A Survey of Protocol Fuzzing

被引：0

作者：

Zhang, Xiaohan ^{[1
,2
,3
]}

Zhang, Cen ^{[4
]}

Li, Xinghua ^{[1
,2
,3
]}

Du, Zhengjie ^{[5
]}

Mao, Bing ^{[5
]}

Li, Yuekang ^{[4
]}

Zheng, Yao wen ^{[4
]}

Li, Yeting ^{[6
]}

Pan, Li ^{[7
]}

Liu, Yang ^{[4
]}

Deng, Robert ^{[8
]}

机构：

[1] Minist Educ, State Key Lab Integrated Serv Networks, Xian, Peoples R China

[2] Minist Educ, Engn Res Ctr Big Data Secur, Xian, Peoples R China

[3] Xidian Univ, Sch Cyber Engn, Xian, Peoples R China

[4] Nanyang Technol Univ, Singapore, Singapore

[5] Nanjing Univ, Nanjing, Peoples R China

[6] Chinese Acad Sci, Inst Informat Engn, Beijing, Peoples R China

[7] Shanghai Jiao Tong Univ, Shanghai, Peoples R China

[8] Singapore Management Univ, Singapore, Singapore

来源：

ACM COMPUTING SURVEYS | 2025年 / 57卷 / 02期

基金：

新加坡国家研究基金会; 中国国家自然科学基金;

关键词：

Protocol; fuzz testing; security; NETWORK PROTOCOL; SYMBOLIC EXECUTION; STATE; IMPLEMENTATIONS; SECURITY;

D O I：

10.1145/3696788

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Communication protocols form the bedrock of our interconnected world, yet vulnerabilities within their implementations pose significant security threats. Recent developments have seen a surge in fuzzing-based research dedicated to uncovering these vulnerabilities within protocol implementations. However, there still lacks a systematic overview of protocol fuzzing for answering the essential questions such as what the unique challenges are, how existing works solve them, and so on. To bridge this gap, we conducted a comprehensive investigation of related works from both academia and industry. Our study includes a detailed summary of the specific challenges in protocol fuzzing and provides a systematic categorization and overview of existing research efforts. Furthermore, we explore and discuss potential future research directions in protocol fuzzing.

引用

页数：36

共 50 条

[31] Green-Fuzz: Efficient Fuzzing for Network Protocol Implementations
Andarzian, Seyed Behnam
Daniele, Cristian
Poll, Erik
FOUNDATIONS AND PRACTICE OF SECURITY, PT I, FPS 2023, 2024, 14551 : 253 - 268
[32] A Vulnerability Mining System Based on Fuzzing for IEC 61850 Protocol
Tu, Tengfei
Zhang, Hua
Qin, Boqin
Chen, Zhuo
PROCEEDINGS OF THE 2017 5TH INTERNATIONAL CONFERENCE ON FRONTIERS OF MANUFACTURING SCIENCE AND MEASURING TECHNOLOGY (FMSMT 2017), 2017, 130 : 589 - 597
[33] Inferring OpenVPN State Machines Using Protocol State Fuzzing
Daniel, Lesly-Ann
de Ruiter, Joeri
Poll, Erik
2018 3RD IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2018), 2018, : 11 - 19
[34] MSGFuzzer: Message Sequence Guided Industrial Robot Protocol Fuzzing
Zhang, Yang
Fang, Dongliang
Liu, Puzhuo
Xi, Laile
Lu, Xiao
Chen, Xin
Si, Shuaizong
Sun, Limin
2024 IEEE CONFERENCE ON SOFTWARE TESTING, VERIFICATION AND VALIDATION, ICST 2024, 2024, : 140 - 150
[35] GANFuzz: A GAN-based industrial network protocol fuzzing framework
Hu, Zhicheng
Shi, Jianqi
Huang, YanHong
Xiong, Jiawen
Bu, Xiangxing
2018 ACM INTERNATIONAL CONFERENCE ON COMPUTING FRONTIERS, 2018, : 138 - 145
[36] Grammar-based Adaptive Fuzzing: Evaluation on SCADA Modbus Protocol
Yoo, Hyunguk
Shon, Taeshik
2016 IEEE INTERNATIONAL CONFERENCE ON SMART GRID COMMUNICATIONS (SMARTGRIDCOMM), 2016,
[37] Robustness Evaluation of Cyber Physical Systems through Network Protocol Fuzzing
Ananda, Tulasi K.
Simran, Gitanjali T.
Sukumara, T.
Sasikala, D.
Kumar, Ramakanth P.
PROCEEDINGS OF THE 2019 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING & COMMUNICATION ENGINEERING (ICACCE-2019), 2019,
[38] Fuzzing frameworks for server-side web applications: a survey
Dharmaadi, I. Putu Arya
Athanasopoulos, Elias
Turkmen, Fatih
INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2025, 24 (02)
[39] Fuzzing vulnerability discovery techniques: Survey, challenges and future directions
Beaman, Craig
Redbourne, Michael
Mummery, J. Darren
Hakak, Saqib
COMPUTERS & SECURITY, 2022, 120
[40] SeqFuzzer: An Industrial Protocol Fuzzing Framework from a Deep Learning Perspective
Zhao, Hui
Li, Zhihui
Wei, Hansheng
Shi, Jianqi
Huang, Yanhong
2019 IEEE 12TH CONFERENCE ON SOFTWARE TESTING, VALIDATION AND VERIFICATION (ICST 2019), 2019, : 59 - 67

← 1 2 3 4 5 →