FuzzyDoo：一个发现5G环境缺陷的框架

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-09-24 DOI:10.1016/j.comnet.2025.111734

Rosario G. Garroppo, Michele Pagano, Gabriele Pongelli

{"title":"FuzzyDoo：一个发现5G环境缺陷的框架","authors":"Rosario G. Garroppo, Michele Pagano, Gabriele Pongelli","doi":"10.1016/j.comnet.2025.111734","DOIUrl":null,"url":null,"abstract":"<div><div>The increasing complexity and criticality of 5G networks demand rigorous security testing methodologies, particularly in black-box environments where source code access is restricted. This paper introduces FuzzyDoo, an open-source, mutation-based structure-aware fuzzing framework designed to assess the robustness and security of 5G Core (5GC) network functions under black-box conditions. FuzzyDoo advances the state of the art by enabling dynamic test message generation for encrypted communications, supporting extensible protocol integration, and facilitating flexible deployment of monitoring components in multi-system environments. The paper details the framework modular architecture – to the best of our knowledge, the first of its kind in the open-source domain – and demonstrates its efficacy through experimental evaluations on three open-source 5GC frameworks. These experiments reveal implementation-specific vulnerabilities and underscore FuzzyDoo diagnostic capabilities for root cause analysis.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111734"},"PeriodicalIF":4.6000,"publicationDate":"2025-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"FuzzyDoo: A framework for finding flaws in the 5G landscape\",\"authors\":\"Rosario G. Garroppo, Michele Pagano, Gabriele Pongelli\",\"doi\":\"10.1016/j.comnet.2025.111734\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The increasing complexity and criticality of 5G networks demand rigorous security testing methodologies, particularly in black-box environments where source code access is restricted. This paper introduces FuzzyDoo, an open-source, mutation-based structure-aware fuzzing framework designed to assess the robustness and security of 5G Core (5GC) network functions under black-box conditions. FuzzyDoo advances the state of the art by enabling dynamic test message generation for encrypted communications, supporting extensible protocol integration, and facilitating flexible deployment of monitoring components in multi-system environments. The paper details the framework modular architecture – to the best of our knowledge, the first of its kind in the open-source domain – and demonstrates its efficacy through experimental evaluations on three open-source 5GC frameworks. These experiments reveal implementation-specific vulnerabilities and underscore FuzzyDoo diagnostic capabilities for root cause analysis.</div></div>\",\"PeriodicalId\":50637,\"journal\":{\"name\":\"Computer Networks\",\"volume\":\"272 \",\"pages\":\"Article 111734\"},\"PeriodicalIF\":4.6000,\"publicationDate\":\"2025-09-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Networks\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1389128625007005\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625007005","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

5G网络日益复杂和至关重要，需要严格的安全测试方法，特别是在源代码访问受限的黑箱环境中。本文介绍了FuzzyDoo，这是一个基于突变的开源结构感知模糊测试框架，旨在评估黑箱条件下5G核心（5GC）网络功能的鲁棒性和安全性。FuzzyDoo通过支持加密通信的动态测试消息生成，支持可扩展的协议集成，以及促进多系统环境中监控组件的灵活部署，提高了技术水平。本文详细介绍了框架模块化架构——据我们所知，这是开源领域的第一个此类架构——并通过对三个开源5GC框架的实验评估证明了它的有效性。这些实验揭示了特定于实现的漏洞，并强调了FuzzyDoo对根本原因分析的诊断能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

FuzzyDoo: A framework for finding flaws in the 5G landscape

The increasing complexity and criticality of 5G networks demand rigorous security testing methodologies, particularly in black-box environments where source code access is restricted. This paper introduces FuzzyDoo, an open-source, mutation-based structure-aware fuzzing framework designed to assess the robustness and security of 5G Core (5GC) network functions under black-box conditions. FuzzyDoo advances the state of the art by enabling dynamic test message generation for encrypted communications, supporting extensible protocol integration, and facilitating flexible deployment of monitoring components in multi-system environments. The paper details the framework modular architecture – to the best of our knowledge, the first of its kind in the open-source domain – and demonstrates its efficacy through experimental evaluations on three open-source 5GC frameworks. These experiments reveal implementation-specific vulnerabilities and underscore FuzzyDoo diagnostic capabilities for root cause analysis.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.