Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2015, Vol. 38 ›› Issue (4): 10-14.doi: 10.13190/j.jbupt.2015.04.003

• Papers • Previous Articles     Next Articles

An Efficient Fuzzing Test Method for SIP Servers

WANG Yu-long1,2, JIN Guo-dong1, WANG Yu-jiao1   

  1. 1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China;
    2. Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, Shijiazhuang 050081, China
  • Received:2014-11-24 Online:2015-08-28 Published:2015-07-03

Abstract:

An efficient fuzzing test method for session initiation protocol (SIP) servers was proposed, compared to the conventional method, the generated number of malformed SIP messages was reduced, good attacking result was produced. It establishes mappings between dangerous library functions and interfaces of the SIP server through static source code analysis. It also obtains a set of malformed SIP messages targeting those dangerous functions. Finally, it optimizes the set of malformed SIP messages by analyzing its attack effects and generating better messages through inheritance and mutation operations, and obtains the set of messages having the most notable attack effects. Experiments are carried out to verify the effectiveness of the proposed method.

Key words: session initiation protocol server, security, malformed messages, fuzzing test

CLC Number: