Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
119 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

A Survey of Protocol Fuzzing (2401.01568v3)

Published 3 Jan 2024 in cs.CR and cs.NI

Abstract: Communication protocols form the bedrock of our interconnected world, yet vulnerabilities within their implementations pose significant security threats. Recent developments have seen a surge in fuzzing-based research dedicated to uncovering these vulnerabilities within protocol implementations. However, there still lacks a systematic overview of protocol fuzzing for answering the essential questions such as what the unique challenges are, how existing works solve them, etc. To bridge this gap, we conducted a comprehensive investigation of related works from both academia and industry. Our study includes a detailed summary of the specific challenges in protocol fuzzing, and provides a systematic categorization and overview of existing research efforts. Furthermore, we explore and discuss potential future research directions in protocol fuzzing. This survey serves as a foundational guideline for researchers and practitioners in the field.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (188)
  1. 2020. IEEE Standard for Local and Metropolitan Area Networks–Port-Based Network Access Control. IEEE Std 802.1X-2020 (Revision of IEEE Std 802.1X-2010 Incorporating IEEE Std 802.1Xbx-2014 and IEEE Std 802.1Xck-2018) (2020), 1–289. https://doi.org/10.1109/IEEESTD.2020.9018454
  2. 2021. IEEE Standard for Information Technology–Telecommunications and Information Exchange between Systems - Local and Metropolitan Area Networks–Specific Requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Std 802.11-2020 (Revision of IEEE Std 802.11-2016) (2021), 1–4379. https://doi.org/10.1109/IEEESTD.2021.9363693
  3. Android {{\{{SmartTVs}}\}} Vulnerability Discovery via {{\{{Log-Guided}}\}} Fuzzing. In 30th USENIX Security Symposium (USENIX Security 21). 2759–2776.
  4. Learning-Based Fuzzing of IoT Message Brokers. In 2021 14th IEEE Conference on Software Testing, Verification and Validation (ICST). 47–58. https://doi.org/10.1109/ICST49551.2021.00017
  5. ZigBee Alliance. 2015. ZigBee Specification. https://zigbeealliance.org/wp-content/uploads/2019/11/docs-05-3474-21-0csg-zigbee-specification.pdf
  6. Kaled M. Alshmrany and Lucas C. Cordeiro. 2020. Finding Security Vulnerabilities in Network Protocol Implementations. CoRR abs/2001.09592 (2020). arXiv:2001.09592 https://arxiv.org/abs/2001.09592
  7. DY Fuzzing: Formal Dolev-Yao Models Meet Cryptographic Protocol Fuzz Testing. In 45th IEEE Symposium on Security and Privacy.
  8. Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks. In 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 926–938.
  9. Anastasios Andronidis and Cristian Cadar. 2022. SnapFuzz: An Efficient Fuzzing Framework for Network Applications. CoRR abs/2201.04048 (2022). arXiv:2201.04048 https://arxiv.org/abs/2201.04048
  10. Hyperledger fabric: a distributed operating system for permissioned blockchains. In Proceedings of the thirteenth EuroSys conference. 1–15.
  11. Applying Symbolic Execution to Test Implementations of a Network Protocol Against its Specification. In 2022 IEEE Conference on Software Testing, Verification and Validation (ICST). 70–81. https://doi.org/10.1109/ICST53961.2022.00019
  12. Ijon: Exploring Deep State Spaces via Fuzzing. In 2020 IEEE Symposium on Security and Privacy (SP). 1597–1612. https://doi.org/10.1109/SP40000.2020.00117
  13. RESTler: stateful REST API fuzzing. In Proceedings of the 41st International Conference on Software Engineering, ICSE 2019, Montreal, QC, Canada, May 25-31, 2019, Joanne M. Atlee, Tevfik Bultan, and Jon Whittle (Eds.). IEEE / ACM, 748–758. https://doi.org/10.1109/ICSE.2019.00083
  14. AUTOSAR. 2016. SOME/IP Protocol Specification. https://www.autosar.org/fileadmin/user_upload/standards/foundation/1-0/AUTOSAR_PRS_SOMEIPProtocol.pdf
  15. Stateful Greybox Fuzzing. arXiv preprint arXiv:2204.02545 (2022).
  16. Improving TCP/IP performance over wireless networks. In Proceedings of the 1st annual international conference on Mobile computing and networking. 2–11.
  17. Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge. In USENIX Security.
  18. A Messy State of the Union: Taming the Composite State Machines of TLS. In 2015 IEEE Symposium on Security and Privacy. 535–552. https://doi.org/10.1109/SP.2015.39
  19. The Bandit’s States: Modeling State Selection for Stateful Network Fuzzing as Multi-armed Bandit Problem. In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 345–350.
