[go: up one dir, main page]

CN107517199A - A kind of method for generating test case and system for being used for 376.1 protocol security defects detections - Google Patents

A kind of method for generating test case and system for being used for 376.1 protocol security defects detections Download PDF

Info

Publication number
CN107517199A
CN107517199A CN201710576281.9A CN201710576281A CN107517199A CN 107517199 A CN107517199 A CN 107517199A CN 201710576281 A CN201710576281 A CN 201710576281A CN 107517199 A CN107517199 A CN 107517199A
Authority
CN
China
Prior art keywords
protocol
attribute
variable
domain
filed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710576281.9A
Other languages
Chinese (zh)
Inventor
梁晓兵
翟峰
赵兵
许斌
刘鹰
吕英杰
岑炜
付义伦
李保丰
曹永峰
张庚
孔令达
徐萌
冯云
袁泉
冯占成
杨全萍
任博
周琪
徐文静
卢艳
韩文博
李丽丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electric Power Research Institute Co Ltd CEPRI
State Grid Corp of China SGCC
Original Assignee
China Electric Power Research Institute Co Ltd CEPRI
State Grid Corp of China SGCC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electric Power Research Institute Co Ltd CEPRI, State Grid Corp of China SGCC filed Critical China Electric Power Research Institute Co Ltd CEPRI
Priority to CN201710576281.9A priority Critical patent/CN107517199A/en
Publication of CN107517199A publication Critical patent/CN107517199A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/26Special purpose or proprietary protocols or architectures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Maintenance And Management Of Digital Transmission (AREA)

Abstract

本发明公开了一种用于376.1协议安全缺陷检测的测试用例生成方法:将376.1协议抽象成网络协议分类树,包括五元组PT<测试的目标网络协议P,目标网络协议的协议域F,协议域互不相交的属性A,协议域的属性值V,协议分类树中父节点和子节点之间的关系R>;对F进行分析,确定可变协议域,以及可变协议域的属性和属性对应的属性值;利用变异属性值生成可变协议域的测试数据集合;将对测试数据集合中的每个变异属性值进行替换,获取变异属性值替换后的可变协议域合法报文测试用例集合;根据可变协议域的属性进行畸形数据填充,生成非法报文测试用例集合;组合合法报文测试用例集合与非法报文测试用例集合,生成376.1协议规范的测试用例集合。

The invention discloses a test case generation method for 376.1 protocol safety defect detection: the 376.1 protocol is abstracted into a network protocol classification tree, including the five-tuple PT<test target network protocol P, protocol field F of the target network protocol, The disjoint attribute A of the protocol domain, the attribute value V of the protocol domain, the relationship R> between the parent node and the child node in the protocol classification tree; analyze F to determine the variable protocol domain, and the attributes and values of the variable protocol domain The attribute value corresponding to the attribute; use the mutated attribute value to generate the test data set of the variable protocol field; replace each mutated attribute value in the test data set, and obtain the legal packet test of the variable protocol field after the mutated attribute value is replaced Use case collection; fill in malformed data according to the attributes of the variable protocol field to generate a collection of illegal message test cases; combine the collection of legal message test cases and the collection of illegal message test cases to generate a set of test cases for 376.1 protocol specifications.

Description

一种用于376.1协议安全缺陷检测的测试用例生成方法及 系统A test case generation method for 376.1 protocol security defect detection and system

技术领域technical field

本发明涉及信息安全技术领域,更具体地,涉及一种用于376.1协议安全缺陷检测的测试用例生成方法及系统。The present invention relates to the technical field of information security, and more specifically, relates to a test case generation method and system for 376.1 protocol security defect detection.

背景技术Background technique

用电信息采集系统是对电力用户的用电信息进行采集、处理和实时监控的系统,实现用电信息的自动采集、计量异常和电能质量监测、用电分析和管理,具备相关信息发布、分布式能源监控、智能用电设备的信息交互等功能。用电信息采集系统信息集成度、融合度高,系统依赖性强,业务系统之间、业务系统与外界用户之间实时交互频繁,系统接入的终端数量庞大、类型多样,在完成自身业务的同时还承担着为其他系统提供数据的支撑作用,其作用越来越重要。The power consumption information collection system is a system that collects, processes and monitors power consumption information of power users in real time. Smart energy monitoring, information interaction of smart electrical equipment and other functions. The electricity consumption information collection system has a high degree of information integration and integration, strong system dependence, frequent real-time interactions between business systems, business systems and external users, and a large number and variety of terminals connected to the system. At the same time, it also undertakes the supporting role of providing data for other systems, and its role is becoming more and more important.

由于用电信息采集系统工作环境日趋复杂,接入方式和接入环境复杂、并发量大,来自内外网的信息安全威胁也比较多,黑客等违法人员可利用电信息采集系统及软件中的各类安全漏洞对用采系统进行渗透攻击,通过木马、病毒、恶意代码等控制系统主站。2015年末,乌克兰电网发生世界首例因遭受黑客攻击而造成的大规模停电事故,黑客利用电力系统存在的安全漏洞植入恶意代码进行网络攻击并破坏部分变电站的控制系统,造成大面积停电,电力中断数小时,约140万人受到影响。随后2016年以色列电网也遭受到大规模网络攻击,频繁的电网安全事件表明针对工业控制系统漏洞的攻击呈现有组织、攻击手段多样的趋势。通过分析此类安全事件,黑客攻击手段多样、入侵手段隐蔽是一方面原因,但本质是电力系统存在安全漏洞,被攻击人员发现并加以利用。非法人员通过系统漏洞,控制系统主站后可进一步从事破坏工作,如删除重要信息、破坏主站服务器、下发非法指令等,可造成系统瘫痪、大范围停电等重大安全事件。同时,用电信息采集系统采集、传输、存储、处理和使用涉及的信息具有较高的保密性,信息非法使用和泄漏将可能给国家安全、社会经济和电网运行带来较大威胁。因此,在目前信息安全形式严峻,网络攻击手段复杂多样的情况下,如何对用电信息采集系统潜在的安全缺陷进行检测,从主站、终端、通信协议等环节进行漏洞挖掘,评价成为目前急需解决的问题。As the working environment of the electricity information collection system is becoming more and more complex, the access methods and environment are complicated, and the amount of concurrency is large, there are also many information security threats from internal and external networks. This type of security vulnerability is used to infiltrate and attack the mining system, and the main station of the system is controlled through Trojan horses, viruses, malicious codes, etc. At the end of 2015, the Ukrainian power grid suffered the world's first large-scale power outage caused by hacker attacks. Hackers used the security holes in the power system to implant malicious codes to carry out network attacks and destroy the control systems of some substations, causing large-scale power outages. Some 1.4 million people were affected by the disruption for several hours. Then in 2016, Israel’s power grid also suffered from large-scale cyber attacks. Frequent power grid security incidents show that attacks on industrial control system vulnerabilities show a trend of organized and diverse attack methods. Through the analysis of such security incidents, the various hacking methods and concealed intrusion methods are one reason, but the essence is that there are security loopholes in the power system, which are discovered and exploited by attackers. Illegal personnel can further engage in sabotage work after controlling the main station of the system through system loopholes, such as deleting important information, destroying the server of the main station, issuing illegal instructions, etc., which can cause system paralysis, large-scale power outages and other major security incidents. At the same time, the information involved in the collection, transmission, storage, processing and use of the electricity consumption information collection system has high confidentiality, and the illegal use and leakage of information may bring greater threats to national security, social economy and power grid operation. Therefore, in the current situation of severe information security and complex and diverse network attack methods, how to detect potential security flaws in the power consumption information collection system, and conduct vulnerability mining from the main station, terminal, communication protocol, etc., has become an urgent need for evaluation. solved problem.

