For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Research and Evaluation of Bionics Shape Design Based on Cases
p.621
Reliability Estimates of Burr XII Components Using Masked Data under Progressive Type-II Censoring
p.626
The Design of Solar Water Heating Remote Monitoring System Based on GSM Technology
p.633
A Study on the Intelligent Bladder Irrigation Technology
p.638
Improve Peach: Making Network Protocol Fuzz Testing more Precisely
p.642
On Two First Order Reliability Methods for Computing the Non-Probabilistic Reliability Index
p.648
Study on Optimization of Signal Transmission Technology Based on Layered Source with Superposition Coding
p.653
Research and Application of the Key Technologies of Open-Architecture Auxiliary Systems for Monitoring the Operation and Maintenance of the Information System
p.658
Design and Implementation of Online Shopping System Based on J2EE
p.665

Improve Peach: Making Network Protocol Fuzz Testing more Precisely

Article Preview

Abstract:

Peach is an indispensable tool for network security experts, but, it is not perfect in the coarse controlling granularity. This paper analyzes the core code of Peach and makes improvements of Peach in three aspects: 1) applying different Mutators to test different fields in PDU; 2) starting a fuzz test at any test case according to a config.xml file; 3) executing the specified number of test cases in each test. These contributions make fuzz testing like software debugging, and locate a network protocol implementation's bug triggered by which test case more precisely with less time and less test cases than ever before. This paper also adds a replaying test scenario to Peach based on our contributions. Experimental results demonstrate that the features this paper improved to Peach could save lots of time with lower costs when applying Peach to test protocol implementations.

You might also be interested in these eBooks
Design, Manufacturing and Mechatronics View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volume 551)

Pages:

642-647

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.551.642

Citation:

Cite this paper

Online since:

May 2014

Authors:

Hua Zhang, Zhao Zhang*, Wen Tang

Keywords:

Discover 0day Vulnerabilities, Fuzz Test, Locate Bugs Precisely, Peach Fuzzer, Software Robust Test

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] B. P. Miller, L. Fredriksen and B. So, An empirical study of the reliability of unix utilities, Communications of the ACM. 33(1990) 32-44.

DOI: 10.1145/96267.96279

Google Scholar

[2] J. Antunes, N. Neves, M. Correia, P. Verssimo, and R. Neves, Vulnerability discovery with attack injection, IEEE Transaction on Software Engineering. 36(2010) 357-370.

DOI: 10.1109/tse.2009.91

Google Scholar

[3] W. M. Li, A. F. Zhang, J. C. Liu, and Z. T. Li, An automatic network protocol fuzz testing and vulnerability discovering method. Chinese Journal of Computers. 34(2011) 242-255.

DOI: 10.3724/sp.j.1016.2011.00242

Google Scholar

[4] A. F. Sui, W. Tang, J.J. Hu, M. Z. Li, An effective fuzz input generation method for protocol testing. The 13th International Conference on Communication Technology. (2011) 728-731.

DOI: 10.1109/icct.2011.6157972

Google Scholar

[5] Z. Zhang, Q. Y. Wen, W. Tang, An efficient mutation-based fuzz testing approach for detecting flaws of network protocol. The 2nd International Conference on Computer Science and Service System. (2012) 814-817.

DOI: 10.1109/csss.2012.208

Google Scholar

[6] X. Han, Q. Y. Wen, Z. Zhang, A mutation-based fuzz testing approach for network protocol vulnerability detection. The 2nd International Conference on Computer Science and Network Technology. (2012) 1018-1022.

DOI: 10.1109/iccsnt.2012.6526099

Google Scholar

[7] G. Evron, N. Rathaus, R. Fly, etc. Open source fuzzing tools. (2007).

DOI: 10.1016/b978-159749195-2.00004-8

Google Scholar

[8] Scapy. http: /www. secdev. org/projects/scapy.

Google Scholar

[9] Rational AppScan family. http: /www-01. ibm. com/software/awd tools /appscan.

Google Scholar

[10] Nessus Vulnerability Scanner. http: /www. tenable. com/products/nessus.

Google Scholar

[11] A. Dave, MSRFC fuzzing with spike 2006. Technology Report, Immunity Inc, (2006).

Google Scholar

[12] The Peach Project. http: /peachfuzzer. com/, (2013).

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.