repository
Mod-Fuzz: A Fuzz-Testing Framework for Network Protocol Implementation on File Transfer Protocol
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.advisor | Taeshik Shon | - |
| dc.contributor.author | MUNEA, TEWODROS LEGESSE | - |
| dc.date.accessioned | 2018-11-08T08:18:47Z | - |
| dc.date.available | 2018-11-08T08:18:47Z | - |
| dc.date.issued | 2015-08 | - |
| dc.identifier.other | 20324 | - |
| dc.identifier.uri | https://dspace.ajou.ac.kr/handle/2018.oak/12761 | - |
| dc.description | 학위논문(석사)--아주대학교 일반대학원 :컴퓨터공학과,2015. 8 | - |
| dc.description.tableofcontents | TABLE OF CONTENTS 1. Introduction 1 2. Background and related works 5 2.1. FTP 5 2.2. UTF-8 6 2.3. Related Works 6 3. System Model and Problem Formulation 10 3.1. System Model 10 JAVA SOCKS Server 10 Proxy Server 11 Extractor of Protocol Specifications 11 Fuzzing Functions 12 Fuzzing Engine 13 Mod-Fuzz User Interface 13 3.2. Problem Formulation in Work Flow Steps 14 4. Constructing Message Group Order (MGO) 16 4.1. Phase I 17 4.2. Phase II 19 4.3. Phase III 19 4.4. Phase IV 21 5. Simulation and Evaluation 22 5.1. File Transfer Protocol 22 5.2. Simulation Setup 23 5.3. Simulation Results 30 5.4. Mod-Fuzz Evaluation 35 6. Conclusion and Future Work 37 | - |
| dc.language.iso | eng | - |
| dc.publisher | The Graduate School, Ajou University | - |
| dc.rights | 아주대학교 논문은 저작권에 의해 보호받습니다. | - |
| dc.title | Mod-Fuzz: A Fuzz-Testing Framework for Network Protocol Implementation on File Transfer Protocol | - |
| dc.type | Thesis | - |
| dc.contributor.affiliation | 아주대학교 일반대학원 | - |
| dc.contributor.department | 일반대학원 컴퓨터공학과 | - |
| dc.date.awarded | 2015. 8 | - |
| dc.description.degree | Master | - |
| dc.identifier.localId | 705441 | - |
| dc.identifier.url | http://dcoll.ajou.ac.kr:9080/dcollection/jsp/common/DcLoOrgPer.jsp?sItemId=000000020324 | - |
| dc.subject.keyword | Fuzzing | - |
| dc.subject.keyword | Network Protocol Fuzz-Testing | - |
| dc.subject.keyword | File Transfer Protocol | - |
| dc.description.alternativeAbstract | Nowadays the most serious security problems are imperfection in the implementations of network protocols. This imperfection can bring a lot of vulnerabilities such as could allow malicious user to attack the systems remotely using the network protocols over the internet. That is why developers value software security phases involving review of code, risk analysis, testing with penetration, and Fuzzing. In case of Fuzz testing, the main aim is to find vulnerabilities in the software/application by sending inputs which are not expected to the target. Then they monitor the situation of the target. In this thesis, we propose Mod-Fuzz, a modified version of AutoFuzz [2], which is applied to test network protocol implementations. Mod-Fuzz is a network protocol fuzz testing framework, which is extendable, man-in-the-middle, smart, and mostly deterministic. Mod-Fuzz, like AutoFuzz, has the ability to learn a given protocol implementation by building a Finite State Automaton (FSA) from records of communication traces between a client and the server. Additionally, Mod-Fuzz has the ability to learn syntax of individual messages at a lower level using the techniques of bioinformatics [12]. At last, Mod-Fuzz can fuzz a given server protocol specification by changing the communication between the traces. We applied Mod-Fuzz to multiple implementations of File Transfer Protocol (FTP) server, with result of finding new and existing known vulnerabilities. | - |
- Appears in Collections:
- Graduate School of Ajou University > Department of Computer Engineering > 3. Theses(Master)
- Files in This Item:
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
-
- License
- STATISTICS
- Total Visit :3,777,725
- Total Download :1,819
- Today View :14,226
