Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (12): 71-78.doi: 10.11896/jsjkx.231000018

• Computer Software • Previous Articles     Next Articles

SSFuzz:State-sensitive Greybox Fuzzing for Network Protocol Services

LIN Jiahan, RAN Meng, PENG Jianshan   

  1. School of Cyberspace Security, Information Engineering University, Zhengzhou 450001, China
  • Received:2023-10-07 Revised:2024-03-05 Online:2024-12-15 Published:2024-12-10
  • About author:LIN Jiahan,born in 2000,postgraduate.His main research interests include software automated testing and reverse engineering.
    PENG Jianshan,born in 1979,Ph.D,associate professor,master supervisor.His main research interests include cyber security and software automated testing.
  • Supported by:
    Henan Province Science and Technology Major Project(221100240100).

PDF (PC)

213

Abstract: The vulnerability of network protocol services,as the interface for personal devices to interact with the Internet,poses a serious threat to users’ privacy and information security.The state-of-the-art network protocol grey-box fuzzy testing tools introduce state feedback on the basis of code coverage,which further filters effective variant seeds by analysing the state information of network protocol services.However,different fuzz testing tools have different definitions of network protocol service state,e.g.,AFLNET extracts state by analysing the contents of server response packets,and StateAFL defines long-lived memory as program state.For state collection,SGFuzz identifies assignment statements of state variables and inserts stakes by analysing Enum type data definitions.However,SGFuzz cannot identify the indirect assignment statements of state variables,and the identification of state variables is not comprehensive.Meanwhile,when constructing state machines,different fuzzy testing techniques have different definitions of state machine nodes,making it difficult to use multiple state collection strategies on the same fuzzy testing tool at the same time.In addition,in terms of experimental design,existing schemes tend to compare the code cove-rage situation over the same period of time.However,the growth of code coverage is affected by various factors,such as throughput,seed screening strategies,etc.Code coverage experiments within the same time are suitable for comparison between different fuzzy testing tools,not for improvement experiments of individual modules in them.In this paper,we propose SSFuzz.Specifically,SSFuzz first investigates the state-variable based staking approach,which identifies the indirect assignment method of state-variable assignment based on the abstract syntax tree information during the code compilation process,and is able to stake state-variable assignment statements more accurately.Secondly,SSFuzz defines the state machine for guiding state screening,which is able to facilitate the co-construction of state machines by different state feedback strategies.Experiments show that SSFuzz enables staking of most network protocol services,and compared to SGFuzz,indirect assignment statements.In addition,we discuss experimental methods suitable for evaluating the effectiveness of state machines and demonstrate that SSFuzz is able to achieve higher path coverage with a smaller number of test samples.

Key words: Network protocol, Fuzzing, Program instrument, Statement feedback

CLC Number: 