因此,需要一种技术,以解决涉及一种用于376.1协议安全缺陷检测的测试用例生成的问题。Therefore, a technique is needed to solve the problem related to the generation of test cases for 376.1 protocol security defect detection.

发明内容Contents of the invention

本申请提供了一种用于376.1协议安全缺陷检测的测试用例生成方法及方法,以解决如果生成用于376.1协议安全缺陷检测的测试用例的问题。The application provides a test case generation method and method for 376.1 protocol security defect detection to solve the problem of how to generate test cases for 376.1 protocol security defect detection.

为了解决上述问题,本发明提供了一种用于376.1协议安全缺陷检测的测试用例生成方法,所述方法包括:In order to solve the above problems, the present invention provides a method for generating test cases for 376.1 protocol security defect detection, the method comprising:

根据所述376.1协议规范将所述376.1协议抽象成网络协议分类树,所述协议分类树包括五元组PT<测试的目标网络协议P,目标网络协议的协议域F,协议域互不相交的属性A,协议域的属性值V,协议分类树中父节点和子节点之间的关系R>;According to the 376.1 protocol specification, the 376.1 protocol is abstracted into a network protocol classification tree, and the protocol classification tree includes the five-tuple PT<the target network protocol P of the test, the protocol field F of the target network protocol, and the protocol fields that are mutually disjoint Attribute A, the attribute value V of the protocol domain, the relationship R> between the parent node and the child node in the protocol classification tree;

对所述目标网络协议的协议域F进行分析,确定可变协议域,以及所述可变协议域的属性和与所述可变协议域的属性对应的属性值;Analyzing the protocol domain F of the target network protocol, determining a variable protocol domain, attributes of the variable protocol domain, and attribute values corresponding to the attributes of the variable protocol domain;

将所述可变协议域中各属性的属性值进行组合运算,获取所述可变协议中各属性的变异属性值,利用所述变异属性值生成所述可变协议域的测试数据集合;Combining the attribute values of each attribute in the variable protocol domain to obtain the mutated attribute value of each attribute in the variable protocol, and using the mutated attribute value to generate a test data set for the variable protocol domain;

利用所述变异属性值替换协议序组中所述测试数据集合对应的可变协议域,将对所述测试数据集合中的每个所述变异属性值进行替换,获取所述变异属性值替换后的所述可变协议域合法报文测试用例集合;Using the mutated attribute value to replace the variable protocol field corresponding to the test data set in the protocol sequence, each of the mutated attribute values in the test data set is replaced, and the mutated attribute value is obtained after replacement The legal packet test case set of the variable protocol domain;

根据设定的畸形报文生成原则,对于所述376.1协议报文中存在限值限制的可变协议域,根据所述可变协议域的属性进行畸形数据填充,生成非法报文测试用例集合;According to the set malformed message generation principle, for the variable protocol field with limit value in the 376.1 protocol message, fill the malformed data according to the attribute of the variable protocol field to generate an illegal message test case set;

组合所述合法报文测试用例集合与所述非法报文测试用例集合,生成所述376.1协议规范的测试用例集合。Combining the legal packet test case set and the illegal packet test case set to generate the 376.1 protocol specification test case set.

优选地,所述目标网络协议的协议域集合 F={filed1,filed2,filed3…filedn},所述目标协议包括n元序组 <filed1,filed2,filed3…filedn>。Preferably, the set of protocol domains F={filed 1 , filed 2 , filed 3 ...filed n } of the target network protocol, the target protocol includes n-tuples <filed 1 , filed 2 , filed 3 ...filed n > .

优选地,确定协议域fieldi的属性集合其中每个属性 attributeij分别在离散的属性值集合Vij中取值(1≤i≤n,1≤j≤mi)。Preferably, determine the attribute set of the protocol domain field i Each attribute attribute ij takes a value (1≤i≤n, 1≤j≤m i ) in a discrete attribute value set V ij respectively.

优选地,对每个协议域fieldi不同属性值进行相互组合,得到面向该协议域的测试数据集合 Preferably, the different attribute values of each protocol domain field i are combined to obtain a test data set for the protocol domain

优选地,依次从面向协议域fieldi的测试数据集合Si中取值,对描述目标协议的n元序组<filed1,filed2,filed3…filedn>进行展开,得到面向目标网络协议的合法报文测试用例集合。Preferably, values are sequentially selected from the test data set S i oriented to the protocol domain field i , and the n-tuple sequence <filed 1 , filed 2 , filed 3 ... filed n > describing the target protocol is expanded to obtain the target-oriented network protocol A collection of legal packet test cases.

优选地,所述根据所述可变协议域的属性进行畸形数据填充,包括:Preferably, the malformed data filling according to the attribute of the variable protocol field includes:

边界值取值填充、字符串填充、强制类型转换填充、超长字符串填充。Boundary value padding, string padding, mandatory type conversion padding, super long string padding.

优选地,在所述将所述可变协议域中各属性的属性值进行组合运算之前,还包括对所述可变协议域的属性对应的属性值进行过滤。Preferably, before performing the combination operation on the attribute values of the attributes in the variable protocol domain, it further includes filtering the attribute values corresponding to the attributes of the variable protocol domain.

优选地,所述组合运算包括:将所述可变协议域中各属性的过滤后的属性值进行组合运算得到所述可变协议中各属性的变异属性值。Preferably, the combination operation includes: performing a combination operation on the filtered attribute values of each attribute in the variable protocol domain to obtain the mutated attribute value of each attribute in the variable protocol.

基于本发明的另一方面,提供一种用于376.1协议安全缺陷检测的测试用例生成系统,所述系统包括:Based on another aspect of the present invention, there is provided a test case generation system for 376.1 protocol security defect detection, the system includes:

分类单元,用于根据所述376.1协议规范将所述376.1协议抽象成网络协议分类树,所述协议分类树包括五元组PT<测试的目标网络协议P,目标网络协议的协议域F,协议域互不相交的属性A,协议域的属性值V,协议分类树中父节点和子节点之间的关系R>;A classification unit, configured to abstract the 376.1 protocol into a network protocol classification tree according to the 376.1 protocol specification, and the protocol classification tree includes the five-tuple PT<tested target network protocol P, protocol field F of the target network protocol, protocol Domain disjoint attribute A, protocol domain attribute value V, relationship between parent node and child node in the protocol classification tree R>;

分析单元,用于对所述目标网络协议的协议域F进行分析,确定可变协议域,以及所述可变协议域的属性和与所述可变协议域的属性对应的属性值;An analyzing unit, configured to analyze the protocol domain F of the target network protocol, determine the variable protocol domain, and the attributes of the variable protocol domain and the attribute values corresponding to the attributes of the variable protocol domain;

