Proposals for Universal Protocol Fuzzer Construction

The article studies the problem of ensuring information security in the field of telecommunications using the phasing method. The analysis of modern software products designed for testing by the fuzzing method is carried out, their disadvantages are revealed, and an approach to the creation of a universal mutation protocol fuzzer is proposed. The method of test data formation allows to automate the process of searching for vulnerabilities in telecommunication protocols and pro-software. Its novelty lies in the formation of test constructs on the basis of parameters of fields of telecommunication protocols. The proposed fuzzy solution allows to form an attack vector on the basis of known parameters presented in the threat database, as well as to modify these attack vectors.

1. Devyanin P.N., Telezhnikov V.Yu., Khoroshilov A.V. Formation of methodology of safe system software development on the example of operating systems. Proceedings of ISP RAS. 2021;33(5):25−40.

2. Varenitsa V.V., Markov A.S., Savchenko V.V. Practical aspects of vulnerability detection during certification testing of information protection software. Voprosy Kiberbezopasnosti. 2021;5(45):36−44.

3. Maneev A.O., Spivak A.I. Stochastic Software Testing for Vulnerability Analysis. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, Mechanics and Optics. 2021;21(6):895−902.

4. Kozachok A.V., Kozachok V.I., Osipova N.S., Ponomarev D.V. Overview оf Studies оn the Application of Machine Learning Methods to Improve the Efficiency of Fusing Testing. Proceedings of Voronezh State University. Series: Systems Analysis and Information Technologies. 2021;4:83−106.

5. Sutton M., Amini P., Green A. Fuzzing: vulnerability research by brute force method. Translated from English. Moscow: Symbol-Plus Publ.; 2017. 554 p.

6. Gascon H., Wressnegger C., Yamaguchi F., Arp D., Rieck K. PULSAR: Stateful Black-Box Fuzzing of Proprietary Network Protocols. Proceedings of the 11th International Conference on Security and Privacy in Communication Networks, SecureComm, 26‒29 October 2015, Dallas, USA. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol.164. Cham: Springer; 2015. p.330–347. DOI:10.1007/978-3-319-28865-9_18

7. Sharkov I.V., Padarian V.A., Henkin P.V. Eatures of Fuzzing Network Interfaces Without Source Codes. Proceedings of ISP RAS. 2021;33(4):211–226.