《计算机应用研究》|Application Research of Computers

基于改进变异树的工控协议模糊测试用例生成方法

Fuzzing test case generation method for industrial control protocol based on improved mutation-tree

免费全文下载 (已被下载 次)  
获取PDF全文
作者 李文轩,尚文利,和晓军,陈春雨,曾鹏
机构 1.沈阳理工大学 自动化与电气工程学院,沈阳 110159;2.中国科学院沈阳自动化研究所,沈阳 110016;3.中国科学院机器人与智能制造创新研究院,沈阳 110169;4.中国科学院网络化控制系统重点实验室,沈阳 110016;5.中国科学院大学,北京 100049
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2020)12-028-3662-05
DOI 10.19734/j.issn.1001-3695.2019.07.0556
摘要 针对现有应用层工控协议在模糊测试过程中用例冗余度高、测试效率低和随机性强等问题,提出一种基于改进变异树的测试用例生成方法。该方法将协议样本数据序列进行树结构化,同时提取协议规约中字段优先级信息,并利用其有效地控制树中各节点属性值的变异程度,从而达到降低测试成本、提高测试效率以及增大发掘漏洞几率的目的。实验结果表明,该测试用例生成方法对提高协议模糊测试性能具有显著的优化效果和漏洞检测能力。
关键词 工控协议; 变异树; 模糊测试; 测试用例
基金项目 国家重点研发计划项目(2018YFB2004200)
中科院战略性先导科技专项项目(XDC02020200)
国家自然科学基金资助项目(61773368)
本文URL http://www.arocmag.com/article/01-2020-12-028.html
英文标题 Fuzzing test case generation method for industrial control protocol based on improved mutation-tree
作者英文名 Li Wenxuan, Shang Wenli, He Xiaojun, Chen Chunyu, Zeng Peng
机构英文名 1.School of Automation & Electrical Engineering,Shenyang Ligong University,Shenyang 110159,China;2.Shenyang Institute of Automation,Chinese Academy of Sciences,Shenyang 110016,China;3.Institutes for Robotics & Intelligent Manufacturing,Chinese Academy of Sciences,Shenyang 110169,China;4.Key Laboratory of Networked Control Systems,Chinese Academy of Sciences,Shenyang 110016,China;5.University of Chinese Academy of Sciences,Beijing 100049,China
英文摘要 There are some problems of high redundancy, low test efficiency and strong randomness in the processing of fuzzing test for the existing application layer industrial control protocol, this paper proposed a test case generation method based on improved mutation-tree. The method performed tree structure on the protocol sample data sequence, extracted the field priority information in the protocol specification, and used it to effectively control the degree of variation of the attribute values of each node in the tree, thereby reducing test cost, improving test efficiency, and increasing the probability of exploiting vulnerabilities. The experimental results show that the test case generation method has significant optimization effect and vulnerability detection ability for improving the protocol fuzzy test performance.
英文关键词 industrial control protocol; mutation-tree; fuzzing test; test case
参考文献 查看稿件参考文献
 
收稿日期 2019/7/23
修回日期 2019/9/17
页码 3662-3666
中图分类号 TP301.6
文献标志码 A