组合单元,用于将所述可变协议域中各属性的属性值进行组合运算,获取所述可变协议中各属性的变异属性值,利用所述变异属性值生成所述可变协议域的测试数据集合;A combination unit, configured to perform a combined operation on the attribute values of each attribute in the variable protocol domain, obtain the mutated attribute value of each attribute in the variable protocol, and use the mutated attribute value to generate the variable protocol domain test data set;

第一生成单元,利用所述变异属性值替换协议序组中所述测试数据集合对应的可变协议域,将对所述测试数据集合中的每个所述变异属性值进行替换,获取所述变异属性值替换后的所述可变协议域合法报文测试用例集合;The first generating unit uses the variable attribute value to replace the variable protocol field corresponding to the test data set in the protocol sequence, and replaces each of the variable attribute values in the test data set to obtain the A set of legal packet test cases in the variable protocol domain after the mutation attribute value is replaced;

第二生成单元,根据设定的畸形报文生成原则,对于所述376.1协议报文中存在限值限制的可变协议域,根据所述可变协议域的属性进行畸形数据填充,生成非法报文测试用例集合;The second generation unit, according to the set malformed message generation principle, for the variable protocol field with limit value in the 376.1 protocol message, fills the malformed data according to the attribute of the variable protocol field, and generates an illegal message Text test case collection;

第三生成单元,组合所述合法报文测试用例集合与所述非法报文测试用例集合,生成所述376.1协议规范的测试用例集合。The third generating unit is configured to combine the set of legal message test cases and the set of illegal message test cases to generate the test case set of the 376.1 protocol specification.

优选地,所述目标网络协议的协议域集合 F={filed1,filed2,filed3…filedn},所述目标协议包括n元序组 <filed1,filed2,filed3…filedn>。Preferably, the set of protocol domains F={filed 1 , filed 2 , filed 3 ...filed n } of the target network protocol, the target protocol includes n-tuples <filed 1 , filed 2 , filed 3 ...filed n > .

优选地,确定协议域fieldi的属性集合其中每个属性 attributeij分别在离散的属性值集合Vij中取值(1≤i≤n,1≤j≤mi)。Preferably, determine the attribute set of the protocol domain field i Each attribute attribute ij takes a value (1≤i≤n, 1≤j≤m i ) in a discrete attribute value set V ij respectively.

优选地,对每个协议域fieldi不同属性值进行相互组合,得到面向该协议域的测试数据集合 Preferably, the different attribute values of each protocol domain field i are combined to obtain a test data set for the protocol domain

优选地,依次从面向协议域fieldi的测试数据集合Si中取值,对描述目标协议的n元序组<filed1,filed2,filed3…filedn>进行展开,得到面向目标网络协议的合法报文测试用例集合。Preferably, values are sequentially selected from the test data set S i oriented to the protocol domain field i , and the n-tuple sequence <filed 1 , filed 2 , filed 3 ... filed n > describing the target protocol is expanded to obtain the target-oriented network protocol A collection of legal packet test cases.

优选地,所述根据所述可变协议域的属性进行畸形数据填充,包括:Preferably, the malformed data filling according to the attribute of the variable protocol field includes:

边界值取值填充、字符串填充、强制类型转换填充、超长字符串填充。Boundary value padding, string padding, mandatory type conversion padding, super long string padding.

优选地,在所述将所述可变协议域中各属性的属性值进行组合运算之前,还包括对所述可变协议域的属性对应的属性值进行过滤。Preferably, before performing the combination operation on the attribute values of the attributes in the variable protocol domain, it further includes filtering the attribute values corresponding to the attributes of the variable protocol domain.

优选地,所述组合运算包括:将所述可变协议域中各属性的过滤后的属性值进行组合运算得到所述可变协议中各属性的变异属性值。Preferably, the combination operation includes: performing a combination operation on the filtered attribute values of each attribute in the variable protocol domain to obtain the mutated attribute value of each attribute in the variable protocol.

本申请技术方案首先根据376.1协议规范将用电信息采集系统376.1 协议抽象成网络协议分类树,对抽象后的协议域进行分析,确定可变协议域。对于每个可变协议域,确定可变协议域的属性和属性值,并将该协议域中的各属性的属性值进行组合运算,得到变异属性值,利用变异属性值生成可变协议域的测试数据集合;以及利用变异属性值替换协议序组中的测试数据集合对应的可变协议域,对测试数据集合中的每个变异属性值进行替换,获取变异属性值替换后的可变协议域组合法报文测试用例集合。同时,设计合适的畸形报文生成原则,为每个可变协议域生成畸形数据值,增加非法报文测试用例集合。本申请技术方案能够针对376.1协议安全缺陷检测智能化地生成测试用例引入启发算法对属性值进行过滤,精简测试用例集合。The technical solution of the present application first abstracts the 376.1 protocol of the electricity consumption information collection system into a network protocol classification tree according to the 376.1 protocol specification, analyzes the abstracted protocol domain, and determines the variable protocol domain. For each variable protocol domain, determine the attribute and attribute value of the variable protocol domain, and combine the attribute values of each attribute in the protocol domain to obtain the variable attribute value, and use the variable attribute value to generate the variable protocol domain test data set; and replace the variable protocol field corresponding to the test data set in the protocol sequence group by using the variable attribute value, replace each variable attribute value in the test data set, and obtain the variable protocol field after the variable attribute value is replaced A collection of combined method message test cases. At the same time, design appropriate malformed message generation principles, generate malformed data values for each variable protocol field, and increase the set of illegal message test cases. The technical solution of the present application can intelligently generate test cases for 376.1 protocol security defect detection, introduce a heuristic algorithm to filter attribute values, and simplify the test case set.

附图说明Description of drawings

通过参考下面的附图,可以更为完整地理解本发明的示例性实施方式:A more complete understanding of the exemplary embodiments of the present invention can be had by referring to the following drawings:

图1为根据本发明一实施方式的一种用于376.1协议安全缺陷检测的测试用例生成方法流程图;Fig. 1 is a flow chart of a method for generating test cases for 376.1 protocol security defect detection according to an embodiment of the present invention;

图2为根据本发明一实施方式的376.1协议分类树示意图;以及2 is a schematic diagram of a 376.1 protocol classification tree according to an embodiment of the present invention; and

图3为本发明一实施方式的一种用于376.1协议安全缺陷检测的测试用例生成系统结构程图。FIG. 3 is a structural diagram of a test case generation system for 376.1 protocol security defect detection according to an embodiment of the present invention.

具体实施方式detailed description

现在参考附图介绍本发明的示例性实施方式,然而,本发明可以用许多不同的形式来实施,并且不局限于此处描述的实施例,提供这些实施例是为了详尽地且完全地公开本发明,并且向所属技术领域的技术人员充分传达本发明的范围。对于表示在附图中的示例性实施方式中的术语并不是对本发明的限定。在附图中,相同的单元/元件使用相同的附图标记。Exemplary embodiments of the present invention will now be described with reference to the drawings; however, the present invention may be embodied in many different forms and are not limited to the embodiments described herein, which are provided for the purpose of exhaustively and completely disclosing the present invention. invention and fully convey the scope of the invention to those skilled in the art. The terms used in the exemplary embodiments shown in the drawings do not limit the present invention. In the figures, the same units/elements are given the same reference numerals.

