SGPFuzzer: A State-Driven Smart Graybox Protocol Fuzzer for Network Protocol Implementations

Yingchao Yu; Zuoning Chen; Shuitao Gan; Xiaofeng Wang

doi:10.1109/ACCESS.2020.3025037

IEEE Access (Jan 2020)

SGPFuzzer: A State-Driven Smart Graybox Protocol Fuzzer for Network Protocol Implementations

Yingchao Yu,
Zuoning Chen,
Shuitao Gan,
Xiaofeng Wang

Affiliations

Yingchao Yu: ORCiD; State Key Laboratory of Mathematical Engineering and Advanced Computing, Wuxi, China
Zuoning Chen: Chinese Academy of Engineering, Beijing, China
Shuitao Gan: ORCiD; State Key Laboratory of Mathematical Engineering and Advanced Computing, Wuxi, China
Xiaofeng Wang: ORCiD; School of Artificial Intelligence and Computer Science, Jiangnan University, Wuxi, China

DOI: https://doi.org/10.1109/ACCESS.2020.3025037
Journal volume & issue: Vol. 8
pp. 198668 – 198678

Abstract

Read online

As one of the most widely used technologies in software testing, fuzzing technology has been applied to network protocol vulnerability detection, and various network protocol fuzzers have been proposed. In this study, we first analyze and summarize some typical network protocol fuzzers to highlight the challenges when addressing stateful network protocol fuzzing. Then, a state-driven smart graybox protocol fuzzer (SGPFuzzer) is proposed to deal with these challenges. Finally, we evaluate SGPFuzzer on two widely used protocol implementations (LightFTP and tinyDTLS).The results show that SGPFuzzer outperforms Boofuzz and AFL in path coverage, unique crashes and the first time crash to crash, and it triggers a known bug which can't be trigged by the other two tools, fully proving its effectiveness and practicability.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords