洞挖掘方法[J].计算机学报,2011,34(2):242-255. 被引量：69
3任泽众,郑晗,张嘉元,王文杰,冯涛,王鹤,张玉清.模糊测试技术综述[J].计算机研究与发展,2021,58(5):944-963. 被引量：37
4刘振岩,张华,刘勇,杨立波,王梦迪.一种高效的软件模糊测试种子生成方法[J].西安电子科技大学学报,2024,51(2):126-136. 被引量：1
5徐伟,王林章,李宣东.基于分类树的随机测试用例生成[J].计算机科学,2009,36(1):263-266. 被引量：7
6李文轩,尚文利,和晓军,陈春雨,曾鹏.基于改进变异树的工控协议模糊测试用例生成方法[J].计算机应用研究,2020,37(12):3662-3666. 被引量：4
7曾凡平,黄玉涵,张美超,潘能刚.基于遗传算法聚类的变异体约简[J].计算机应用,2011,31(5):1314-1317. 被引量：3
8陈乾,洪征,司健鹏.融合SENet和Transformer的应用层协议识别方法[J].计算机科学与探索,2024,18(3):805-817. 被引量：8
9刘静静,袁耀东.基于启发式搜索和分类树的网络协议模糊测试用例生成方法研究[J].现代电子技术,2016,39(21):36-39. 被引量：3
10游亮,卢炎生.测试用例集启发式约简算法分析与评价[J].计算机科学,2011,38(12):147-150. 被引量：9

二级参考文献69

1张宝峰,张翀斌,许源.基于模糊测试的网络协议漏洞挖掘[J].清华大学学报（自然科学版）,2009(S2):2113-2118. 被引量：15
2刘立芳,霍红卫,王宝树.PHGA-COFFEE:多序列比对问题的并行混合遗传算法求解[J].计算机学报,2006,29(5):727-733. 被引量：11
3Hamlet R. Random testing. Encyclopedia of Software Engineering. John Wiley and Sons, 1994
4Rumbaugh J, Jacobson I, Booch G. The Unified Modeling Language User Guide. Boston: Addison-Wesley, 2001
5Wang L, Yuan J, Yu X, et al. Generating Test Cases from UML Activity Diagram Based on Gray-Box Method // Proc. of APSEC' 04. IEEE Computer Society, New Jersey, 2004: 284-291
6Chen T, Poon P, Tang S, et al. Identification of Categories and Choices in Activity Diagrams//Proc. of the 5th International Conference on Quality Software (QSIC' 05). IEEE Computer Society, 2005 : 55-63
7Chen M, Qiu X, Xu W, et al. UML Activity Diagram-based Automatic Test Case Generation for Java Programs. The Computer Journal, 2007, doi: 10. 1093/comjnl/bxm057
8Chen T Y , Huang D H , Zhou Z Q. Adaptive random testing through iterative partitioning//Proc, of the 11th International Conference on Reliable Software Technologies, LNCS 4006. Berlin Heidelberg: Springer-Verlag, 2006: 155-166
9Ciupa L, Leitner A, Oriol M, et al. Object distance and its application to adaptive random testing of obiect-oriented programs// Proc. of the 1st International workshop on Random Testing (RT'06). ACM Press,2006.-55 63
10Grochtmann M , Wegener J , Grimm K. Test case design using classification trees and the classification-tree editor CTE//Proc. of the 8th International Software Quality Week (QW' 95), Software Research Institute, San Francisco, CA, 1995

共引文献138

1文瑾.基于UML顺序图的回归测试用例生成研究[J].集成技术,2013,2(3):75-78. 被引量：2
2潘璠,吴礼发,杜有翔,洪征.协议逆向工程研究进展[J].计算机应用研究,2011,28(8):2801-2806. 被引量：22
3刘龙霞,吴军华.基于分类树和贪心算法的测试数据自动生成方法[J].计算机工程与设计,2011,32(8):2734-2736. 被引量：5
4杜有翔,吴礼发,潘璠,洪征.一种基于报文序列分析的半自动协议逆向方法[J].计算机工程,2012,38(19):277-280. 被引量：5
5崔宝江,梁姝瑞,彭思维,郭祎嘉.基于节点克隆的IEEE802.15.4协议动态安全检测技术[J].清华大学学报（自然科学版）,2012,52(10):1500-1506. 被引量：1
6潘璠,洪征,杜有翔,吴礼发.基于递归聚类的报文结构提取方法[J].四川大学学报（工程科学版）,2012,44(6):137-142. 被引量：13
7张钊,唐文,温巧燕.一种基于长度语义约束的报文格式挖掘方法[J].北京邮电大学学报,2012,35(6):55-59. 被引量：4
8黎敏,余顺争.抗噪的未知应用层协议报文格式最佳分段方法[J].软件学报,2013,24(3):604-617. 被引量：17
9罗成,张玉清,王龙,刘奇旭.基于符号表达式的未知协议格式分析及漏洞挖掘[J].中国科学院研究生院学报,2013,30(2):278-284. 被引量：4
10侯莹,洪征,潘璠,吴礼发.基于模型的Fuzzing测试脚本自动化生成[J].计算机科学,2013,40(3):206-209. 被引量：7

1吴姗姗,冯亚玲,黄娉婷,童瑶.基于多工具协同的协议模糊测试应用[J].数字技术与应用,2025,43(11):48-50.
2Yu TENG,Hanyue CHEN,Junri MI,Miaomiao ZHANG,Jie AN,Naijun ZHAN.Active learning of deterministic timed automata via timed classification tree[J].Science China(Information Sciences),2025,68(12):153-169.
3Tao Zihui.THE ISLAND THAT CAN A gateway opened by innovation,linking Hainan to global flows[J].Beijing Review,2025,68(52):12-15.
4朱连凯.一种针对Modbus/TCP协议的漏洞挖掘方法[J].工业控制计算机,2025,38(10):115-117.
5赵思远.基于多协议融合通信的储能电站设计与性能评估研究[J].通信电源技术,2025,42(21):125-127.
6李星辰,李宗民,杨超智.基于可信伪标签微调的测试时适应算法[J].图学学报,2025,46(6):1292-1303.
7YIN Xu,FAN Zhi-rui,CAO Dong-hui,LIU Yu-jie,LI Meng-shu,YAN Jun,YANG Zhi-xun.Research on Multi-Level Automatic Filling Optimization Design Method for Layered Cross-Sectional Layout of Umbilical[J].China Ocean Engineering,2025,39(5):891-903. 被引量：1
8First Line Open,Second Line Set[J].Beijing Review,2025,68(52):2-2.
9侯潇逸,田杰斌,赵硕,赵志成.基于多头注意力机制的相似源码漏洞检测仿真[J].计算机仿真,2025,42(11):242-247.
10Sen Li,Ge Tian,Xiling Fu,Wei Xiao,Xiude Chen,Dongmei Li,Qingjie Wang,Ling Li.Genome-wide identification of the PpSWEET gene family and function characterization of PpSWEET6 associated with endodormancy release in peach bud[J].Journal of Integrative Agriculture,2025,24(11):4255-4270.

The Journal of China Universities of Posts and Telecommunications

2025年第3期

浏览历史

内容加载中请稍等...

NetFuzz: multi-objective fuzzy testing of network protocols based on classification tree

参考文献12

二级参考文献69

共引文献138

相关作者

相关机构

相关主题

浏览历史