除非另有说明,此处使用的术语(包括科技术语)对所属技术领域的技术人员具有通常的理解含义。另外,可以理解的是,以通常使用的词典限定的术语,应当被理解为与其相关领域的语境具有一致的含义,而不应该被理解为理想化的或过于正式的意义。Unless otherwise specified, the terms (including scientific and technical terms) used herein have the commonly understood meanings to those skilled in the art. In addition, it can be understood that terms defined by commonly used dictionaries should be understood to have consistent meanings in the context of their related fields, and should not be understood as idealized or overly formal meanings.

图1为根据本发明一实施方式的一种用于376.1协议安全缺陷检测的测试用例生成方法流程图。本申请实施方式首先根据376.1协议规范将用电信息采集系统376.1协议抽象成网络协议分类树,对抽象后的协议域进行分析,确定可变协议域。对于每个可变协议域,确定可变协议域的属性和属性值,并将该协议域中的各属性的属性值进行组合运算,得到变异属性值,利用变异属性值生成可变协议域的测试数据集合;以及利用变异属性值替换协议序组中的测试数据集合对应的可变协议域,对测试数据集合中的每个变异属性值进行替换,获取变异属性值替换后的可变协议域组合法报文测试用例集合。同时,设计合适的畸形报文生成原则,为每个可变协议域生成畸形数据值,增加非法报文测试用例集合。本申请实施方式组合合法报文测试用例集合与所述非法报文测试用例集合,生成376.1协议规范的测试用例集合。本发明实施方式能够针对376.1协议安全缺陷检测智能化地生成测试用例,如图1所示,方法100从步骤101开始:FIG. 1 is a flowchart of a test case generation method for 376.1 protocol security defect detection according to an embodiment of the present invention. The embodiment of the present application first abstracts the 376.1 protocol of the electricity consumption information collection system into a network protocol classification tree according to the 376.1 protocol specification, analyzes the abstracted protocol domain, and determines the variable protocol domain. For each variable protocol domain, determine the attribute and attribute value of the variable protocol domain, and combine the attribute values of each attribute in the protocol domain to obtain the variable attribute value, and use the variable attribute value to generate the variable protocol domain test data set; and replace the variable protocol field corresponding to the test data set in the protocol sequence group by using the variable attribute value, replace each variable attribute value in the test data set, and obtain the variable protocol field after the variable attribute value is replaced A collection of combined method message test cases. At the same time, design appropriate malformed message generation principles, generate malformed data values for each variable protocol field, and increase the set of illegal message test cases. The embodiment of the present application combines the legal message test case set and the illegal message test case set to generate a 376.1 protocol specification test case set. The implementation of the present invention can intelligently generate test cases for 376.1 protocol security defect detection, as shown in Figure 1, the method 100 starts from step 101:

优选地,在步骤101:根据376.1协议规范将376.1协议抽象成网络协议分类树,协议分类树包括五元组PT<测试的目标网络协议P,目标网络协议的协议域F,协议域互不相交的属性A,协议域的属性值V,协议分类树中父节点和子节点之间的关系R>。协议分类树中父节点和子节点之间的关系R包括包括目标网络协议P与协议域F之间的关系、协议域F与属性A 与属性值V之间的关系等。Preferably, in step 101: the 376.1 protocol is abstracted into a network protocol classification tree according to the 376.1 protocol specification, the protocol classification tree includes the target network protocol P of the quintuple PT<test, the protocol domain F of the target network protocol, and the protocol domains are mutually disjoint The attribute A of the protocol domain, the attribute value V of the protocol domain, and the relationship R> between the parent node and the child node in the protocol classification tree. The relationship R between the parent node and the child node in the protocol classification tree includes the relationship between the target network protocol P and the protocol domain F, the relationship between the protocol domain F and the attribute A and the attribute value V, and so on.

优选地,目标网络协议的协议域集合F={filed1,filed2,filed3… filedn},目标协议包括n元序组<filed1,filed2,filed3…filedn>。Preferably, the set of protocol domains F = { filed 1 , filed 2 , filed 3 .

优选地,确定协议域fieldi的属性集合其中每个属性attributeij分别在离散的属性值集合Vij中取值(1≤i≤n,1≤j≤mi)。Preferably, determine the attribute set of the protocol domain field i Each attribute attribute ij takes a value (1≤i≤n, 1≤j≤m i ) in a discrete attribute value set V ij respectively.

图2为376.1协议抽象成网络协议分类树的示意图。f1,f2…fn为协议域,f1的属性集合为a11,a12,a13…a1m1,f2的属性集合为a21, a21,a22,a23…a2m2,fn的属性集合为an1,an2…anmn。属性a11的属性值为v1,v2…vk1m1FIG. 2 is a schematic diagram of abstracting the 376.1 protocol into a network protocol classification tree. f 1 , f 2 ...f n is the protocol domain, the attribute set of f 1 is a 11 , a 12 , a 13 ...a 1m1 , the attribute set of f 2 is a 21 , a 21 , a 22 , a 23 ...a 2m2 , the attribute set of f n is a n1 , a n2 …a nmn . The attribute values of attribute a 11 are v 1 , v 2 . . . v k1m1 .

优选地,在步骤102:对目标网络协议的协议域F进行分析,确定可变协议域,以及可变协议域的属性和与可变协议域的属性对应的属性值。如可变协议域f1对应的属性为a11,属性a11对应的属性值为v1Preferably, in step 102: analyze the protocol field F of the target network protocol, determine the variable protocol field, the attributes of the variable protocol field, and the attribute values corresponding to the attributes of the variable protocol field. For example, the attribute corresponding to the variable protocol field f 1 is a 11 , and the attribute value corresponding to the attribute a 11 is v 1 .

优选地,在步骤103:将可变协议域中各属性的属性值进行组合运算,获取可变协议中各属性的变异属性值,利用变异属性值生成可变协议域的测试数据集合。Preferably, in step 103: perform a combined operation on the attribute values of each attribute in the variable protocol domain, obtain the mutated attribute values of each attribute in the variable protocol, and use the mutated attribute values to generate a test data set for the variable protocol domain.

优选地,对每个协议域fieldi不同属性值进行相互组合,得到面向该协议域的测试数据集合 Preferably, the different attribute values of each protocol domain field i are combined to obtain a test data set for the protocol domain

优选地,在将可变协议域中各属性的属性值进行组合运算之前,还包括对可变协议域的属性对应的属性值进行过滤。Preferably, before combining the attribute values of the attributes in the variable protocol field, the method further includes filtering the attribute values corresponding to the attributes of the variable protocol field.

优选地,组合运算包括:将可变协议域中各属性的过滤后的属性值进行组合运算得到可变协议中各属性的变异属性值。Preferably, the combination operation includes: performing a combination operation on the filtered attribute values of each attribute in the variable protocol domain to obtain the mutated attribute value of each attribute in the variable protocol.

