A Model-Based Behavioral Fuzzing Approach for Network Service

Author

Jiajie Wang ; Tao Guo ; Puhan Zhang ; Qixue Xiao

Author_Institution

China Inf. Technol. Security Evaluation Center, Beijing, China

fYear

2013

fDate

21-23 Sept. 2013

Firstpage

1129

Lastpage

1134

Abstract

Network services face various security challenges such as targeted attacks exploiting security vulnerabilities. Fuzz testing plays an important role in security testing of network service. However, current fuzzing approaches focus on protocol syntax and packet structure, more than multi-phase behavioral interactions between client and server of network service. This paper presents a model-based behavioral fuzzing approach to discover vulnerabilities of network services, which supports state-aware and multi-phase fuzz testing. Based on the model-based fuzzing framework, a finite state machine model EXT-NSFSM is proposed to manipulate the fuzzing process and guarantee the validation of fuzz test cases. The approach is implemented and then is experimented on several network services of DBMS and FTP. The test result has proved effectiveness of this approach.

Keywords

client-server systems; fuzzy set theory; protocols; telecommunication security; DBMS; EXT-NSFSM; FTP; finite state machine model; model-based behavioral fuzzing; model-based fuzzing framework; multiphase fuzz testing; network service; packet structure; protocol syntax; security testing; Automata; Monitoring; Protocols; Security; Servers; Syntactics; Testing; behavioral testing; fuzz testing; model-based testing; security testing; vulnerability discovery;

fLanguage

English

Publisher

ieee

Conference_Titel

Instrumentation, Measurement, Computer, Communication and Control (IMCCC), 2013 Third International Conference on

Conference_Location

Shenyang

Type

conf

DOI

10.1109/IMCCC.2013.250

Filename

6840640