  20. Jonas Bushart and Christian Rossow. 2023. ResolFuzz: Differential Fuzzing of DNS Resolvers. ESORICS 2023 (2023).
  21. FieldFuzz: Enabling vulnerability discovery in Industrial Control Systems supply chain using stateful system-level fuzzing. https://doi.org/10.48550/ARXIV.2204.13499
  22. Hongjian Cao. 2021. Owfuzz: WiFi Nightmare. https://www.blackhat.com/eu-21/briefings/schedule/#owfuzz-wifi-nightmare-24338
  23. John M Carroll. 1997. Human-computer interaction: psychology as a science of design. Annual review of psychology 48, 1 (1997), 61–83.
  24. Practical byzantine fault tolerance. In OsDI, Vol. 99. 173–186.
  25. Sagar Chaki and Anupam Datta. 2009. ASPIER: An Automated Framework for Verifying Security Protocol Implementations. In 2009 22nd IEEE Computer Security Foundations Symposium. 172–185. https://doi.org/10.1109/CSF.2009.20
  26. SymCerts: Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation Implementations. In 2017 IEEE Symposium on Security and Privacy (SP). 503–520. https://doi.org/10.1109/SP.2017.40
  27. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018. The Internet Society. http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_01A-1_Chen_paper.pdf
  28. Wireless LAN security and IEEE 802.11 i. IEEE Wireless Communications 12, 1 (2005), 27–36.
  29. Evaluating large language models trained on code. arXiv preprint arXiv:2107.03374 (2021).
  30. Exploring Effective Fuzzing Strategies to Analyze Communication Protocols. In Proceedings of the 3rd ACM Workshop on Forming an Ecosystem Around Software Transformation (London, United Kingdom) (FEAST’19). Association for Computing Machinery, New York, NY, USA, 17–23. https://doi.org/10.1145/3338502.3359762
  31. Tyr: Finding consensus failure bugs in blockchain system with behaviour divergent model. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 1186–1201.
  32. Tyr: Finding consensus failure bugs in blockchain system with behaviour divergent model. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 2517–2532.
  33. Cisco. 2022. Cisco Secure Client Data Sheet. https://www.cisco.com/c/en/us/products/collateral/security/anyconnect-secure-mobility-client/secure-mobility-client-ds.html
  34. David Coffield and Doug Shepherd. 1987. Tutorial guide to Unix sockets for network communications. Computer Communications 10, 1 (1987), 21–29.
  35. Douglas E Comer. 2013. Internetworking with TCP/IP. Addison-Wesley Professional.
  36. Mitsubishi Electric Corporation. 2020. GX Works2 - Programmable Controllers MELSEC. https://www.mitsubishielectric.com/fa/products/cnt/plceng/smerit/gx_works2/index.html
  37. Configuration Fuzzing for Software Vulnerability Detection. In 2010 International Conference on Availability, Reliability and Security. 525–530. https://doi.org/10.1109/ARES.2010.22
  38. Inferring OpenVPN State Machines Using Protocol State Fuzzing. In 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). 11–19. https://doi.org/10.1109/EuroSPW.2018.00009
  39. Joeri de Ruiter and Erik Poll. 2015. Protocol State Fuzzing of TLS Implementations. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, Washington, D.C., 193–206. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/de-ruiter
  40. T. Dierks. 2008. RFC5246: The Transport Layer Security (TLS) Protocol Version 1.2. https://www.rfc-editor.org/rfc/rfc5246
  41. Zhengjie Du and Yuekang Li. 2023. HasteFuzz: Full-Speed Fuzzing. In 2023 IEEE/ACM International Workshop on Search-Based and Fuzz Testing (SBFT). IEEE, 73–75.
  42. M. Eddington. 2014. Peach fuzzing platform. Available:http://community.peachfuzzer.com/WhatIsPeach.html
  43. Schneider Electric. 2009. TwidoSuite Programming Software. https://www.se.com/ww/en/download/document/TwidoSuite_V0220_11_SP/
  44. ETSI. 2002. Universal Mobile Telecommunications System (UMTS); Multimedia Messaging Service (MMS); Stage 1 (3GPP TS 22.140 version 5.3.0 Release 5). https://www.etsi.org/deliver/etsi_ts/122100_122199/122140/05.03.00_60/ts_122140v050300p.pdf
  45. Rong Fan and Yaoyao Chang. 2018. Machine Learning for Black-Box Fuzzing of Network Protocols. In Information and Communications Security, Sihan Qing, Chris Mitchell, Liqun Chen, and Dongmei Liu (Eds.). Springer International Publishing, Cham, 621–632.