优选地,在步骤104:利用变异属性值替换协议序组中测试数据集合对应的可变协议域,将对测试数据集合中的每个变异属性值进行替换,获取变异属性值替换后的可变协议域合法报文测试用例集合。本申请对每个测试数据集合中的每个变异值,分别利用该变异值替换协议序组中所述测试数据集合对应的协议域,得到替换后的协议域序组实例,即376.1协议的合法报文测试用例集合。Preferably, in step 104: use the variable attribute value to replace the variable protocol field corresponding to the test data set in the protocol sequence, replace each variable attribute value in the test data set, and obtain the variable A collection of test cases for legitimate packets in the protocol domain. For each variation value in each test data set, this application uses the variation value to replace the protocol field corresponding to the test data set in the protocol sequence group, and obtains the replaced protocol field sequence group instance, that is, the legality of the 376.1 protocol A collection of packet test cases.

优选地,依次从面向协议域fieldi的测试数据集合Si中取值,对描述目标协议的n元序组<filed1,filed2,filed3…filedn>进行展开,得到面向目标网络协议的合法报文测试用例集合。Preferably, values are sequentially selected from the test data set S i oriented to the protocol domain field i , and the n-tuple sequence <filed 1 , filed 2 , filed 3 ... filed n > describing the target protocol is expanded to obtain the target-oriented network protocol A collection of legal packet test cases.

优选地,在步骤105:根据设定的畸形报文生成原则,对于376.1协议报文中存在限值限制的可变协议域,根据可变协议域的属性进行畸形数据填充,生成非法报文测试用例集合。Preferably, in step 105: according to the set malformed message generation principle, for the variable protocol field with limit value in the 376.1 protocol message, fill the malformed data according to the attributes of the variable protocol field, and generate an illegal message test Collection of use cases.

优选地,根据可变协议域的属性进行畸形数据填充,包括:边界值取值填充、字符串填充、强制类型转换填充、超长字符串填充。Preferably, malformed data padding is performed according to the attributes of the variable protocol domain, including: padding with boundary values, string padding, forced type conversion padding, and super-long string padding.

优选地,在步骤106:组合合法报文测试用例集合与非法报文测试用例集合,生成376.1协议规范的测试用例集合。Preferably, in step 106: combining the legal message test case set and the illegal message test case set to generate a 376.1 protocol specification test case set.

以下对本发明实施方式进行举例说明:The embodiment of the present invention is described by way of example below:

按照方法100构建376.1网络协议分类树包括的步骤如下:The steps involved in constructing a 376.1 network protocol classification tree according to method 100 are as follows:

(1)选定测试目标网络协议P,即376.1协议,并根据其规范划分得到协议域集合F={filed1,filed2,filed3…filedn},该目标协议可以用n元序组<filed1,filed2,filed3…filedn>表示。(1) Select the test target network protocol P, that is, the 376.1 protocol, and divide according to its specification to obtain the protocol domain set F={filed 1 , filed 2 ,filed 3 ...filed n }, the target protocol can use n-tuple sequence group < filed 1 , filed 2 , filed 3 ... filed n > means.

(2)针对步骤(1)中得到的每个协议的属性进行分类,得到描述协议域fieldi的属性集合 其中每个属性attributeij分别在离散的属性值集合Vij中取值(1≤i≤n,1≤j≤mi)。(2) Classify the attributes of each protocol obtained in step (1), and obtain a set of attributes describing the protocol domain field i Each attribute attribute ij takes a value (1≤i≤n, 1≤j≤m i ) in a discrete attribute value set V ij respectively.

(3)对每个协议域fieldi不同属性值进行相互组合,得到面向该协议域的测试数据集合 (3) Combine the different attribute values of each protocol domain field i to obtain the test data set for the protocol domain

(4)依次从面向协议域fieldi的测试数据集合Si中取值,对描述目标协议的n元序组<filed1,filed2,filed3…filedn>进行展开,得到面向目标网络协议的测试用例。(4) Sequentially take values from the test data set S i oriented to the protocol domain field i , expand the n-tuple sequence group <filed 1 , filed 2 , filed 3 …filed n > describing the target protocol, and obtain the target-oriented network protocol test case.

本申请方法100中,在将该协议域中的各属性的属性值进行组合运算前,还需要设计启发算法,根据启发算法对每个属性的属性值进行过滤。本申请中将该协议域中的各属性值进行组合运算包括:将该协议域中的各属性过滤后的属性值进行组合运算得到变异值。启发算法可根据协议规范获得也可利用第三方工具计算得到。In the method 100 of the present application, before the attribute value of each attribute in the protocol domain is combined and operated, a heuristic algorithm needs to be designed, and the attribute value of each attribute is filtered according to the heuristic algorithm. In the present application, performing a combination operation on each attribute value in the protocol domain includes: performing a combination operation on attribute values filtered by each attribute in the protocol domain to obtain a variation value. The heuristic algorithm can be obtained according to the protocol specification or calculated by third-party tools.

本申请方法100中,步骤105中的非法报文测试用例生成依据以下规则:对于协议376.1报文中存在取值限制的协议域,需要针对其协议域属性进行畸形数据填充,填充规则有边界值取值、字符串填充、强制类型转换、超长字符串等。In the method 100 of the present application, the generation of the illegal message test case in step 105 is based on the following rules: for the protocol fields with value restrictions in the protocol 376.1 message, malformed data needs to be filled for the protocol field attributes, and the filling rules have boundary values Value, string padding, mandatory type conversion, super long string, etc.

本申请实施方式能够针对376.1协议安全缺陷检测智能化地生成测试用例引入启发算法对属性值进行过滤,精简测试用例集合。The implementation of the present application can intelligently generate test cases for 376.1 protocol security defect detection, introduce heuristic algorithm to filter attribute values, and simplify the test case set.

本申请实施方式提出的面向376.1协议安全缺陷检测的测试用例生成方法,综合考虑满足协议规范的合法报文和非法异常报文,兼顾测试用例集合全面性的同时也针对安全缺陷检测的目标设计了非法异常报文集合。通过构建376.1网络协议分类树,对可变协议域中的各属性的属性值进行组合运算获得全面的合法报文测试用例集合。本申请通过设计畸形报文生成原则,对可变协议域进行非法数据填充获得具有针对性的非法报文测试用例集合。本申请通过构造全面合理的测试用例集合,可以高效的发掘出 376.1协议中存在的信息安全缺陷,从通信协议层面保障用电信息采集系统的安全交互和可靠运行。The test case generation method for 376.1 protocol security defect detection proposed in the implementation mode of this application comprehensively considers legal messages and illegal abnormal messages that meet the protocol specification, takes into account the comprehensiveness of the test case collection, and also designs for the goal of security defect detection A collection of illegal exception packets. By constructing the 376.1 network protocol classification tree, the attribute value of each attribute in the variable protocol field is combined to obtain a comprehensive collection of legal message test cases. This application obtains a set of targeted illegal message test cases by designing the principle of malformed message generation and filling the variable protocol field with illegal data. By constructing a comprehensive and reasonable set of test cases, this application can efficiently discover the information security flaws in the 376.1 protocol, and ensure the safe interaction and reliable operation of the power consumption information collection system from the communication protocol level.

