|
| 1 | +#Learning-Based Fuzzing of IoT Message Brokers |
| 2 | + |
| 3 | + |
| 4 | +##Different Brokers Configurations |
| 5 | + |
| 6 | +* VerneMQ |
| 7 | +* docker run -p 1886:1883 -e "DOCKER_VERNEMQ_ALLOW_ANONYMOUS=on" -e "DOCKER_VERNEMQ_ACCEPT_EULA=yes" -e "DOCKER_VERNEMQ_listener.tcp.allowed_protocol_versions=5" --name vernemq1 -d vernemq/vernemq |
| 8 | +* Mosquitto |
| 9 | +* Port 1885 |
| 10 | +* /usr/local/sbin/mosquitto -p 1885 |
| 11 | +* HiveMq |
| 12 | +* Port 1884 selected in /conf/config.xml |
| 13 | +* ./Documents/hivemq-ce-2020.2/bin/run.sh |
| 14 | +* EMQ |
| 15 | +* Port 1883 |
| 16 | +* emqx start |
| 17 | +* ejabbard |
| 18 | +* disable authentication |
| 19 | +* port 1997 |
| 20 | + |
| 21 | +##To reporduce |
| 22 | + |
| 23 | +- Once all brokers are installed and appropriate ports assigned to them, run |
| 24 | + |
| 25 | +``` |
| 26 | + Linux/MAC |
| 27 | + ./gradlew build |
| 28 | + ./gradlew learningBasedFuzzing |
| 29 | + Windows |
| 30 | + ./gradlew.bat build |
| 31 | + ./gradlew.bat learningBasedFuzzing |
| 32 | +``` |
| 33 | + |
| 34 | +##Short code explanation |
| 35 | + |
| 36 | +Learning of the Mosquitto MQTT broker and it's use as a basis for further model-based fuzzing is found in the Main.java class. |
| 37 | + |
| 38 | +- Create the MQTT client which will interact with the Mosquitto broker |
| 39 | + |
| 40 | +`` |
| 41 | +MQTTBrokerAdapterConfig mosquittoBrokerConfig = |
| 42 | + new MQTTBrokerAdapterConfig(InetAddress.getByName("127.0.0.1"), 1885, 200, true, true, true); |
| 43 | + MQTTClientWrapper mosquittoClient = new MQTTClientWrapper("c0", "mosquitto", mosquittoBrokerConfig); |
| 44 | +`` |
| 45 | + |
| 46 | +- Create input alphabeth for learning and corresponding mapper that translates abstract inputs to concrete ones |
| 47 | +- Start the experiment |
| 48 | +- Results are saved in the 'learnedModels' folder |
| 49 | +- Comment out the last line if you want to skip learning and use model found in 'learnedModels' folder |
| 50 | +``` |
| 51 | +Learner mosquitoLearner = new Learner(new LearningMapper(mosquittoClient)); |
| 52 | + List<String> paperExample = Arrays.asList( |
| 53 | + "connect", "disconnect", |
| 54 | + "subscribe","publish", "unsubscribe", |
| 55 | + "invalid"); |
| 56 | +
|
| 57 | +String experimentName = "MosquittoDemonstation"; |
| 58 | +mosquitoLearner.learn(3000, experimentName, paperExample); // COMMENT OUT if you want to skip learning and usead already existing model |
| 59 | +``` |
| 60 | +- Define configuration and clients for other brokers |
| 61 | +- Same input alphabet is used for the fuzzing mapper |
| 62 | +- Define number of random walks and its maximum lenght |
| 63 | +``` |
| 64 | +FuzzingBasedTesting fuzzingBasedTesting = |
| 65 | + new FuzzingBasedTesting("learnedModels/MosquittoDemonstation.dot", clients, new DemoFuzzingMapper()); |
| 66 | +
|
| 67 | +fuzzingBasedTesting.setInputAlphabet(paperExample); |
| 68 | +
|
| 69 | +fuzzingBasedTesting.randomWalkWithFuzzing(1000, 10); |
| 70 | +``` |
| 71 | +#Learning-Based-Fuzzing |