Title :
Effective Fault Injection Model for Variant Network Traffic
Author :
Kim, TaeGhyoon ; Cheong, SungMoon ; Lee, Dohoon
Author_Institution :
Electron. & Telecommun. Res. Inst.(ETRI), Daejeon
Abstract :
As cyber attacks by the malicious users are increased with vulnerabilities in software, fuzz testing is emerging as an effective way to find out a security bug. Fuzz testing is mainly used in verifying the robustness of software by injecting the random or semi-valid data to areas such as network port, API and user interface. In fuzz testing of network software, the repeated transmission of packet is necessary and all network fuzz tools are depending on the recording scheme of packets for it. The characteristic causes a big overhead in the situation that network traffic is variant in doing the same task. This paper identifies four disadvantages of the general network fuzzer with the packet recording and replaying scheme. Their most expensive cost is to code a routine to handle the variant traffic of each same upcoming communication. By proposing fuzz model to inject the fault into the packet at the real-time, we address the weakness in the existing network fuzz tools. Last, we experiment the implemented tool, named RINF, against Windows RPC based service, and show that it works effectively comparing with the exiting.
Keywords :
computer crime; program debugging; program testing; software fault tolerance; telecommunication traffic; API; RINF tool; cyber attack; fault injection; fuzz testing; malicious user; network fuzz tool; network port; network software; security bug; user interface; variant network traffic; Application software; Computer bugs; Data security; Electronic equipment testing; Network servers; Protocols; Software testing; Software tools; Telecommunication traffic; Traffic control;
Conference_Titel :
Convergence Information Technology, 2007. International Conference on
Conference_Location :
Gyeongju
Print_ISBN :
0-7695-3038-9
DOI :
10.1109/ICCIT.2007.72