图3为本发明一实施方式的一种用于376.1协议安全缺陷检测的测试用例生成系统结构程图。如图3所示,种用于376.1协议安全缺陷检测的测试用例生成系统300包括:FIG. 3 is a structural diagram of a test case generation system for 376.1 protocol security defect detection according to an embodiment of the present invention. As shown in Figure 3, a test case generation system 300 for 376.1 protocol security defect detection includes:

分类单元,用于根据376.1协议规范将376.1协议抽象成网络协议分类树,协议分类树包括五元组PT<测试的目标网络协议P,目标网络协议的协议域F,协议域互不相交的属性A,协议域的属性值V,协议分类树中父节点和子节点之间的关系R>。The classification unit is used to abstract the 376.1 protocol into a network protocol classification tree according to the 376.1 protocol specification. The protocol classification tree includes the five-tuple PT<test target network protocol P, the protocol domain F of the target network protocol, and the attribute that the protocol domains are mutually disjoint A, the attribute value V of the protocol domain, and the relationship R> between the parent node and the child node in the protocol classification tree.

优选地,目标网络协议的协议域集合F={filed1,filed2,filed3… filedn},目标协议包括n元序组<filed1,filed2,filed3…filedn>。Preferably, the set of protocol domains F = { filed 1 , filed 2 , filed 3 .

优选地,确定协议域fieldi的属性集合其中每个属性 attributeij分别在离散的属性值集合Vij中取值(1≤i≤n,1≤j≤mi)。Preferably, determine the attribute set of the protocol domain field i Each attribute attribute ij takes a value (1≤i≤n, 1≤j≤m i ) in a discrete attribute value set V ij respectively.

分析单元,用于对目标网络协议的协议域F进行分析,确定可变协议域,以及可变协议域的属性和与可变协议域的属性对应的属性值。The analysis unit is configured to analyze the protocol field F of the target network protocol, and determine the variable protocol field, the attributes of the variable protocol field, and the attribute values corresponding to the attributes of the variable protocol field.

组合单元,用于将可变协议域中各属性的属性值进行组合运算,获取可变协议中各属性的变异属性值,利用变异属性值生成可变协议域的测试数据集合。The combination unit is used to combine and operate the attribute values of each attribute in the variable protocol domain, obtain the variation attribute value of each attribute in the variable protocol, and use the variation attribute value to generate the test data set of the variable protocol domain.

优选地,对每个协议域fieldi不同属性值进行相互组合,得到面向该协议域的测试数据集合 Preferably, the different attribute values of each protocol domain field i are combined to obtain a test data set for the protocol domain

优选地,组合运算包括:将可变协议域中各属性的过滤后的属性值进行组合运算得到可变协议中各属性的变异属性值。Preferably, the combination operation includes: performing a combination operation on the filtered attribute values of each attribute in the variable protocol domain to obtain the mutated attribute value of each attribute in the variable protocol.

优选地,在所述将所述可变协议域中各属性的属性值进行组合运算之前,还包括对所述可变协议域的属性对应的属性值进行过滤。Preferably, before performing the combination operation on the attribute values of the attributes in the variable protocol domain, it further includes filtering the attribute values corresponding to the attributes of the variable protocol domain.

第一生成单元,利用变异属性值替换协议序组中测试数据集合对应的可变协议域,将对测试数据集合中的每个变异属性值进行替换,获取变异属性值替换后的可变协议域合法报文测试用例集合。The first generation unit replaces the variable protocol field corresponding to the test data set in the protocol sequence with the variable attribute value, replaces each variable attribute value in the test data set, and obtains the variable protocol field after the variable attribute value is replaced. A collection of legal packet test cases.

优选地,依次从面向协议域fieldi的测试数据集合Si中取值,对描述目标协议的n元序组<filed1,filed2,filed3…filedn>进行展开,得到面向目标网络协议的合法报文测试用例集合。Preferably, values are sequentially selected from the test data set S i oriented to the protocol domain field i , and the n-tuple sequence <filed 1 , filed 2 , filed 3 ... filed n > describing the target protocol is expanded to obtain the target-oriented network protocol A collection of legal packet test cases.

第二生成单元,根据设定的畸形报文生成原则,对于376.1协议报文中存在限值限制的可变协议域,根据可变协议域的属性进行畸形数据填充,生成非法报文测试用例集合。The second generation unit, according to the set malformed message generation principle, for the variable protocol field with limit value in the 376.1 protocol message, fills the malformed data according to the attributes of the variable protocol field, and generates an illegal message test case set .

优选地,所述根据所述可变协议域的属性进行畸形数据填充,包括:边界值取值填充、字符串填充、强制类型转换填充、超长字符串填充。Preferably, the malformed data padding is performed according to the attributes of the variable protocol domain, including: border value padding, character string padding, forced type conversion padding, and super long string padding.

第三生成单元,组合合法报文测试用例集合与非法报文测试用例集合,生成376.1协议规范的测试用例集合。The third generation unit combines the legal packet test case set and the illegal packet test case set to generate a 376.1 protocol specification test case set.

发明一实施方式的一种用于376.1协议安全缺陷检测的测试用例生成系统300与发明另一实施方式的一种用于376.1协议安全缺陷检测的测试用例生成方法100相对应,在此不再进行赘述。A test case generation system 300 for 376.1 protocol security defect detection in one embodiment of the invention corresponds to a test case generation method 100 for 376.1 protocol security defect detection in another embodiment of the invention, and will not be repeated here repeat.

已经通过参考少量实施方式描述了本发明。然而,本领域技术人员所公知的,正如附带的专利权利要求所限定的,除了本发明以上公开的其他的实施例等同地落在本发明的范围内。The invention has been described with reference to a small number of embodiments. However, it is clear to a person skilled in the art that other embodiments than the invention disclosed above are equally within the scope of the invention, as defined by the appended patent claims.

通常地,在权利要求中使用的所有术语都根据他们在技术领域的通常含义被解释,除非在其中被另外明确地定义。所有的参考“一个/所述/该[装置、组件等]”都被开放地解释为所述装置、组件等中的至少一个实例,除非另外明确地说明。这里公开的任何方法的步骤都没必要以公开的准确的顺序运行,除非明确地说明。Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise therein. All references to "a/the/the [means, component, etc.]" are openly construed to mean at least one instance of said means, component, etc., unless expressly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.

