本文選題：網(wǎng)絡(luò)安全 + 模糊測試��； 參考：《北京郵電大學(xué)》2014年碩士論文

【摘要】：信息時代的全面到來,使得計算機(jī)網(wǎng)絡(luò)已經(jīng)成為人們?nèi)粘Ｉ钪袠O為重要的組成部分,其便利性自然不言而喻。然而因?yàn)槠浔旧淼陌踩珕栴}所帶來的風(fēng)險也與日俱增。在網(wǎng)絡(luò)協(xié)議中,許多協(xié)議標(biāo)準(zhǔn)制定時并未考慮到網(wǎng)絡(luò)安全問題。近年來,隨著協(xié)議漏洞帶來的問題日益嚴(yán)重,協(xié)議漏洞挖掘也越來越凸顯其重要的地位。模糊測試技術(shù)是協(xié)議漏洞挖掘領(lǐng)域的焦點(diǎn)。Peachfuzz在各種模糊測試工具中有著可靠性高,通用性強(qiáng),智能易用等特點(diǎn),在協(xié)議漏洞挖掘中的出色表現(xiàn)已經(jīng)受到了越來越多的關(guān)注。然而,Peachfuzz模糊測試平臺仍然存在著界面不夠友好易用,變體樣本不易擴(kuò)展且測試用例不能抽樣選取等缺陷。 針對上述問題,對Peachfuzz平臺的易用性和擴(kuò)展性進(jìn)行研究,取得如下成果： 1.為用戶提供友好的協(xié)議狀態(tài)機(jī)建模平臺,實(shí)現(xiàn)所見即所得的效果,即協(xié)議狀態(tài)機(jī)的模型能通過拖拽的方式直觀方便的建立,將用戶創(chuàng)建的圖形模型轉(zhuǎn)換為內(nèi)部定義的文件格式,進(jìn)而轉(zhuǎn)換為Peachfuzz內(nèi)部的PitFile文件。協(xié)議專家就可以關(guān)注于協(xié)議本身而不是繁瑣的PitFile語法上。 2.為用戶提供變體樣本功能擴(kuò)展平臺,使得用戶可以自由擴(kuò)展Peachfuzz的變體樣本集合,并且可以自動添加到Peachfuzz中進(jìn)行使用,增強(qiáng)了Peachfuzz的擴(kuò)展性；使得用戶可以根據(jù)不同的測試需要設(shè)定三種不同層級的測試用例抽樣比例,并且可以自動的適用到Peachfuzz中,提高了Peachfuzz測試的速度。
[Abstract]:With the coming of the information age, the computer network has become a very important part of people's daily life, and its convenience is self-evident. But the risks posed by their own security problems are growing. In network protocols, many protocol standards do not take network security into account. In recent years, with the increasingly serious problems caused by protocol vulnerabilities, protocol vulnerability mining has become more and more important. Fuzzy testing technology is the focus in the field of protocol vulnerability mining. Peachfuzz has the characteristics of high reliability, high universality, intelligence and easy to use in various fuzzy testing tools, and its outstanding performance in protocol vulnerability mining has been paid more and more attention. However, the fuzzy test platform of Peachfuzz still has some shortcomings, such as the interface is not friendly enough to use, the variant sample is not easy to expand and the test case can not be selected. Aiming at the above problems, the usability and extensibility of Peachfuzz platform are studied, and the results are as follows: 1. It provides a friendly protocol state machine modeling platform for users to realize the effect of "what you see is what you get", that is, the model of protocol state machine can be built intuitively and conveniently by dragging and dropping, and the graphical model created by the user can be converted into the file format defined by the internal definition. In turn, it is converted to the PitFile file inside Peachfuzz. Protocol experts can focus on the protocol itself rather than on the tedious PitFile syntax. 2. The extension platform of variant sample function is provided for users, which enables users to extend the set of variant samples of Peachfuzz freely, and can be automatically added to Peachfuzz for use, which enhances the extensibility of Peachfuzz. It enables users to set three different levels of test case sampling ratios according to different test needs, and can be automatically applied to Peachfuzz, which improves the speed of Peachfuzz testing.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前7條

1 陸維明;;Petri網(wǎng)與DNA計算[J];計算機(jī)科學(xué);1998年01期

2 唐彰國;鐘明全;李煥洲;張健;;基于Fuzzing的文件格式漏洞挖掘技術(shù)[J];計算機(jī)工程;2010年16期

3 李偉明;張愛芳;劉建財;李之棠;;網(wǎng)絡(luò)協(xié)議的自動化模糊測試漏洞挖掘方法[J];計算機(jī)學(xué)報;2011年02期

4 任春鈺;舒輝;瞿進(jìn);;一種改進(jìn)的針對復(fù)合文檔的Fuzz測試技術(shù)[J];計算機(jī)應(yīng)用;2008年02期

5 吳志勇;王紅川;孫樂昌;潘祖烈;劉京菊;;Fuzzing技術(shù)綜述[J];計算機(jī)應(yīng)用研究;2010年03期

6 陳虹;;軟件測試方法研究[J];軟件導(dǎo)刊;2013年04期

7 李偉明;;計算機(jī)網(wǎng)絡(luò)應(yīng)用與信息安全的研究[J];無線互聯(lián)科技;2012年02期

，

本文編號：1971257