Peachfuzz模糊测试平台的研究与改进

发布时间：2018-06-03 03:16

本文选题：网络安全 + 模糊测试　；参考：《北京邮电大学》2014年硕士论文

【摘要】：信息时代的全面到来,使得计算机网络已经成为人们日常生活中极为重要的组成部分,其便利性自然不言而喻。然而因为其本身的安全问题所带来的风险也与日俱增。在网络协议中,许多协议标准制定时并未考虑到网络安全问题。近年来,随着协议漏洞带来的问题日益严重,协议漏洞挖掘也越来越凸显其重要的地位。模糊测试技术是协议漏洞挖掘领域的焦点。Peachfuzz在各种模糊测试工具中有着可靠性高,通用性强,智能易用等特点,在协议漏洞挖掘中的出色表现已经受到了越来越多的关注。然而,Peachfuzz模糊测试平台仍然存在着界面不够友好易用,变体样本不易扩展且测试用例不能抽样选取等缺陷。针对上述问题,对Peachfuzz平台的易用性和扩展性进行研究,取得如下成果： 1.为用户提供友好的协议状态机建模平台,实现所见即所得的效果,即协议状态机的模型能通过拖拽的方式直观方便的建立,将用户创建的图形模型转换为内部定义的文件格式,进而转换为Peachfuzz内部的PitFile文件。协议专家就可以关注于协议本身而不是繁琐的PitFile语法上。 2.为用户提供变体样本功能扩展平台,使得用户可以自由扩展Peachfuzz的变体样本集合,并且可以自动添加到Peachfuzz中进行使用,增强了Peachfuzz的扩展性；使得用户可以根据不同的测试需要设定三种不同层级的测试用例抽样比例,并且可以自动的适用到Peachfuzz中,提高了Peachfuzz测试的速度。
[Abstract]:With the coming of the information age, the computer network has become a very important part of people's daily life, and its convenience is self-evident. But the risks posed by their own security problems are growing. In network protocols, many protocol standards do not take network security into account. In recent years, with the increasingly serious problems caused by protocol vulnerabilities, protocol vulnerability mining has become more and more important. Fuzzy testing technology is the focus in the field of protocol vulnerability mining. Peachfuzz has the characteristics of high reliability, high universality, intelligence and easy to use in various fuzzy testing tools, and its outstanding performance in protocol vulnerability mining has been paid more and more attention. However, the fuzzy test platform of Peachfuzz still has some shortcomings, such as the interface is not friendly enough to use, the variant sample is not easy to expand and the test case can not be selected. Aiming at the above problems, the usability and extensibility of Peachfuzz platform are studied, and the results are as follows: 1. It provides a friendly protocol state machine modeling platform for users to realize the effect of "what you see is what you get", that is, the model of protocol state machine can be built intuitively and conveniently by dragging and dropping, and the graphical model created by the user can be converted into the file format defined by the internal definition. In turn, it is converted to the PitFile file inside Peachfuzz. Protocol experts can focus on the protocol itself rather than on the tedious PitFile syntax. 2. The extension platform of variant sample function is provided for users, which enables users to extend the set of variant samples of Peachfuzz freely, and can be automatically added to Peachfuzz for use, which enhances the extensibility of Peachfuzz. It enables users to set three different levels of test case sampling ratios according to different test needs, and can be automatically applied to Peachfuzz, which improves the speed of Peachfuzz testing.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】