Abstract
Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE.
Highlights
As the use of complex and important network applications increases, network protocol security requirements become ever more significant
By analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method
The binary reverse engineering method, which is based on the genetic algorithm (GA) and a fitness function, is designed to focus on high code coverage that can reach more vulnerable points
Summary
As the use of complex and important network applications increases, network protocol security requirements become ever more significant. Fuzz testing involves injecting large amounts of data to test the security of applications, and it can be used to detect vulnerabilities in network protocol implementations. The network traffic analysis based on block-based protocol description language can closely mimic the protocol to assist in generating suitable test cases. The binary reverse engineering method, which is based on the genetic algorithm (GA) and a fitness function, is designed to focus on high code coverage that can reach more vulnerable points. We introduce a novel method that combines network traffic analysis and binary reverse engineering to improve network protocol fuzz testing. A novel method is proposed that uses the block-based protocol description language for protocol format analysis and the GA focuses on high code coverage test packets. We built a prototype fuzz testing system used to detect vulnerabilities in network protocol implementations
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have