Claims (16)

1.一种用于376.1协议安全缺陷检测的测试用例生成方法,所述方法包括:1. A test case generation method for 376.1 protocol security defect detection, said method comprising: 根据所述376.1协议规范将所述376.1协议抽象成网络协议分类树,所述协议分类树包括五元组PT<测试的目标网络协议P,目标网络协议的协议域F,协议域互不相交的属性A,协议域的属性值V,协议分类树中父节点和子节点之间的关系R>;According to the 376.1 protocol specification, the 376.1 protocol is abstracted into a network protocol classification tree, and the protocol classification tree includes the five-tuple PT<the target network protocol P of the test, the protocol field F of the target network protocol, and the protocol fields that are mutually disjoint Attribute A, the attribute value V of the protocol domain, the relationship R> between the parent node and the child node in the protocol classification tree; 对所述目标网络协议的协议域F进行分析,确定可变协议域,以及所述可变协议域的属性和与所述可变协议域的属性对应的属性值;Analyzing the protocol domain F of the target network protocol, determining a variable protocol domain, attributes of the variable protocol domain, and attribute values corresponding to the attributes of the variable protocol domain; 将所述可变协议域中各属性的属性值进行组合运算,获取所述可变协议中各属性的变异属性值,利用所述变异属性值生成所述可变协议域的测试数据集合;Combining the attribute values of each attribute in the variable protocol domain to obtain the mutated attribute value of each attribute in the variable protocol, and using the mutated attribute value to generate a test data set for the variable protocol domain; 利用所述变异属性值替换协议序组中所述测试数据集合对应的可变协议域,将对所述测试数据集合中的每个所述变异属性值进行替换,获取所述变异属性值替换后的所述可变协议域合法报文测试用例集合;Using the mutated attribute value to replace the variable protocol field corresponding to the test data set in the protocol sequence, each of the mutated attribute values in the test data set is replaced, and the mutated attribute value is obtained after replacement The legal packet test case set of the variable protocol domain; 根据设定的畸形报文生成原则,对于所述376.1协议报文中存在限值限制的可变协议域,根据所述可变协议域的属性进行畸形数据填充,生成非法报文测试用例集合;According to the set malformed message generation principle, for the variable protocol field with limit value in the 376.1 protocol message, fill the malformed data according to the attribute of the variable protocol field to generate an illegal message test case set; 组合所述合法报文测试用例集合与所述非法报文测试用例集合,生成所述376.1协议规范的测试用例集合。Combining the legal packet test case set and the illegal packet test case set to generate the 376.1 protocol specification test case set. 2.根据权利要求1所述的方法,所述目标网络协议的协议域集合F={filed1,filed2,filed3…filedn},所述目标协议包括n元序组<filed1,filed2,filed3…filedn>。2. The method according to claim 1 , the protocol domain set F= { filed 1 , filed 2 , filed 3 . 2 , filed 3 ... filed n >. 3.根据权利要求1所述的方法,确定协议域fieldi的属性集合其中每个属性attributeij分别在离散的属性值集合Vij中取值(1≤i≤n,1≤j≤mi)。3. The method according to claim 1, determining the attribute set of the protocol domain field i Each attribute attribute ij takes a value (1≤i≤n, 1≤j≤m i ) in a discrete attribute value set V ij respectively. 4.根据权利要求1所述的方法,对每个协议域fieldi不同属性值进行相互组合,得到面向该协议域的测试数据集合 4. according to the method for claim 1, each protocol domain field i different attribute values are combined mutually, obtain the test data set facing this protocol domain 5.根据权利要求1所述的方法,依次从面向协议域fieldi的测试数据集合Si中取值,对描述目标协议的n元序组<filed1,filed2,filed3…filedn>进行展开,得到面向目标网络协议的合法报文测试用例集合。5. The method according to claim 1, taking values sequentially from the test data set S i facing the protocol domain field i , and describing the n-element sequence group <filed 1 , filed 2 , filed 3 ... filed n > of the target protocol Expand to obtain a set of legal packet test cases oriented to the target network protocol. 6.根据权利要求1所述的方法,所述根据所述可变协议域的属性进行畸形数据填充,包括:6. The method according to claim 1, wherein the filling of deformed data according to the attribute of the variable protocol field comprises: 边界值取值填充、字符串填充、强制类型转换填充、超长字符串填充。Boundary value padding, string padding, mandatory type conversion padding, super long string padding. 7.根据权利要求1所述的方法,在所述将所述可变协议域中各属性的属性值进行组合运算之前,还包括对所述可变协议域的属性对应的属性值进行过滤。7. The method according to claim 1, further comprising filtering the attribute values corresponding to the attributes of the variable protocol domain before performing the combination operation on the attribute values of the attributes in the variable protocol domain. 8.根据权利要求7所述的方法,所述组合运算包括:将所述可变协议域中各属性的过滤后的属性值进行组合运算得到所述可变协议中各属性的变异属性值。8. The method according to claim 7, wherein the combination operation comprises: performing a combination operation on the filtered attribute values of each attribute in the variable protocol domain to obtain the mutated attribute value of each attribute in the variable protocol. 9.一种用于376.1协议安全缺陷检测的测试用例生成系统,所述系统包括:9. A test case generation system for 376.1 protocol security defect detection, said system comprising: 分类单元,用于根据所述376.1协议规范将所述376.1协议抽象成网络协议分类树,所述协议分类树包括五元组PT<测试的目标网络协议P,目标网络协议的协议域F,协议域互不相交的属性A,协议域的属性值V,协议分类树中父节点和子节点之间的关系R>;A classification unit, configured to abstract the 376.1 protocol into a network protocol classification tree according to the 376.1 protocol specification, and the protocol classification tree includes the five-tuple PT<tested target network protocol P, protocol field F of the target network protocol, protocol Domain disjoint attribute A, protocol domain attribute value V, relationship between parent node and child node in the protocol classification tree R>; 分析单元,用于对所述目标网络协议的协议域F进行分析,确定可变协议域,以及所述可变协议域的属性和与所述可变协议域的属性对应的属性值;An analyzing unit, configured to analyze the protocol domain F of the target network protocol, determine the variable protocol domain, and the attributes of the variable protocol domain and the attribute values corresponding to the attributes of the variable protocol domain; 组合单元,用于将所述可变协议域中各属性的属性值进行组合运算,获取所述可变协议中各属性的变异属性值,利用所述变异属性值生成所述可变协议域的测试数据集合;A combination unit, configured to perform a combined operation on the attribute values of each attribute in the variable protocol domain, obtain the mutated attribute value of each attribute in the variable protocol, and use the mutated attribute value to generate the variable protocol domain test data set; 第一生成单元,利用所述变异属性值替换协议序组中所述测试数据集合对应的可变协议域,将对所述测试数据集合中的每个所述变异属性值进行替换,获取所述变异属性值替换后的所述可变协议域合法报文测试用例集合;The first generating unit uses the variable attribute value to replace the variable protocol field corresponding to the test data set in the protocol sequence, and replaces each of the variable attribute values in the test data set to obtain the A set of legal packet test cases in the variable protocol domain after the mutation attribute value is replaced; 第二生成单元,根据设定的畸形报文生成原则,对于所述376.1协议报文中存在限值限制的可变协议域,根据所述可变协议域的属性进行畸形数据填充,生成非法报文测试用例集合;The second generation unit, according to the set malformed message generation principle, for the variable protocol field with limit value in the 376.1 protocol message, fills the malformed data according to the attribute of the variable protocol field, and generates an illegal message Text test case collection; 第三生成单元,组合所述合法报文测试用例集合与所述非法报文测试用例集合,生成所述376.1协议规范的测试用例集合。The third generating unit is configured to combine the set of legal message test cases and the set of illegal message test cases to generate the test case set of the 376.1 protocol specification. 10.根据权利要求9所述的系统,所述目标网络协议的协议域集合F={filed1,filed2,filed3…filedn},所述目标协议包括n元序组<filed1,filed2,filed3…filedn>。10. The system according to claim 9, the protocol domain set F = { filed 1 , filed 2 , filed 3 . 2 , filed 3 ... filed n >. 11.根据权利要求9所述的系统,确定协议域fieldi的属性集合其中每个属性attributeij分别在离散的属性值集合Vij中取值(1≤i≤n,1≤j≤mi)。11. The system according to claim 9, determining the attribute set of the protocol domain field i Each attribute attribute ij takes a value (1≤i≤n, 1≤j≤m i ) in a discrete attribute value set V ij respectively. 12.根据权利要求9所述的系统,对每个协议域fieldi不同属性值进行相互组合,得到面向该协议域的测试数据集合 12. The system according to claim 9, combining the different attribute values of each protocol domain field i to obtain the test data set facing the protocol domain 13.根据权利要求9所述的系统,依次从面向协议域fieldi的测试数据集合Si中取值,对描述目标协议的n元序组<filed1,filed2,filed3…filedn>进行展开,得到面向目标网络协议的合法报文测试用例集合。13. The system according to claim 9, taking values sequentially from the test data set S i oriented to the protocol domain field i , for the n-element sequence group <filed 1 , filed 2 , filed 3 ...filed n > describing the target protocol Expand to obtain a set of legal packet test cases oriented to the target network protocol. 14.根据权利要求9所述的系统,所述根据所述可变协议域的属性进行畸形数据填充,包括:14. The system according to claim 9, wherein the filling of malformed data according to the attribute of the variable protocol field comprises: 边界值取值填充、字符串填充、强制类型转换填充、超长字符串填充。Boundary value padding, string padding, mandatory type conversion padding, super long string padding. 15.根据权利要求9所述的系统,在所述将所述可变协议域中各属性的属性值进行组合运算之前,还包括对所述可变协议域的属性对应的属性值进行过滤。15. The system according to claim 9, further comprising filtering the attribute values corresponding to the attributes of the variable protocol domain before performing the combination operation on the attribute values of the attributes in the variable protocol domain. 16.根据权利要求9所述的系统,所述组合运算包括:将所述可变协议域中各属性的过滤后的属性值进行组合运算得到所述可变协议中各属性的变异属性值。16. The system according to claim 9, wherein the combination operation comprises: performing a combination operation on the filtered attribute values of each attribute in the variable protocol domain to obtain the mutated attribute value of each attribute in the variable protocol.
CN201710576281.9A 2017-07-14 2017-07-14 A kind of method for generating test case and system for being used for 376.1 protocol security defects detections Pending CN107517199A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710576281.9A CN107517199A (en) 2017-07-14 2017-07-14 A kind of method for generating test case and system for being used for 376.1 protocol security defects detections