  46. ICS3Fuzzer: A Framework for Discovering Protocol Implementation Bugs in ICS Supervisory Software by Fuzzing. In ACSAC ’21: Annual Computer Security Applications Conference, Virtual Event, USA, December 6 - 10, 2021. ACM, 849–860. https://doi.org/10.1145/3485832.3488028
  47. Snipuzz: Black-Box Fuzzing of IoT Firmware via Message Snippet Inference. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (Virtual Event, Republic of Korea) (CCS ’21). Association for Computing Machinery, New York, NY, USA, 337–350. https://doi.org/10.1145/3460120.3484543
  48. Analysis of DTLS Implementations Using Protocol State Fuzzing. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2523–2540. https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean
  49. DTLS-Fuzzer: A DTLS Protocol State Fuzzer. In 2022 IEEE Conference on Software Testing, Verification and Validation (ICST). IEEE Computer Society, Los Alamitos, CA, USA, 456–458. https://doi.org/10.1109/ICST53961.2022.00051
  50. Automata-Based Automated Detection of State Machine Bugs in Protocol Implementations.. In NDSS.
  51. A Framework of High-Speed Network Protocol Fuzzing Based on Shared Memory. IEEE Transactions on Dependable and Secure Computing (2023).
  52. Fw-fuzz: A code coverage-guided fuzzing framework for network protocols on firmware. Concurrency and Computation: Practice and Experience 34, 16 (2022), e5756.
  53. BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 1025–1042. https://www.usenix.org/conference/usenixsecurity22/presentation/garbelini
  54. Towards Automated Fuzzing of 4G/5G Protocol Implementations Over the Air. In GLOBECOM 2022 - 2022 IEEE Global Communications Conference. 86–92. https://doi.org/10.1109/GLOBECOM48099.2022.10001673
  55. Greyhound: Directed Greybox Wi-Fi Fuzzing. IEEE Transactions on Dependable and Secure Computing 19, 2 (2022), 817–834. https://doi.org/10.1109/TDSC.2020.3014624
  56. SweynTooth: Unleashing Mayhem over Bluetooth Low Energy. In 2020 USENIX Annual Technical Conference (USENIX ATC 20). USENIX Association, 911–925. https://www.usenix.org/conference/atc20/presentation/garbelini
  57. Pulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols. In Security and Privacy in Communication Networks - 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Vol. 164), Bhavani M. Thuraisingham, XiaoFeng Wang, and Vinod Yegneswaran (Eds.). Springer, 330–347. https://doi.org/10.1007/978-3-319-28865-9_18
  58. Brian Gorenc and Matt Molinyawe. 2014. Blowing up the Celly: Building Your Own SMS/MMS Fuzzer. https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20presentations/DEF%20CON%2022%20-%20Brian-Gorenc-Matt-Molinyawe-Blowing-Up-The-Celly.pdf
  59. Jean Goubault-Larrecq and Fabrice Parrennes. 2005. Cryptographic Protocol Analysis on Real C Code. In Verification, Model Checking, and Abstract Interpretation, Radhia Cousot (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 363–379.
  60. The Open Group. 2018. Single Sign-On. http://www.opengroup.org/security/sso/
  61. Survey of important issues in UAV communication networks. IEEE communications surveys & tutorials 18, 2 (2015), 1123–1152.
  62. Ben Hawkes. 2022. 0day In the Wild. https://googleprojectzero.blogspot.com/p/0day.html
  63. Intelligent Fuzzing Algorithm for 5G NAS Protocol Based on Predefined Rules. In 2022 International Conference on Computer Communications and Networks (ICCCN). 1–7. https://doi.org/10.1109/ICCCN54977.2022.9868872
  64. ToothPicker: Apple Picking in the iOS Bluetooth Stack. In 14th USENIX Workshop on Offensive Technologies (WOOT 20). USENIX Association. https://www.usenix.org/conference/woot20/presentation/heinze
  65. Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs. In 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 627–638. https://doi.org/10.1109/DSN.2017.36
  66. Noncompliance as deviant behavior: An automated black-box noncompliance checker for 4g lte cellular devices. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 1082–1099.
  67. Jana Iyengar and Martin Thomson. 2021. QUIC: A UDP-Based Multiplexed and Secure Transport. RFC 9000. https://doi.org/10.17487/RFC9000
  68. Quality of Experience of VoIP Service: A Survey of Assessment Approaches and Open Issues. IEEE Communications Surveys & Tutorials 14, 2 (2012), 491–513. https://doi.org/10.1109/SURV.2011.120811.00063
  69. Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018. The Internet Society. http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_02A-1_Jero_paper.pdf
  70. Leveraging State Information for Automated Attack Discovery in Transport Protocol Implementations. In 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 1–12. https://doi.org/10.1109/DSN.2015.22
  71. Leveraging Textual Specifications for Grammar-Based Fuzzing of Network Protocols. Proceedings of the AAAI Conference on Artificial Intelligence 33, 01 (Jul. 2019), 9478–9483. https://doi.org/10.1609/aaai.v33i01.33019478
  72. Ru Ji and Meng Xu. 2023. Finding Specification Blind Spots via Fuzz Testing. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 2708–2725.
