AFLNeTrans:Fuzzing of Protocols with State Relationship Awareness
Network protocols are essential components of modern communication systems,and the security testing of their implementation programs is of great importance.Fuzzing has become the mainstream method for modern vulnerability discovery,and has achieved great success in the field of software security.Traditional fuzzing still has some problems in testing network protocol implementation programs.First,since different states in network protocol implementation programs correspond to different codes,the code coverage used in traditional gray-box fuzzing cannot accurately represent the internal state of network protocol implementation programs.Second,the state guidance mechanism in existing gray-box network protocol fuzzers depends on code coverage,which cannot effectively mine the state relationships in those programs.To address the above problems,this paper proposed AFLNeTrans,a fuzzer that guides the fuzzing process by both protocol state relationships and program code coverage to improve the fuzzing effect.AFLNeTrans used state relationships as the main guidance mechanism to guide fuzzing to quickly explore more state space of network protocol implementation programs.AFLNeTrans was evaluated on a benchmark of well-known protocol fuzzers.Experimental results show that AFLNeTrans has a significant increase in the number of state transitions found,and also has an improvement in code coverage and unique_crash number compared to existing tools.
万方数据
维普
