Browse by author
Lookup NU author(s): Professor Raj Ranjan
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
Protocol implementations are fundamental components in network communication systems, and their security is crucial to the overall system. Fuzzing is one of the most popular techniques for detecting vulnerabilities and has been widely applied to the security evaluation of protocol implementations. However, due to the lack of machine-understandable prior knowledge and effective state-guided strategies, existing protocol fuzzing tools tailored for stateful network protocol implementations often suffer from shallow state coverage and generate numerous invalid test cases, thereby impacting the effectiveness of the testing process. In this paper, we introduce SGMFuzz, a grey-box fuzzing tool that combines a state-guided mutation mechanism to detect security vulnerabilities in protocol implementations. SGMFuzz uses the feedback collected during fuzzing to construct a finite-state machine, which aids in a deeper exploration of the program. Additionally, we design a message-aware module to enhance the tool's ability to generate valid test cases. Our evaluation demonstrates that, compared to the most advanced and widely used network protocol fuzzing tools, SGMFuzz increases the number of discovered execution paths by over 15% on average and improves state transition coverage by over 10%, providing a more comprehensive security assessment of protocol implementations.
Author(s): Wen Z, Yu J, Huang Z, Wu Y, Hong Z, Ranjan R
Publication type: Article
Publication status: Published
Journal: IEEE Networking Letters
Year: 2025
Pages: Epub ahead of print
Online publication date: 07/01/2025
Acceptance date: 02/04/2018
ISSN (electronic): 2576-3156
Publisher: IEEE
URL: https://doi.org/10.1109/LNET.2025.3526776
DOI: 10.1109/LNET.2025.3526776
