Title :
A Model-Based Behavioral Fuzzing Approach for Network Service
Author :
Jiajie Wang ; Tao Guo ; Puhan Zhang ; Qixue Xiao
Author_Institution :
China Inf. Technol. Security Evaluation Center, Beijing, China
Abstract :
Network services face various security challenges such as targeted attacks exploiting security vulnerabilities. Fuzz testing plays an important role in security testing of network service. However, current fuzzing approaches focus on protocol syntax and packet structure, more than multi-phase behavioral interactions between client and server of network service. This paper presents a model-based behavioral fuzzing approach to discover vulnerabilities of network services, which supports state-aware and multi-phase fuzz testing. Based on the model-based fuzzing framework, a finite state machine model EXT-NSFSM is proposed to manipulate the fuzzing process and guarantee the validation of fuzz test cases. The approach is implemented and then is experimented on several network services of DBMS and FTP. The test result has proved effectiveness of this approach.
Keywords :
client-server systems; fuzzy set theory; protocols; telecommunication security; DBMS; EXT-NSFSM; FTP; finite state machine model; model-based behavioral fuzzing; model-based fuzzing framework; multiphase fuzz testing; network service; packet structure; protocol syntax; security testing; Automata; Monitoring; Protocols; Security; Servers; Syntactics; Testing; behavioral testing; fuzz testing; model-based testing; security testing; vulnerability discovery;
Conference_Titel :
Instrumentation, Measurement, Computer, Communication and Control (IMCCC), 2013 Third International Conference on
Conference_Location :
Shenyang
DOI :
10.1109/IMCCC.2013.250