  • TP309.1
[1]CHEN Y R,LAN T,VENKATARAMANI G.Exploring Effective Fuzzing Strategies to Analyze Communication Protocols[C]//Proceedings of the 3rd ACM Workshop on Forming an Ecosystem Around Software Transformation.2019:17-23.
[2]American fuzzy lop(afl) fuzzer[EB/OL].http://lcamtuf.coredump.cx/afl/technical details.txt.
[3]SCHUMILO S,CORNELIUS A,ALI A,et al.Nyx:Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types[C]//USENIX Security Symposium.2021:2597-2614.
[4]QIN S S,HU F,MA Z Y,et al.NSFuzz:Towards Efficient and State-Aware Network Service Fuzzing[J].ACM Transactions on Software Engineering and Methodology,2023,32(6):1-26.
[5]ANDRONIDIS A,CADAR C.SnapFuzz:high-throughput fuz-zing of network applications[C]//Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis.2022:340-351.
[6]LI J Q,LI S Y,SUN G,et al.SNPSFuzzer:A Fast Greybox Fuzzer for Stateful Network Protocols Using Snapshots[J].IEEE Transactions on Information Forensics and Security,2022,17:2673-2687.
[7]VAN-THUAN P,BÖHME M,ROYCHOUDHURY A.AFL-NET:A Greybox Fuzzer for Network Protocols[C]//2020 IEEE 13th International Conference on Software Testing,Validation and Verification(ICST).2020.
[8]BA J S,BÖHME M,MIRZAMOMEN Z,et al.Stateful Greybox Fuzzing.[J].arXiv:2204.02545,2022.
[9]MARIA L P,MAX V H,BEN W,et al.Automated Attack Synthesis by Extracting Finite State Machines from Protocol Specification Documents[C]//2022 IEEE Symposium on Security and Privacy.2022:51-68.
[10]Boofuzz:A fork and successor of the sulley fuzzing framework[EB/OL].https://github.com/jtpereyda/boofuzz.
[11]Peach Fuzzer Platform[EB/OL].http://www.peachfuzzer.com/products/peach-platform.
[12]Sulley:A pure-python fully automated and unattended fuzzing framework[EB/OL].https://github.com/OpenRCE/sulley.
[13]SHE D D,KRISHNA R,YAN L,et al.MTFuzz:Fuzzing with a Multi-Task Neural Network[C]//Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering.2020:737-749.
[14]ZONG P Y,LV T,WANG D W,et al.FuzzGuard:Filtering out Unreachable Inputs in Directed Grey-Box Fuzzing through Deep Learning[C]//USENIX Security Symposium.2020:2255-2269.
[15]LIU S H,MAHAR S,RAY B,et al.PMFuzz:Test Case Generation for Persistent Memory Programs[C]//Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems.2021:487-502.
[16]LUO Z X,ZUO F L,SHEN Y H,et al.ICS Protocol Fuzzing:Coverage Guided Packet Crack and Generation[C]//2020 57th ACM/IEEE Design Automation Conference.2020:1-6.
[17]ARAUJO R,LUIS G,DANIEL M B.Program-Aware Fuzzing for MQTT Applications[C]//Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis.2020:582-586.
[18]ZUO F L,LUO Z X,YU J Z,et al.PAVFuzz:State-Sensitive Fuzz Testing of Protocols in Autonomous Vehicles[C]//2021 58th ACM/IEEE Design Automation Conference.2021:823-828.
[19]FITERAU-BROSTEAN P,JONSSON B,MERGET R,et al.Analysis of DTLS Implementa-tions Using Protocol State Fuz-zing[C]//USENIX Security Symposium.2020:2523-2540.
[20]LI X Y,PAN X J,SUN Y B.PS-Fuzz:Efficient Graybox Firmware Fuzzing Based on Protocol State[J].Journal on Artificial Intelligence,2021(1):21-31.
[21]ROBERTO N.StateAFL:Greybox fuzzing for stateful network servers[J].Empirical Software Engineering,2021,27:1-31.
[22]CANAN A,KARAKAYA U.SP-Fuzzy Soft Ideals in Semi-groups[J].Turkish Journal of Mathematics and Computer Science,2018,10:22-32.
[23]KHANDAIT P,HUBBALLI N,MAZUMDAR B.IoT Hunter:IoT network traffic classification using device specific keywords[J].IET Networks,2021,10:59-75.
[24]ZHAO J J,CHEN S L,LIANG S R,et al.RFSM-Fuzzing a Smart Fuzzing Algorithm Based on Regression FSM[C]//2013 Eighth International Conference on P2P,Parallel,Grid,Cloud and Internet Computing.2013:380-386.
[25]PENG H,SHOSHITAISHVILI Y,PAYER M.T-Fuzz:Fuzzing by Program Transformation[C]//2018 IEEE Symposium on Security and Privacy.2018:697-710.
[26]KITAGAWA K,HANAOKA M,KONO K.AspFuzz:A state-aware protocol fuzzer based on application-layer protocols[C]//The IEEE Symposium on Computers and Communications.2010:202-208.
[27]GORBUNOV S,ROSENBLOOM A.AutoFuzz:Auto-matedNetwork Protocol Fuzzing Framework[J].International Journal of Computer Science and Network Secrity,2010,10(8):239-245.
[28]HERRERA A,PAYER M,HOSKING A L.DataFLow:Toward a Data-flow-guided Fuzzer[J].ACM Transactions on Software Engineering and Methodology,2023,32:1-31.
[29]MANTOVANI A,FIORALDI A,BALZAROTTI D.Fuzzingwith Data Dependency Information[C]//2022 IEEE 7th European Symposium on Security and Privacy.2022:286-302.
[30]NATELLA R,VAN-THUAN P.ProFuzzBench:a benchmarkfor stateful protocol fuzzing[C]//Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis.2021:662-665.
[1] MA Yingzi, CHEN Zhe, YIN Jiale, MAO Ruiqi. Memory Security Vulnerability Detection Combining Fuzzy Testing and Dynamic Analysis [J]. Computer Science, 2024, 51(2): 352-358.
[2] DING Duo, SUN Cong, ZHENG Tao. Robust Binary Program Debloating [J]. Computer Science, 2024, 51(10): 208-217.
[3] ZHUANG Yuan, CAO Wenfang, SUN Guokai, SUN Jianguo, SHEN Linshan, YOU Yang, WANG Xiaopeng, ZHANG Yunhai. Network Protocol Vulnerability Mining Method Based on the Combination of Generative AdversarialNetwork and Mutation Strategy [J]. Computer Science, 2023, 50(9): 44-51.
[4] ZHAO Mingmin, YANG Qiuhui, HONG Mei, CAI Chuang. Smart Contract Fuzzing Based on Deep Learning and Information Feedback [J]. Computer Science, 2023, 50(9): 117-122.
[5] DU Hao, WANG Yunchao, YAN Chenyu, LI Xingwei. Test Cases Generation Techniques for Root Cause Location of Fault [J]. Computer Science, 2023, 50(7): 10-17.
[6] YANG Yahui, MA Rongkuan, GENG Yangyang, WEI Qiang, JIA Yan. Black-box Fuzzing Method Based on Reverse-engineering for Proprietary Industrial Control Protocol [J]. Computer Science, 2023, 50(4): 323-332.
[7] HE Jie, CAI Ruijie, YIN Xiaokang, LU Xuanting, LIU Shengli. Detection of Web Command Injection Vulnerability for Cisco IOS-XE [J]. Computer Science, 2023, 50(4): 343-350.
[8] XU Wei, WU Zehui, WANG Zimu, LU Li. Protocol Fuzzing Based on Testcases Automated Generation [J]. Computer Science, 2023, 50(12): 58-65.
[9] HUANG Song, DU Jin-hu, WANG Xing-ya, SUN Jin-lei. Survey of Ethereum Smart Contract Fuzzing Technology Research [J]. Computer Science, 2022, 49(8): 294-305.
[10] HU Zhi-hao, PAN Zu-lie. Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing [J]. Computer Science, 2022, 49(5): 318-324.
[11] WANG Tian-yuan, WU Shu-hong, LI Zhao-ji, XIN Hao-guang, LI Xuan, CHEN Yong-le. PGNFuzz:Pointer Generation Network Based Fuzzing Framework for Industry Control Protocols [J]. Computer Science, 2022, 49(10): 310-318.
[12] LI Yi-hao, HONG Zheng, LIN Pei-hong. Fuzzing Test Case Generation Method Based on Depth-first Search [J]. Computer Science, 2021, 48(12): 85-93.
[13] XIAO Feng, ZHANG Peng-cheng, LUO Xia-pu. Ethereum Smart Contract Bug Detection and Repair Approach Based on Regular Expressions, Program Instrumentation and Code Replacement [J]. Computer Science, 2021, 48(11): 89-101.
[14] ZHANG Ya-feng, HONG Zheng, WU Li-fa, ZHOU Zhen-ji and SUN He. Protocol State Based Fuzzing Method for Industrial Control Protocols [J]. Computer Science, 2017, 44(5): 132-140.
[15] CHENG Cheng and ZHOU Yan-hui. Findding XSS Vulnerabilities Based on Fuzzing Test and Genetic Algorithm [J]. Computer Science, 2016, 43(Z6): 328-331.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.