Fuzz testing data generation for network protocol using classification tree

Rui Ma; Wendong Ji; Changzhen Hu; Chun Shan; Wu Peng

doi:10.1049/cp.2014.0748

Fuzz testing data generation for network protocol using classification tree

Rui Ma, Wendong Ji, Changzhen Hu, Chun Shan, Wu Peng

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

10 Citations (Scopus)

Abstract

Aiming at the test data generation, which is one of the key issues in the network protocol fuzzing, this paper presents a new method on the basis of classification tree and heuristic operator. The method firstly builds up a protocol classification tree divided into 4 layers: target network protocol, protocol fields, attributes belonging to all fields, and attribute values. In order to reduce the scale of fuzz testing data, heuristic operators are defined to remove useless items from value sets of attributes. And then the test data for each protocol field was obtained by doing Cartesian product between value sets of attributes. The fuzz testing data for target network protocol is finally generated by replacing the corresponding field in the protocol with its fuzzing data one by one. Experimental results indicate that our method could successfully detect vulnerabilities, while dramatically reduce the number of test data and highly improve the quality of test data.

Original language	English
Title of host publication	IET Conference Publications
Publisher	Institution of Engineering and Technology
Edition	CP653
ISBN (Print)	9781849198448
DOIs	https://doi.org/10.1049/cp.2014.0748
Publication status	Published - 2014
Event	2014 Communications Security Conference, CSC 2014 - Beijing, China Duration: 22 May 2014 → 24 May 2014

Publication series

Name	IET Conference Publications
Number	CP653
Volume	2014

Conference

Conference	2014 Communications Security Conference, CSC 2014
Country/Territory	China
City	Beijing
Period	22/05/14 → 24/05/14

Keywords

Classification tree
Heuristic operator
Network protocol fuzzing
Test data generation

Access to Document

10.1049/cp.2014.0748

Cite this

@inproceedings{d21fec5d437e42068921b457bbf2285e,

title = "Fuzz testing data generation for network protocol using classification tree",

abstract = "Aiming at the test data generation, which is one of the key issues in the network protocol fuzzing, this paper presents a new method on the basis of classification tree and heuristic operator. The method firstly builds up a protocol classification tree divided into 4 layers: target network protocol, protocol fields, attributes belonging to all fields, and attribute values. In order to reduce the scale of fuzz testing data, heuristic operators are defined to remove useless items from value sets of attributes. And then the test data for each protocol field was obtained by doing Cartesian product between value sets of attributes. The fuzz testing data for target network protocol is finally generated by replacing the corresponding field in the protocol with its fuzzing data one by one. Experimental results indicate that our method could successfully detect vulnerabilities, while dramatically reduce the number of test data and highly improve the quality of test data.",

keywords = "Classification tree, Heuristic operator, Network protocol fuzzing, Test data generation",

author = "Rui Ma and Wendong Ji and Changzhen Hu and Chun Shan and Wu Peng",

year = "2014",

doi = "10.1049/cp.2014.0748",

language = "English",

isbn = "9781849198448",

series = "IET Conference Publications",

publisher = "Institution of Engineering and Technology",

number = "CP653",

booktitle = "IET Conference Publications",

address = "United Kingdom",

edition = "CP653",

note = "2014 Communications Security Conference, CSC 2014 ; Conference date: 22-05-2014 Through 24-05-2014",

}

Ma, R, Ji, W, Hu, C , Shan, C & Peng, W 2014, Fuzz testing data generation for network protocol using classification tree. in IET Conference Publications. CP653 edn, 0748, IET Conference Publications, no. CP653, vol. 2014, Institution of Engineering and Technology, 2014 Communications Security Conference, CSC 2014, Beijing, China, 22/05/14. https://doi.org/10.1049/cp.2014.0748

Fuzz testing data generation for network protocol using classification tree. / Ma, Rui; Ji, Wendong; Hu, Changzhen et al.
IET Conference Publications. CP653. ed. Institution of Engineering and Technology, 2014. 0748 (IET Conference Publications; Vol. 2014, No. CP653).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Fuzz testing data generation for network protocol using classification tree

AU - Ma, Rui

AU - Ji, Wendong

AU - Hu, Changzhen

AU - Shan, Chun

AU - Peng, Wu

PY - 2014

Y1 - 2014

N2 - Aiming at the test data generation, which is one of the key issues in the network protocol fuzzing, this paper presents a new method on the basis of classification tree and heuristic operator. The method firstly builds up a protocol classification tree divided into 4 layers: target network protocol, protocol fields, attributes belonging to all fields, and attribute values. In order to reduce the scale of fuzz testing data, heuristic operators are defined to remove useless items from value sets of attributes. And then the test data for each protocol field was obtained by doing Cartesian product between value sets of attributes. The fuzz testing data for target network protocol is finally generated by replacing the corresponding field in the protocol with its fuzzing data one by one. Experimental results indicate that our method could successfully detect vulnerabilities, while dramatically reduce the number of test data and highly improve the quality of test data.

AB - Aiming at the test data generation, which is one of the key issues in the network protocol fuzzing, this paper presents a new method on the basis of classification tree and heuristic operator. The method firstly builds up a protocol classification tree divided into 4 layers: target network protocol, protocol fields, attributes belonging to all fields, and attribute values. In order to reduce the scale of fuzz testing data, heuristic operators are defined to remove useless items from value sets of attributes. And then the test data for each protocol field was obtained by doing Cartesian product between value sets of attributes. The fuzz testing data for target network protocol is finally generated by replacing the corresponding field in the protocol with its fuzzing data one by one. Experimental results indicate that our method could successfully detect vulnerabilities, while dramatically reduce the number of test data and highly improve the quality of test data.

KW - Classification tree

KW - Heuristic operator

KW - Network protocol fuzzing

KW - Test data generation

UR - http://www.scopus.com/inward/record.url?scp=84912140151&partnerID=8YFLogxK

U2 - 10.1049/cp.2014.0748

DO - 10.1049/cp.2014.0748

M3 - Conference contribution

AN - SCOPUS:84912140151

SN - 9781849198448

T3 - IET Conference Publications

BT - IET Conference Publications

PB - Institution of Engineering and Technology

T2 - 2014 Communications Security Conference, CSC 2014

Y2 - 22 May 2014 through 24 May 2014

ER -

Fuzz testing data generation for network protocol using classification tree

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this