RPFUZZ: Efficient network service fuzzing via pruning redundant mutation

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-09-27 DOI:10.1016/j.cose.2025.104684

Wenfeng Lin, Fangliang Xu, Zhiyuan Jiang, Gang Yang, Zhiwei Li, Chaojing Tang

{"title":"RPFUZZ: Efficient network service fuzzing via pruning redundant mutation","authors":"Wenfeng Lin, Fangliang Xu, Zhiyuan Jiang, Gang Yang, Zhiwei Li, Chaojing Tang","doi":"10.1016/j.cose.2025.104684","DOIUrl":null,"url":null,"abstract":"<div><div>Coverage-guided fuzzing (CGF) has proven its outstanding performance on vulnerability detection. However, existing approaches exhibit limitations when handling network service. Restricted by network I/O duration and chronology, long packet sequences crafted by fuzzers incur a substantial execution cost. Test cases with such non-coverage-improving mutations (i.e. redundant mutation) can significantly reduce fuzzing throughput and compromise vulnerability discovery.</div><div>To address this issue, we propose RPFUZZ, a novel network fuzzing framework designed to systematically reduce redundant mutations: (1) We propose redundant mutation pruning for network service fuzzing. By early terminating redundant mutations’ execution, RPFUZZ can achieve higher throughput. (2) To detect redundant mutation, we propose redundant mutation oracle. This oracle dynamically judges whether a test case is redundant according to current code coverage and value of service-related variables (SRVs). (3)To identify SRVs, we propose an integrated approach combining dynamic call stack analysis with static value-flow graph (VFG) analysis.</div><div>To evaluate the performance of RPFUZZ, we implement a prototype on top of NYX-NET. We conduct thorough experiments on ProFuzzBench, a benchmark that consists of 12 real-world network services. The results indicate that RPFUZZ achieves over 185% improvement in throughput and 1.02% rise in code coverage compared with NYX-NET. Besides, RPFUZZ has successfully uncovered 1753 unique crashes across 6 network services, including an unreported vulnerability (assigned to CVE-2024-57392) in ProFTPD, which has been well tested.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104684"},"PeriodicalIF":5.4000,"publicationDate":"2025-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825003736","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Coverage-guided fuzzing (CGF) has proven its outstanding performance on vulnerability detection. However, existing approaches exhibit limitations when handling network service. Restricted by network I/O duration and chronology, long packet sequences crafted by fuzzers incur a substantial execution cost. Test cases with such non-coverage-improving mutations (i.e. redundant mutation) can significantly reduce fuzzing throughput and compromise vulnerability discovery.

To address this issue, we propose RPFUZZ, a novel network fuzzing framework designed to systematically reduce redundant mutations: (1) We propose redundant mutation pruning for network service fuzzing. By early terminating redundant mutations’ execution, RPFUZZ can achieve higher throughput. (2) To detect redundant mutation, we propose redundant mutation oracle. This oracle dynamically judges whether a test case is redundant according to current code coverage and value of service-related variables (SRVs). (3)To identify SRVs, we propose an integrated approach combining dynamic call stack analysis with static value-flow graph (VFG) analysis.

To evaluate the performance of RPFUZZ, we implement a prototype on top of NYX-NET. We conduct thorough experiments on ProFuzzBench, a benchmark that consists of 12 real-world network services. The results indicate that RPFUZZ achieves over 185% improvement in throughput and 1.02% rise in code coverage compared with NYX-NET. Besides, RPFUZZ has successfully uncovered 1753 unique crashes across 6 network services, including an unreported vulnerability (assigned to CVE-2024-57392) in ProFTPD, which has been well tested.

查看原文本刊更多论文

RPFUZZ：通过修剪冗余突变实现高效的网络服务模糊化

覆盖引导模糊测试（CGF）在漏洞检测方面已经证明了其卓越的性能。然而，现有的方法在处理网络服务时表现出局限性。受网络I/O持续时间和时间的限制，由fuzzers制作的长数据包序列会产生大量的执行成本。带有这种非覆盖率改进突变（即冗余突变）的测试用例可以显著降低模糊吞吐量并损害漏洞发现。为了解决这个问题，我们提出了RPFUZZ，一个新的网络模糊框架，旨在系统地减少冗余突变：(1)我们提出了冗余突变修剪网络服务模糊。通过提前终止冗余突变的执行，RPFUZZ可以实现更高的吞吐量。(2)为了检测冗余突变，我们提出了冗余突变预测。该oracle根据当前代码覆盖率和服务相关变量（srv）的值动态判断测试用例是否冗余。(3)为了识别srv，我们提出了一种将动态调用堆栈分析与静态价值流图（VFG）分析相结合的方法。为了评估RPFUZZ的性能，我们在NYX-NET上实现了一个原型。我们在ProFuzzBench上进行了彻底的实验，这是一个由12个真实网络服务组成的基准测试。结果表明，与NYX-NET相比，RPFUZZ的吞吐量提高了185%以上，代码覆盖率提高了1.02%。此外，RPFUZZ已经成功发现了6个网络服务中的1753个独特崩溃，包括ProFTPD中未报告的漏洞（分配给CVE-2024-57392），该漏洞已经过良好测试。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.