  73. DNS performance and the effectiveness of caching. In Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement. 153–167.
  74. Jan Jurjens. 2006. Security Analysis of Crypto-based Java Programs using Automated Theorem Provers. In 21st IEEE/ACM International Conference on Automated Software Engineering (ASE’06). 167–176. https://doi.org/10.1109/ASE.2006.60
  75. Jonathan Katz and Ji Sun Shin. 2006. Parallel and concurrent security of the HB and HB+ protocols. In Advances in Cryptology - EUROCRYPT 2006. Springer, 73–87.
  76. Fuzz The Power: Dual-role State Guided Black-box Fuzzing for {{\{{USB}}\}} Power Delivery. In 32nd USENIX Security Symposium (USENIX Security 23). 5845–5861.
  77. Poster: Iotcube: an automated analysis platform for finding security vulnerabilities. In Proceedings of the 38th IEEE Symposium on Poster presented at Security and Privacy.
  78. AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 1043–1060. https://www.usenix.org/conference/usenixsecurity22/presentation/krupp
  79. The Finest Penetration Testing Framework for Software-Defined Networks. https://www.blackhat.com/us-18/briefings/schedule/#the-finest-penetration-testing-framework-for-software-defined-networks--10101
  80. SPIDER: A Practical Fuzzing Framework to Uncover Stateful Performance Issues in SDN Controllers. https://doi.org/10.48550/ARXIV.2209.04026
  81. SNPSFuzzer: A Fast Greybox Fuzzer for Stateful Network Protocols using Snapshots. CoRR abs/2202.03643 (2022). arXiv:2202.03643 https://arxiv.org/abs/2202.03643
  82. Ori: A greybox fuzzer for SOME/IP protocols in automotive Ethernet. In 2020 27th Asia-Pacific Software Engineering Conference (APSEC). IEEE, 495–499.
  83. Vall-nut: Principled Anti-Grey box-Fuzzing. In 2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE). IEEE, 288–299.
  84. Cerebro: context-aware adaptive fuzzing for effective vulnerability detection. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 533–544.
  85. Fuzzing: State of the Art. IEEE Transactions on Reliability 67, 3 (2018), 1199–1218. https://doi.org/10.1109/TR.2018.2834476
  86. Legion: Best-First Concolic Testing. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering (Virtual Event, Australia) (ASE ’20). Association for Computing Machinery, New York, NY, USA, 54–65. https://doi.org/10.1145/3324884.3416629
  87. State Selection Algorithms and Their Impact on The Performance of Stateful Network Protocol Fuzzing. CoRR abs/2112.15498 (2021). arXiv:2112.15498 https://arxiv.org/abs/2112.15498
  88. Fuzzing proprietary protocols of programmable controllers to find vulnerabilities that affect physical control. Journal of Systems Architecture 127 (2022), 102483.
  89. Bleem: Packet Sequence Oriented Fuzzing for Protocol Implementations. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 4481–4498. https://www.usenix.org/conference/usenixsecurity23/presentation/luo-zhengxiong
  90. Polar: Function Code Aware Fuzz Testing of ICS Protocol. ACM Trans. Embed. Comput. Syst. 18, 5s (2019), 93:1–93:22. https://doi.org/10.1145/3358227
  91. ICS Protocol Fuzzing: Coverage Guided Packet Crack and Generation. In 57th ACM/IEEE Design Automation Conference, DAC 2020, San Francisco, CA, USA, July 20-24, 2020. IEEE, 1–6. https://doi.org/10.1109/DAC18072.2020.9218603
  92. LOKI: State-Aware Fuzzing Framework for the Implementation of Blockchain Consensus Protocols. In Proceedings 2023 Network and Distributed System Security Symposium.
  93. BaseSAFE: Baseband SAnitized Fuzzing through Emulation. CoRR abs/2005.07797 (2020). arXiv:2005.07797 https://arxiv.org/abs/2005.07797
  94. The Art, Science, and Engineering of Fuzzing: A Survey. IEEE Transactions on Software Engineering 47, 11 (nov 2021), 2312–2331. https://doi.org/10.1109/TSE.2019.2946563
  95. Eldar Marcussen. 2018. Doona - Network fuzzing tool. Available:https://github.com/wireghoul/doona
  96. B.W. Marsden. 1986. Communication Network Protocols. Chartwell-Bratt. https://books.google.com.hk/books?id=WEeOzgEACAAJ
  97. Parser-Directed Fuzzing. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation (Phoenix, AZ, USA) (PLDI 2019). Association for Computing Machinery, New York, NY, USA, 548–560. https://doi.org/10.1145/3314221.3314651
  98. Extending Automated Protocol State Learning for the 802.11 4-Way Handshake. In Computer Security, Javier Lopez, Jianying Zhou, and Miguel Soriano (Eds.). Springer International Publishing, Cham, 325–345.
