TY - GEN
T1 - Fuzz testing data generation for network protocol using classification tree
AU - Ma, Rui
AU - Ji, Wendong
AU - Hu, Changzhen
AU - Shan, Chun
AU - Peng, Wu
PY - 2014
Y1 - 2014
N2 - Aiming at the test data generation, which is one of the key issues in the network protocol fuzzing, this paper presents a new method on the basis of classification tree and heuristic operator. The method firstly builds up a protocol classification tree divided into 4 layers: target network protocol, protocol fields, attributes belonging to all fields, and attribute values. In order to reduce the scale of fuzz testing data, heuristic operators are defined to remove useless items from value sets of attributes. And then the test data for each protocol field was obtained by doing Cartesian product between value sets of attributes. The fuzz testing data for target network protocol is finally generated by replacing the corresponding field in the protocol with its fuzzing data one by one. Experimental results indicate that our method could successfully detect vulnerabilities, while dramatically reduce the number of test data and highly improve the quality of test data.
AB - Aiming at the test data generation, which is one of the key issues in the network protocol fuzzing, this paper presents a new method on the basis of classification tree and heuristic operator. The method firstly builds up a protocol classification tree divided into 4 layers: target network protocol, protocol fields, attributes belonging to all fields, and attribute values. In order to reduce the scale of fuzz testing data, heuristic operators are defined to remove useless items from value sets of attributes. And then the test data for each protocol field was obtained by doing Cartesian product between value sets of attributes. The fuzz testing data for target network protocol is finally generated by replacing the corresponding field in the protocol with its fuzzing data one by one. Experimental results indicate that our method could successfully detect vulnerabilities, while dramatically reduce the number of test data and highly improve the quality of test data.
KW - Classification tree
KW - Heuristic operator
KW - Network protocol fuzzing
KW - Test data generation
UR - http://www.scopus.com/inward/record.url?scp=84912140151&partnerID=8YFLogxK
U2 - 10.1049/cp.2014.0748
DO - 10.1049/cp.2014.0748
M3 - Conference contribution
AN - SCOPUS:84912140151
SN - 9781849198448
T3 - IET Conference Publications
BT - IET Conference Publications
PB - Institution of Engineering and Technology
T2 - 2014 Communications Security Conference, CSC 2014
Y2 - 22 May 2014 through 24 May 2014
ER -