Research on the Method of Network Protocol Security Evaluation Based on Fuzzing Test

doi:10.3969/j.issn.1671-1122.2017.03.010

Abstract

Abstract:

Security vulnerability is the lifeline of the study of security issues, and it is the core issue of network and information security. Security vulnerabilities caused by information leakage, loss of money and other issues become more serious. How to find loopholes, repair vulnerabilities, strengthen defense and other issues becomes a hot area of security research. This paper uses network vulnerability scanning device to scanning the network protocol, and then reverse analysis of the abnormal situation to find the vulnerability. This paper proposes a security evaluation mechanism to assess the safety of network protocol. Finally, this paper gets the score of security protocol. Through the study of this paper, the safety factor of safety hidden danger can be reflected by the total safety factor, and the accurate evaluation of the real security performance of the network equipment can be realized. According to the total safety factor of the network equipment, the equipment safety is divided into high, medium and low. Through the security level of the equipment used in different network environment, it can greatly reduce the occurrence of network security incidents. It has great significance to protect the network security.

Key words: network security, fuzzing test, network protocol, security score

CLC Number:

TP309

Jian QI, Xiaoming CHEN, Weiqing YOU. Research on the Method of Network Protocol Security Evaluation Based on Fuzzing Test[J]. Netinfo Security, 2017, 17(3): 59-65.

Figures/Tables 16

References 20

[1]	吴晓平,周舟,李洪成. Spark框架下基于无指导学习环境的网络流量异常检测研究与实现[J]. 信息网络安全,2016(6):1-7.
[2]	SHIREY R. RFC 2828: Internet Security Glossary[EB/OL]. , 2014-7-14.
[3]	韦鲲鹏,葛志辉,杨波 . PHP Web应用程序上传漏洞的攻防研究[J]. 信息网络安全,2015(10):53-60.
[4]	唐有斌. 基于漏洞攻击技术的路由器攻击研究与实现[D]. 成都:电子科技大学,2010.
[5]	LAI Y P, HSIA P L.Using the Vulnerability Information of Computer Systems to Improve the Network Security[J]. Computer Communications, 2007, 30(9): 2032-2047.
[6]	HOUMB S H, FRANQUEIRA V N L, ENGUM E A. Quantifying Security Risk Level from CVSS Estimates of Frequency and Impact[J].Journal of Systems and Software, 2010, 83(9): 1622-1634.
[7]	王秋艳,张玉清. 一种通用漏洞评级方法[J]. 计算机工程,2008,34(19):133-136.
[8]	LIU Qixu, ZHANG Yuqing.VRSS: A New System for Rating and Scoring Vulnerabilities[J]. Computer Communication, 2011, 34(3): 264-273.
[9]	李鑫,李京春,郑雪峰,等. 一种基于层次分析法的信息系统漏洞量化评估方法[J]. 计算机科学,2012,39(7):58-63.
[10]	肖云,彭进业,王选宏. 基于属性综合评价系统的漏洞静态严重性评估[J].计算机应用,2010,30(8):2139-2150.
[11]	MILLER B. Computer Sciences Department University Of Wisconsin-madison[EB/OL]. , 2014-8-8.
[12]	郭亮,罗森林,潘丽敏. 编码函数交叉定位网络协议测试数据生成方法研究[J]. 信息网络安全,2016(3):8-14.
[13]	黎学斌,范九伦,刘意先. 基于AHP和CVSS的信息系统漏洞评估[J]. 西安邮电大学学报,2016,21(1):42-46.
[14]	王如义. 基于关联分析的漏洞检测和安全评估技术研究[D]. 西安:西北大学,2012.
[15]	李鑫,李京春,郑雪峰,等. 一种基于层次分析法的信息系统漏洞量化评估方法[J]. 计算机科学,2012,39(7):58-63.
[16]	史国振,张萌,付鹏,等. IDS设备检测工具的设计与实现[J]. 信息网络安全,2016(5):23-29.
[17]	刘奇旭,张玉清. 基于fuzzing的TFTP漏洞挖掘技术[J]. 计算机工程,2007,33(20):148-153.
[18]	王志强. 基于模糊测试的漏洞挖掘及相关攻防技术研究[D]. 西安:西安电子科技大学,2015.
[19]	薛丽敏,李忠,蓝湾湾. 基于在线学习RBFNN的网络安全态势预测技术研究[J]. 信息网络安全,2016(4):23-30.
[20]	MELL P, SCARFONE K, ROMANOSKY S. A Complete Guide to the Common Vulnerability Scoring System Version 2.0[EB/OL]. , 2016-11-20.