  99. Finding Counterexamples of Temporal Logic properties in Software Implementations via Greybox Fuzzing. CoRR abs/2109.02312 (2021). arXiv:2109.02312 https://arxiv.org/abs/2109.02312
  100. Large Language Model guided Protocol Fuzzing. In NDSS. 1–17.
  101. Greybox Fuzzing of Distributed Systems. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (¡conf-loc¿, ¡city¿Copenhagen¡/city¿, ¡country¿Denmark¡/country¿, ¡/conf-loc¿) (CCS ’23). Association for Computing Machinery, New York, NY, USA, 1615–1629. https://doi.org/10.1145/3576915.3623097
  102. Microsoft. 2007. Remote Desktop Protocol: Basic Connectivity and Graphics Remoting. https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/5073f4ed-1e93-45e1-b039-6e30c385867c
  103. An empirical study of the reliability of UNIX utilities. Commun. ACM 33, 12 (1990), 32–44.
  104. Madanlal Musuvathi and Dawson R. Engler. 2004. Model Checking Large Network Protocol Implementations. In Proceedings of the 1st Conference on Symposium on Networked Systems Design and Implementation - Volume 1 (San Francisco, California) (NSDI’04). USENIX Association, USA, 12.
  105. Paul Mutton. 2014. Half a million widely trusted websites vulnerable to Heartbleed bug. https://news.netcraft.com/archives/2014/04/08/half-a-million-widely-trusted-websites-vulnerable-to-heartbleed-bug.html
  106. Roberto Natella. 2022. Stateafl: Greybox fuzzing for stateful network servers. Empirical Software Engineering 27, 7 (2022), 191.
  107. OASIS. 2019. MQTT Version 5.0. https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html
  108. High level synthesis of ROS protocol interpretation and communication circuit for FPGA. In 2019 IEEE/ACM 2nd International Workshop on Robotics Software Engineering (RoSE). IEEE, 33–36.
  109. OMG. 2018. The Real-time Publish-Subscribe Protocol (RTPS) DDS Interoperability Wire Protocol Specification. https://www.omg.org/spec/DDSI-RTPS/2.3/Beta1/PDF
  110. Fatih Ozavci. 2013. VoIP Wars : Return of the SIP. https://media.defcon.org/DEF%20CON%2021/DEF%20CON%2021%20presentations/DEF%20CON%2021%20-%20Ozavci-VoIP-Wars-Return-of-the-SIP.pdf
  111. Automated Attack Synthesis by Extracting Finite State Machines from Protocol Specification Documents. CoRR abs/2202.09470 (2022). arXiv:2202.09470 https://arxiv.org/abs/2202.09470
  112. Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit. https://www.blackhat.com/eu-19/briefings/schedule/#fuzzing-and-exploiting-virtual-channels-in-microsoft-remote-desktop-protocol-for-fun-and-profit-17789
  113. L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing. In 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE Computer Society, Los Alamitos, CA, USA, 343–354. https://doi.org/10.1109/DSN53405.2022.00043
  114. FUME: Fuzzing Message Queuing Telemetry Transport Brokers. In IEEE INFOCOM 2022 - IEEE Conference on Computer Communications. 1699–1708. https://doi.org/10.1109/INFOCOM48880.2022.9796755
  115. aBBRate: Automating BBR Attack Exploration Using a Model-Based Approach. In 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX Association, San Sebastian, 225–240. https://www.usenix.org/conference/raid2020/presentation/peterson
  116. AFLNET: A Greybox Fuzzer for Network Protocols. In 13th IEEE International Conference on Software Testing, Validation and Verification, ICST 2020, Porto, Portugal, October 24-28, 2020. IEEE, 460–465. https://doi.org/10.1109/ICST46399.2020.00062
  117. Smart greybox fuzzing. IEEE Transactions on Software Engineering 47, 9 (2019), 1980–1997.
  118. So Many Fuzzers, So Little Time⁢: Experience from Evaluating Fuzzers on the Contiki-NG Network (Hay) Stack. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering. 1–12.
  119. OpenSSL Project. 2022. OpenSSL. Available:https://github.com/openssl/openssl
  120. NSFuzz: Towards Efficient and State-Aware Network Service Fuzzing. ACM Transactions on Software Engineering and Methodology (2023).
  121. BadMesher: New Attack Surfaces of Wi-Fi Mesh Network. https://www.blackhat.com/eu-21/briefings/schedule/#badmesher-new-attack-surfaces-of-wi-fi-mesh-network-24181
  122. NGUYEN Anh Quynh and DANG Hoang Vu. 2015. Unicorn: Next generation cpu emulator framework. BlackHat USA 476 (2015).
  123. Continuous Security Testing: A Case Study on Integrating Dynamic Security Testing Tools in CI/CD Pipelines. In 2020 IEEE 24th International Enterprise Distributed Object Computing Conference (EDOC). 145–154. https://doi.org/10.1109/EDOC49727.2020.00026
  124. Gaganjeet Singh Reen and Christian Rossow. 2020. DPIFuzz: A Differential Fuzzing Framework to Detect DPI Elusion Strategies for QUIC. In Annual Computer Security Applications Conference (Austin, USA) (ACSAC ’20). Association for Computing Machinery, New York, NY, USA, 332–344. https://doi.org/10.1145/3427228.3427662
  125. Z-Fuzzer: device-agnostic fuzzing of Zigbee protocol implementation. In WiSec ’21: 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Abu Dhabi, United Arab Emirates, 28 June - 2 July, 2021, Christina Pöpper, Mathy Vanhoef, Lejla Batina, and René Mayrhofer (Eds.). ACM, 347–358. https://doi.org/10.1145/3448300.3468296
  126. E. Rescorla. 2012. RFC6347: Datagram Transport Layer Security Version 1.2. https://datatracker.ietf.org/doc/html/rfc6347
  127. Very Pwnable Network: Cisco AnyConnect Security Analysis. In 2021 IEEE Conference on Communications and Network Security (CNS). 56–64. https://doi.org/10.1109/CNS53000.2021.9705023
  128. Daniel Romero and Mario Rivas. 2019. Why you should fear your ’mundane’ office equipment. https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/DEFCON-27-Daniel-Romero-and-Mario-Rivas-Why-you-should-fear-your-mundane-office.pdf
  129. Christian Rossow. 2014. Amplification Hell: Revisiting Network Protocols for DDoS Abuse.. In NDSS. 1–15.
  130. Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 19–36. https://www.usenix.org/conference/usenixsecurity20/presentation/ruge
  131. Konstantinos Sagonas and Thanasis Typaldos. 2023. EDHOC-Fuzzer: An EDHOC Protocol State Fuzzer. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. 1495–1498.
  132. KleeNet: Automatic Bug Hunting in Sensor Network Applications. In Proceedings of the 6th ACM Conference on Embedded Network Sensor Systems (Raleigh, NC, USA) (SenSys ’08). Association for Computing Machinery, New York, NY, USA, 425–426. https://doi.org/10.1145/1460412.1460485
  133. A Framework to Test and Fuzz Wi-Fi Devices. In Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (Abu Dhabi, United Arab Emirates) (WiSec ’21). Association for Computing Machinery, New York, NY, USA, 368–370. https://doi.org/10.1145/3448300.3468261
  134. Nyx-Net: Network Fuzzing with Incremental Snapshots. In Proceedings of the Seventeenth European Conference on Computer Systems (Rennes, France) (EuroSys ’22). Association for Computing Machinery, New York, NY, USA, 166–180. https://doi.org/10.1145/3492321.3519591
  135. {{\{{AddressSanitizer}}\}}: A Fast Address Sanity Checker. In 2012 USENIX Annual Technical Conference (USENIX ATC 12). 309–318.
  136. Konstantin Serebryany and Timur Iskhodzhanov. 2009. ThreadSanitizer: data race detection in practice. In Proceedings of the workshop on binary instrumentation and applications. 62–71.
  137. Eric Sesterhenn and Martin J. Muench. 2013. Bruteforce Exploit Detector. Available:https://gitlab.com/kalilinux/packages/bed
  138. MoSSOT: An Automated Blackbox Tester for Single Sign-On Vulnerabilities in Mobile Applications. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security (Auckland, New Zealand) (Asia CCS ’19). Association for Computing Machinery, New York, NY, USA, 269–282. https://doi.org/10.1145/3321705.3329801
  139. Bluetooth SIG. 2016. Bluetooth Core Specifications. https://www.bluetooth.com/specifications/bluetooth-core-specification
  140. FlowFuzz: A Framework for Fuzzing OpenFlow-enabled Software and Hardware Switches. https://www.blackhat.com/us-17/briefings/schedule/#flowfuzz---a-framework-for-fuzzing-openflow-enabled-software-and-hardware-switches-7642
  141. Designing and Applying Extensible RF Fuzzing Tools to Expose PHY Layer Vulnerabilities. https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/DEFCON-26-Matt-Knight-and-Ryan-Speers-Designing-RF-Fuzzing-Tools-to-Expose-PHY-Layer-Vulns-Updated.pdf
  142. Juraj Somorovsky. 2016. Systematic Fuzzing and Testing of TLS Libraries. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vienna, Austria) (CCS ’16). Association for Computing Machinery, New York, NY, USA, 1492–1504. https://doi.org/10.1145/2976749.2978411
  143. SoK: Sanitizing for security. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 1275–1295.
  144. SymbexNet: Testing Network Protocol Implementations with Symbolic Execution and Rule-Based Specifications. IEEE Transactions on Software Engineering 40, 7 (2014), 695–709. https://doi.org/10.1109/TSE.2014.2323977
  145. Automotive Ethernet Fuzzing: From Purchasing ECU to SOME/IP Fuzzing. https://forum.defcon.org/node/242347
  146. Evgeniy Stepanov and Konstantin Serebryany. 2015. MemorySanitizer: fast detector of uninitialized memory use in C++. In 2015 IEEE/ACM International Symposium on Code Generation and Optimization (CGO). IEEE, 46–55.
  147. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016. The Internet Society. http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/driller-augmenting-fuzzing-through-selective-symbolic-execution.pdf
  148. The Closer You Look, The More You Learn: A Grey-box Approach to Protocol State Machine Learning. CoRR abs/2106.02623 (2021). arXiv:2106.02623 https://arxiv.org/abs/2106.02623
  149. Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications.. In NDSS.
  150. Improving the Cost-Effectiveness of Symbolic Testing Techniques for Transport Protocol Implementations under Packet Dynamics. In Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis (Santa Barbara, CA, USA) (ISSTA 2017). Association for Computing Machinery, New York, NY, USA, 79–89. https://doi.org/10.1145/3092703.3092706
  151. Scalably Testing Congestion Control Algorithms of Real-World TCP Implementations. In 2018 IEEE International Conference on Communications (ICC). 1–7. https://doi.org/10.1109/ICC.2018.8422949
  152. Model-Agnostic and Efficient Exploration of Numerical State Space of Real-World TCP Congestion Control Implementations. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19). USENIX Association, Boston, MA, 719–734. https://www.usenix.org/conference/nsdi19/presentation/sun
  153. Zhili Sun. 2005. Satellite networking: Principles and protocols. John Wiley & Sons.
  154. Sequence to sequence learning with neural networks. Advances in neural information processing systems 27 (2014).
  155. Inc. Synopsys. 2014. Heartbleed Vulnerability. Available:https://heartbleed.com/
  156. Stephen M Trimberger and Jason J Moore. 2014. FPGA security: Motivations, features, and applications. Proc. IEEE 102, 8 (2014), 1248–1265.
  157. Semi-Valid Input Coverage for Fuzz Testing. In Proceedings of the 2013 International Symposium on Software Testing and Analysis (Lugano, Switzerland) (ISSTA 2013). Association for Computing Machinery, New York, NY, USA, 56–66. https://doi.org/10.1145/2483760.2483787
  158. Mathy Vanhoef. 2017. WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake. https://www.blackhat.com/us-17/briefings/schedule/#wifuzz-detecting-and-exploiting-logical-flaws-in-the-wi-fi-cryptographic-handshake-6827
  159. Andreas Walz and Axel Sikora. 2017. Exploiting dissent: towards fuzzing-based differential black-box testing of TLS implementations. IEEE Transactions on Dependable and Secure Computing 17, 2 (2017), 278–291.
  160. Andreas Walz and Axel Sikora. 2020. Exploiting Dissent: Towards Fuzzing-Based Differential Black-Box Testing of TLS Implementations. IEEE Transactions on Dependable and Secure Computing 17, 2 (2020), 278–291. https://doi.org/10.1109/TDSC.2017.2763947
  161. Skyfire: Data-driven seed generation for fuzzing. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 579–594.
  162. MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols. In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 4205–4222. https://www.usenix.org/conference/usenixsecurity21/presentation/wang-qinying
  163. Zhuzhu Wang and Ying Wang. 2023. NLP-based Cross-Layer 5G Vulnerabilities Detection via Fuzzing Generated Run-Time Profiling. arXiv preprint arXiv:2305.08226 (2023).
  164. Huiyu Wu and Yuxiang Li. 2021. X-in-the-Middle: Attacking Fast Charging Piles and Electric Vehicles. https://www.blackhat.com/asia-21/briefings/schedule/#x-in-the-middle-attacking-fast-charging-piles-and-electric-vehicles--22055
  165. LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 339–356. https://www.usenix.org/conference/usenixsecurity21/presentation/wu-jianliang
  166. WIFI-Important Remote Attack Surface: Threat is Expanding. https://www.blackhat.com/asia-20/briefings/schedule/#wifi-important-remote-attack-surface-threat-is-expanding-18784
  167. BrokenMesh: New Attack Surfaces of Bluetooth Mesh. https://www.blackhat.com/us-22/briefings/schedule/#brokenmesh-new-attack-surfaces-of-bluetooth-mesh-26853
  168. Finding Consensus Bugs in Ethereum via Multi-transaction Differential Fuzzing. In 15th USENIX Symposium on Operating Systems Design and Implementation (OSDI 21). USENIX Association, 349–365. https://www.usenix.org/conference/osdi21/presentation/yang
  169. On Using Grey Literature and Google Scholar in Systematic Literature Reviews in Software Engineering. IEEE Access 8 (2020), 36226–36243. https://doi.org/10.1109/ACCESS.2020.2971712
  170. The Data Distribution Service (DDS) Protocol is Critical Let’s Use it Securely! https://www.blackhat.com/eu-21/briefings/schedule/#the-data-distribution-service-dds-protocol-is-critical-lets-use-it-securely-24934
  171. Poster: Fuzzing IoT Firmware via Multi-Stage Message Generation. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (London, United Kingdom) (CCS ’19). Association for Computing Machinery, New York, NY, USA, 2525–2527. https://doi.org/10.1145/3319535.3363247
  172. CGFuzzer: A Fuzzing Approach Based on Coverage-Guided Generative Adversarial Networks for Industrial IoT Protocols. IEEE Internet of Things Journal 9, 21 (2022), 21607–21619. https://doi.org/10.1109/JIOT.2022.3183952
  173. {{\{{QSYM}}\}}: A practical concolic execution engine tailored for hybrid fuzzing. In 27th USENIX Security Symposium (USENIX Security 18). 745–761.
  174. Michal Zalewski. 2015. American fuzzy lop. https://github.com/google/AFL
  175. zardus. 2019. Preeny: Some helpful preload libraries for pwning stuff. https://github.com/zardus/preeny
  176. Understanding large language model based fuzz driver generation. arXiv preprint arXiv:2307.12469 (2023).
  177. BIFF: PRactical binary fuzzing framework for programs of IoT and mobile devices. In 2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 1161–1165.
  178. Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation. In 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023, Joseph A. Calandrino and Carmela Troncoso (Eds.). USENIX Association, 2867–2884. https://www.usenix.org/conference/usenixsecurity23/presentation/zhang-cen
  179. {{\{{APICraft}}\}}: Fuzz Driver Generation for Closed-source {{\{{SDK}}\}} Libraries. In 30th USENIX Security Symposium (USENIX Security 21). 2811–2828.
  180. Fuzzing Configurations of Program Options. ACM Trans. Softw. Eng. Methodol. 32, 2, Article 53 (mar 2023), 21 pages. https://doi.org/10.1145/3580597
  181. SeqFuzzer: An Industrial Protocol Fuzzing Framework from a Deep Learning Perspective. In 12th IEEE Conference on Software Testing, Validation and Verification, ICST 2019, Xi’an, China, April 22-27, 2019. IEEE, 59–67. https://doi.org/10.1109/ICST.2019.00016
  182. Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. 417–428.
  183. Yaowen Zheng and Limin Sun. 2022. IPSpex: Enabling Efficient Fuzzing via Specification Extraction on ICS Protocol. In Applied Cryptography and Network Security: 20th International Conference, ACNS 2022, Rome, Italy, June 20–23, 2022, Proceedings, Vol. 13269. Springer Nature, 356.
  184. Fuzzing: A Survey for Roadmap. ACM Comput. Surv. (jan 2022). https://doi.org/10.1145/3512345 Just Accepted.
  185. Generating Comprehensive Data with Protocol Fuzzing for Applying Deep Learning to Detect Network Attacks. CoRR abs/2012.12743 (2020). arXiv:2012.12743 https://arxiv.org/abs/2012.12743
  186. TCP-Fuzz: Detecting Memory and Semantic Bugs in TCP Stacks with Fuzzing. In 2021 USENIX Annual Technical Conference (USENIX ATC 21). USENIX Association, 489–502. https://www.usenix.org/conference/atc21/presentation/zou
  187. Vulnerability Detection of ICS Protocols via Cross-State Fuzzing. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 41, 11 (2022), 4457–4468. https://doi.org/10.1109/TCAD.2022.3201471
  188. PAVFuzz: State-Sensitive Fuzz Testing of Protocols in Autonomous Vehicles. 2021 58th ACM/IEEE Design Automation Conference (DAC) (2021), 823–828.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (11)
  1. Xiaohan Zhang (78 papers)
  2. Cen Zhang (69 papers)
  3. Xinghua Li (17 papers)
  4. Zhengjie Du (2 papers)
  5. Yuekang Li (34 papers)
  6. Yaowen Zheng (9 papers)
  7. Yeting Li (9 papers)
  8. Yang Liu (2253 papers)
  9. Robert H. Deng (18 papers)
  10. Bing Mao (9 papers)
  11. Li Pan (25 papers)
Citations (4)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now