BROWSE

Graduate School of Ajou University Department of Computer Engineering 3. Theses(Master)

Mod-Fuzz: A Fuzz-Testing Framework for Network Protocol Implementation on File Transfer Protocol

Author(s)
MUNEA, TEWODROS LEGESSE
Advisor
Taeshik Shon
Department
일반대학원 컴퓨터공학과
Publisher
The Graduate School, Ajou University
Publication Year
2015-08
Language
eng
Keyword
FuzzingNetwork Protocol Fuzz-TestingFile Transfer Protocol
Alternative Abstract
Nowadays the most serious security problems are imperfection in the implementations of network protocols. This imperfection can bring a lot of vulnerabilities such as could allow malicious user to attack the systems remotely using the network protocols over the internet. That is why developers value software security phases involving review of code, risk analysis, testing with penetration, and Fuzzing. In case of Fuzz testing, the main aim is to find vulnerabilities in the software/application by sending inputs which are not expected to the target. Then they monitor the situation of the target. In this thesis, we propose Mod-Fuzz, a modified version of AutoFuzz [2], which is applied to test network protocol implementations. Mod-Fuzz is a network protocol fuzz testing framework, which is extendable, man-in-the-middle, smart, and mostly deterministic. Mod-Fuzz, like AutoFuzz, has the ability to learn a given protocol implementation by building a Finite State Automaton (FSA) from records of communication traces between a client and the server. Additionally, Mod-Fuzz has the ability to learn syntax of individual messages at a lower level using the techniques of bioinformatics [12]. At last, Mod-Fuzz can fuzz a given server protocol specification by changing the communication between the traces. We applied Mod-Fuzz to multiple implementations of File Transfer Protocol (FTP) server, with result of finding new and existing known vulnerabilities.
URI
https://dspace.ajou.ac.kr/handle/2018.oak/12761
Fulltext

Appears in Collections:
Graduate School of Ajou University > Department of Computer Engineering > 3. Theses(Master)
Files in This Item:
There are no files associated with this item.
Export
RIS (EndNote)
XLS (Excel)
XML
Show full item record

qrcode

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

  • License
    sherpa_romeo
    sherpa_juliet
STATISTICS
Total Visit :3,776,387
Total Download :1,819
Today View :12,888

AJOU

AJOU Central Library Repository는 국립중앙도서관 OAK 보급사업으로 구축되었습니다.

Browse

OAK Portal LOGIN