{"title":"状态引导突变协议模糊","authors":"Zhenyu Wen;Jianfeng Yu;Zening Huang;Yiming Wu;Zhen Hong;Rajiv Ranjan","doi":"10.1109/LNET.2025.3526776","DOIUrl":null,"url":null,"abstract":"Protocol implementations are fundamental components in network communication systems, and their security is crucial to the overall system. Fuzzing is one of the most popular techniques for detecting vulnerabilities and has been widely applied to the security evaluation of protocol implementations. However, due to the lack of machine-understandable prior knowledge and effective state-guided strategies, existing protocol fuzzing tools tailored for stateful network protocol implementations often suffer from shallow state coverage and generate numerous invalid test cases, thereby impacting the effectiveness of the testing process. In this letter, we introduce SGMFuzz, a grey-box fuzzing tool that combines a state-guided mutation mechanism to detect security vulnerabilities in protocol implementations. SGMFuzz uses the feedback collected during fuzzing to construct a finite-state machine, which aids in a deeper exploration of the program. Additionally, we design a message-aware module to enhance the tool’s ability to generate valid test cases. Our evaluation demonstrates that, compared to the most advanced and widely used network protocol fuzzing tools, SGMFuzz increases the number of discovered execution paths by over 15% on average and improves state transition coverage by over 10%, providing a more comprehensive security assessment of protocol implementations.","PeriodicalId":100628,"journal":{"name":"IEEE Networking Letters","volume":"7 1","pages":"71-75"},"PeriodicalIF":0.0000,"publicationDate":"2025-01-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"SGMFuzz: State Guided Mutation Protocol Fuzzing\",\"authors\":\"Zhenyu Wen;Jianfeng Yu;Zening Huang;Yiming Wu;Zhen Hong;Rajiv Ranjan\",\"doi\":\"10.1109/LNET.2025.3526776\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Protocol implementations are fundamental components in network communication systems, and their security is crucial to the overall system. Fuzzing is one of the most popular techniques for detecting vulnerabilities and has been widely applied to the security evaluation of protocol implementations. However, due to the lack of machine-understandable prior knowledge and effective state-guided strategies, existing protocol fuzzing tools tailored for stateful network protocol implementations often suffer from shallow state coverage and generate numerous invalid test cases, thereby impacting the effectiveness of the testing process. In this letter, we introduce SGMFuzz, a grey-box fuzzing tool that combines a state-guided mutation mechanism to detect security vulnerabilities in protocol implementations. SGMFuzz uses the feedback collected during fuzzing to construct a finite-state machine, which aids in a deeper exploration of the program. Additionally, we design a message-aware module to enhance the tool’s ability to generate valid test cases. Our evaluation demonstrates that, compared to the most advanced and widely used network protocol fuzzing tools, SGMFuzz increases the number of discovered execution paths by over 15% on average and improves state transition coverage by over 10%, providing a more comprehensive security assessment of protocol implementations.\",\"PeriodicalId\":100628,\"journal\":{\"name\":\"IEEE Networking Letters\",\"volume\":\"7 1\",\"pages\":\"71-75\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2025-01-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Networking Letters\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10829865/\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Networking Letters","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10829865/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Protocol implementations are fundamental components in network communication systems, and their security is crucial to the overall system. Fuzzing is one of the most popular techniques for detecting vulnerabilities and has been widely applied to the security evaluation of protocol implementations. However, due to the lack of machine-understandable prior knowledge and effective state-guided strategies, existing protocol fuzzing tools tailored for stateful network protocol implementations often suffer from shallow state coverage and generate numerous invalid test cases, thereby impacting the effectiveness of the testing process. In this letter, we introduce SGMFuzz, a grey-box fuzzing tool that combines a state-guided mutation mechanism to detect security vulnerabilities in protocol implementations. SGMFuzz uses the feedback collected during fuzzing to construct a finite-state machine, which aids in a deeper exploration of the program. Additionally, we design a message-aware module to enhance the tool’s ability to generate valid test cases. Our evaluation demonstrates that, compared to the most advanced and widely used network protocol fuzzing tools, SGMFuzz increases the number of discovered execution paths by over 15% on average and improves state transition coverage by over 10%, providing a more comprehensive security assessment of protocol implementations.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