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710576281.9A CN107517199A (en) 2017-07-14 2017-07-14 A kind of method for generating test case and system for being used for 376.1 protocol security defects detections

Publications (1)

Publication Number Publication Date
CN107517199A true CN107517199A (en) 2017-12-26

Family

ID=60721804

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710576281.9A Pending CN107517199A (en) 2017-07-14 2017-07-14 A kind of method for generating test case and system for being used for 376.1 protocol security defects detections

Country Status (1)

Country Link
CN (1) CN107517199A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024868A (en) * 2022-01-06 2022-02-08 北京安博通科技股份有限公司 Flow statistical method, flow quality analysis method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101431809A (en) * 2008-10-28 2009-05-13 中国科学院研究生院 OBEX protocol bug excavation method and system
US20100030862A1 (en) * 2008-07-31 2010-02-04 International Business Machines Corporation Testing a network system
US20100238810A1 (en) * 2003-10-03 2010-09-23 Verizon Services Corp. Methodology for Measurements and Analysis of Protocol Conformance, Performance and Scalability of Stateful Border Gateways
CN103812729A (en) * 2014-02-19 2014-05-21 北京理工大学 Network protocol fuzz testing method and device
CN106330601A (en) * 2016-08-19 2017-01-11 北京匡恩网络科技有限责任公司 Test case generation method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100238810A1 (en) * 2003-10-03 2010-09-23 Verizon Services Corp. Methodology for Measurements and Analysis of Protocol Conformance, Performance and Scalability of Stateful Border Gateways
US20100030862A1 (en) * 2008-07-31 2010-02-04 International Business Machines Corporation Testing a network system
CN101431809A (en) * 2008-10-28 2009-05-13 中国科学院研究生院 OBEX protocol bug excavation method and system
CN103812729A (en) * 2014-02-19 2014-05-21 北京理工大学 Network protocol fuzz testing method and device
CN106330601A (en) * 2016-08-19 2017-01-11 北京匡恩网络科技有限责任公司 Test case generation method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘静静等: "基于启发式搜索和分类树的网络协议模糊测试用例生成方法研究", 《现代电子技术》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024868A (en) * 2022-01-06 2022-02-08 北京安博通科技股份有限公司 Flow statistical method, flow quality analysis method and device

Similar Documents

Publication Publication Date Title
Kayan et al. Cybersecurity of industrial cyber-physical systems: A review
Ye et al. A review of cyber–physical security for photovoltaic systems
Muzammal et al. A comprehensive review on secure routing in internet of things: Mitigation methods and trust-based approaches
Wani et al. SDN‐based intrusion detection system for IoT using deep learning classifier (IDSIoT‐SDL)
Meng Intrusion detection in the era of IoT: Building trust via traffic filtering and sampling
Li et al. A critical review of cyber-physical security for building automation systems
Yi et al. Web phishing detection using a deep learning framework
Liu et al. Addressing the class imbalance problem in twitter spam detection using ensemble learning
JP2023169334A (en) Cyber threat defense system for protecting email network using machine learning model
Ford et al. Applications of machine learning in cyber security
US20210273961A1 (en) Apparatus and method for a cyber-threat defense system
Feng et al. Modeling and stability analysis of worm propagation in wireless sensor network
CN104394015B (en) A kind of network security situation evaluating method
Hassan et al. Gitm: A gini index-based trust mechanism to mitigate and isolate sybil attack in rpl-enabled smart grid advanced metering infrastructures
Hadziosmanovic et al. Challenges and opportunities in securing industrial control systems
Manickam et al. Labelled Dataset on Distributed Denial‐of‐Service (DDoS) Attacks Based on Internet Control Message Protocol Version 6 (ICMPv6)
Leszczyna et al. Developing novel solutions to realise the European energy–information sharing & analysis centre
Bellini et al. Cyber resilience in IoT network: Methodology and example of assessment through epidemic spreading approach
Tran et al. Designing false data injection attacks penetrating AC‐based bad data detection system and FDI dataset generation
Zhao et al. An invocation chain test and evaluation method for fog computing
Ibrahim et al. Exploring the emerging role of large language models in smart grid cybersecurity: a survey of attacks, detection mechanisms, and mitigation strategies
Roelofs et al. Finding harmony in the noise: Blending security alerts for attack detection
Rabelo et al. Using delphi and system dynamics to study the cybersecurity of the IoT-based smart grids
Sen et al. Towards an approach to contextual detection of multi-stage cyber attacks in smart grids
Presekal et al. Anomaly Detection and Mitigation in Cyber‐Physical Power Systems Based on Hybrid Deep Learning and Attack Graphs

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171226