Abstract: 5G data network devices are the infrastructure of modern communications, and the security and reliability directly ensure that the entire network is secure and reliable. As the basic operating interface of network devices, the command line interface is of vital significance for improving the security of the entire network. Based on the fuzz testing, a command line interface vulnerability mining method is proposed, and the key technologies and processes such as injection point analysis and definition, fuzziness test vulnerability mining data model processing, fuzziness test algorithm optimization and fuzziness test vulnerability mining process are studied deeply. The research results are directly applied to the fuzziness vulnerability mining system of the command line interface to implement key functions such as network device information collection, fuzziness data modeling, network device response information analysis, vulnerability mining execution, analysis after vulnerability mining, and vulnerability report generation. Finally, it discusses and looks to the future to improve the efficiency and effectiveness of the fuzziness vulnerability mining system of the command line interface.
Key words : fuzz testing; command line interface; network equipment; vulnerability mining; network security
0 引言
命令行接口(Command Line Interface, CLI)是網(wǎng)絡(luò)設(shè)備最常見也是最重要的操作維護(hù)管理接口(Operation Administration and Maintenance,, OAM),特別是大型的網(wǎng)絡(luò)設(shè)備,,例如5G承載高端路由器和高端交換機(jī)[1-2]等,。網(wǎng)絡(luò)設(shè)備運(yùn)行的重要參數(shù)都是通過(guò)CLI方式錄入到網(wǎng)絡(luò)設(shè)備系統(tǒng)中。隨著網(wǎng)絡(luò)設(shè)備OAM技術(shù)的發(fā)展,,網(wǎng)絡(luò)設(shè)備制造者商和操作維護(hù)軟件公司均提供了基于Web的可視化網(wǎng)絡(luò)管理工具,,以方便運(yùn)維人員以圖形化的方式對(duì)網(wǎng)絡(luò)設(shè)備進(jìn)行維護(hù)和管理,但基于Web的網(wǎng)絡(luò)管理工具底層仍然會(huì)調(diào)用CLI接口對(duì)網(wǎng)絡(luò)設(shè)備進(jìn)行操作和配置,。所以CLI安全可靠性對(duì)于整個(gè)網(wǎng)絡(luò)設(shè)備的安全起著至關(guān)重要的作用,。