信息网络安全 ›› 2017, Vol. 17 ›› Issue (3): 59-65.doi: 10.3969/j.issn.1671-1122.2017.03.010

• • 上一篇    下一篇

基于fuzzing测试的网络协议安全评估方法研究

齐健(), 陈小明, 游伟青   

  1. 北京电子科技学院,北京 100070
  • 收稿日期:2016-12-30 出版日期:2017-03-20 发布日期:2020-05-12
  • 作者简介:

    作者简介:齐健(1992—),男,安徽,硕士研究生,主要研究方向为信息安全与密码应用;陈小明(1964—),男,湖南,教授,博士,主要研究方向为密码学与信息安全;游伟青(1994—),男,安徽,硕士研究生,主要研究方向为密码算法分析。

  • 基金资助:
    国家重点研发计划[SQ2016YFGX110124]

Research on the Method of Network Protocol Security Evaluation Based on Fuzzing Test

Jian QI(), Xiaoming CHEN, Weiqing YOU   

  1. Beijing Electronic Science & Technology Institute, Beijing 100070, China
  • Received:2016-12-30 Online:2017-03-20 Published:2020-05-12

摘要:

安全漏洞是网络和信息安全的核心问题。安全漏洞导致的信息泄露等问题越来越严重,如何发现漏洞、修复漏洞、加强防御等成为安全研究的热点话题。文章利用fuzzing测试技术对网络设备支持的协议进行漏洞扫描,然后对扫描到的异常case进行逆向分析从而发现漏洞,并针对漏洞扫描和逆向分析的结果提出一种安全评估机制,对网络协议进行安全性评估,最终得到协议安全性评分。通过文章的研究,可以将存在安全隐患的安全要素通过总安全系数体现出来,实现了对网络设备的真实安全性能的准确评估。使用者根据网络设备的总安全系数将设备安全分为高、中、低3个等级。通过设备安全性的等级将设备使用在不同的网络环境当中,从而在很大程度上降低了网络安全事件发生的概率,对保障网络安全具有重大的意义。

关键词: 网络安全, fuzzing测试, 网络协议, 安全性评分

Abstract:

Security vulnerability is the lifeline of the study of security issues, and it is the core issue of network and information security. Security vulnerabilities caused by information leakage, loss of money and other issues become more serious. How to find loopholes, repair vulnerabilities, strengthen defense and other issues becomes a hot area of security research. This paper uses network vulnerability scanning device to scanning the network protocol, and then reverse analysis of the abnormal situation to find the vulnerability. This paper proposes a security evaluation mechanism to assess the safety of network protocol. Finally, this paper gets the score of security protocol. Through the study of this paper, the safety factor of safety hidden danger can be reflected by the total safety factor, and the accurate evaluation of the real security performance of the network equipment can be realized. According to the total safety factor of the network equipment, the equipment safety is divided into high, medium and low. Through the security level of the equipment used in different network environment, it can greatly reduce the occurrence of network security incidents. It has great significance to protect the network security.

Key words: network security, fuzzing test, network protocol, security score

中图分类号: