A Survey of Protocol Fuzzing

被引：0

作者：

Zhang, Xiaohan ^{[1
,2
,3
]}

Zhang, Cen ^{[4
]}

Li, Xinghua ^{[1
,2
,3
]}

Du, Zhengjie ^{[5
]}

Mao, Bing ^{[5
]}

Li, Yuekang ^{[4
]}

Zheng, Yao wen ^{[4
]}

Li, Yeting ^{[6
]}

Pan, Li ^{[7
]}

Liu, Yang ^{[4
]}

Deng, Robert ^{[8
]}

机构：

[1] Minist Educ, State Key Lab Integrated Serv Networks, Xian, Peoples R China

[2] Minist Educ, Engn Res Ctr Big Data Secur, Xian, Peoples R China

[3] Xidian Univ, Sch Cyber Engn, Xian, Peoples R China

[4] Nanyang Technol Univ, Singapore, Singapore

[5] Nanjing Univ, Nanjing, Peoples R China

[6] Chinese Acad Sci, Inst Informat Engn, Beijing, Peoples R China

[7] Shanghai Jiao Tong Univ, Shanghai, Peoples R China

[8] Singapore Management Univ, Singapore, Singapore

来源：

ACM COMPUTING SURVEYS | 2025年 / 57卷 / 02期

基金：

新加坡国家研究基金会; 中国国家自然科学基金;

关键词：

Protocol; fuzz testing; security; NETWORK PROTOCOL; SYMBOLIC EXECUTION; STATE; IMPLEMENTATIONS; SECURITY;

D O I：

10.1145/3696788

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Communication protocols form the bedrock of our interconnected world, yet vulnerabilities within their implementations pose significant security threats. Recent developments have seen a surge in fuzzing-based research dedicated to uncovering these vulnerabilities within protocol implementations. However, there still lacks a systematic overview of protocol fuzzing for answering the essential questions such as what the unique challenges are, how existing works solve them, and so on. To bridge this gap, we conducted a comprehensive investigation of related works from both academia and industry. Our study includes a detailed summary of the specific challenges in protocol fuzzing and provides a systematic categorization and overview of existing research efforts. Furthermore, we explore and discuss potential future research directions in protocol fuzzing.

引用

页数：36

共 50 条

[21] Fuzzing attacks for vulnerability discovery within MQTT protocol
Casteur, G.
Aubaret, A.
Blondeau, B.
Clouet, V.
Quemat, A.
Pical, V.
Zitouni, R.
2020 16TH INTERNATIONAL WIRELESS COMMUNICATIONS & MOBILE COMPUTING CONFERENCE, IWCMC, 2020, : 420 - 425
[22] Advancing Protocol Fuzzing for Industrial Automation and Control Systems
Pfrang, Steffen
Meier, David
Friedrich, Michael
Beyerer, Juergen
ICISSP: PROCEEDINGS OF THE 4TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY, 2018, : 570 - 580
[23] Analysis of DTLS Implementations Using Protocol State Fuzzing
Fiterau-Brostean, Paul
Jonsson, Bengt
Merget, Robert
de Ruiter, Joeri
Sagonas, Konstantinos
Somorovsky, Juraj
PROCEEDINGS OF THE 29TH USENIX SECURITY SYMPOSIUM, 2020, : 2523 - 2540
[24] IKEv2 Protocol Fuzzing Test on simulated ASA
Cui, Yanpeng
Yu, T.
Hu, Jianwei
2018 IEEE INTERNATIONAL CONFERENCE ON SMART INTERNET OF THINGS (SMARTIOT 2018), 2018, : 111 - 116
[25] An adaptive fuzzing method based on transformer and protocol similarity mutation
Wang, Wenpeng
Chen, Zhixiang
Zheng, Ziyang
Wang, Hui
COMPUTERS & SECURITY, 2023, 129
[26] Fuzzing Technology Based on Information Theory for Industrial Proprietary Protocol
Che, Xin
Geng, Yangyang
Zhang, Ge
Wang, Mufeng
ELECTRONICS, 2023, 12 (14)
[27] SPFuzz: A Hierarchical Scheduling Framework for Stateful Network Protocol Fuzzing
Song, Congxi
Yu, Bo
Zhou, Xu
Yang, Qiang
IEEE ACCESS, 2019, 7 : 18490 - 18499
[28] Implementation of the CAN-FD Protocol in the Fuzzing Tool beSTORM
Nishimura, Ryosuke
Kurachi, Ryo
Ito, Kazumasa
Miyasaka, Takashi
Yamamoto, Masaki
Mishima, Miwako
2016 IEEE INTERNATIONAL CONFERENCE ON VEHICULAR ELECTRONICS AND SAFETY (ICVES), 2016, : 1 - 6
[29] A Guided Fuzzing Approach for Security Testing of Network Protocol Software
Cai, Jun
Zou, Peng
Xiong, Dapeng
He, Jun
PROCEEDINGS OF 2015 6TH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND SERVICE SCIENCE, 2015, : 726 - 729
[30] ICS Protocol Fuzzing: Coverage Guided Packet Crack and Generation
Luo, Zhengxiong
Zuo, Feilong
Shen, Yuheng
Jiao, Xun
Chang, Wanli
Jiang, Yu
PROCEEDINGS OF THE 2020 57TH ACM/EDAC/IEEE DESIGN AUTOMATION CONFERENCE (DAC), 2020,

← 1 2 3 4 5 →