State Selection Algorithms and Their Impact on The Performance of Stateful Network Protocol Fuzzing
The statefulness property of network protocol implementations poses a unique challenge for testing and verification techniques, including Fuzzing. Stateful fuzzers tackle this challenge by leveraging state models to partition the state space and assist the test generation process. Since not all stat...
Saved in:
| Published in | 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) pp. 720 - 730 |
|---|---|
| Main Authors | , , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
01.03.2022
|
| Subjects | |
| Online Access | Get full text |
| DOI | 10.1109/SANER53432.2022.00089 |
Cover
Loading…
| Abstract | The statefulness property of network protocol implementations poses a unique challenge for testing and verification techniques, including Fuzzing. Stateful fuzzers tackle this challenge by leveraging state models to partition the state space and assist the test generation process. Since not all states are equally important and fuzzing campaigns have time limits, fuzzers need effective state selection algorithms to prioritize progressive states over others. Several state selection algorithms have been proposed but they were implemented and evaluated separately on different platforms, making it hard to achieve conclusive findings. In this work, we evaluate an extensive set of state selection algorithms on the same fuzzing platform that is AFLNet, a state-of-the-art fuzzer for network servers. The algorithm set includes existing ones supported by AFLNet and our novel and principled algorithm called AFLNetLegion. The experimental results on the ProFuzzBench benchmark show that (i) the existing state selection algorithms of AFLNet achieve very similar code coverage, (ii) AFLNetLegion clearly outperforms these algorithms in selected case studies, but (iii) the overall improvement appears insignificant. These are unexpected yet interesting findings. We identify problems and share insights that could open opportunities for future research on this topic. |
|---|---|
| AbstractList | The statefulness property of network protocol implementations poses a unique challenge for testing and verification techniques, including Fuzzing. Stateful fuzzers tackle this challenge by leveraging state models to partition the state space and assist the test generation process. Since not all states are equally important and fuzzing campaigns have time limits, fuzzers need effective state selection algorithms to prioritize progressive states over others. Several state selection algorithms have been proposed but they were implemented and evaluated separately on different platforms, making it hard to achieve conclusive findings. In this work, we evaluate an extensive set of state selection algorithms on the same fuzzing platform that is AFLNet, a state-of-the-art fuzzer for network servers. The algorithm set includes existing ones supported by AFLNet and our novel and principled algorithm called AFLNetLegion. The experimental results on the ProFuzzBench benchmark show that (i) the existing state selection algorithms of AFLNet achieve very similar code coverage, (ii) AFLNetLegion clearly outperforms these algorithms in selected case studies, but (iii) the overall improvement appears insignificant. These are unexpected yet interesting findings. We identify problems and share insights that could open opportunities for future research on this topic. |
| Author | Murray, Toby Liu, Dongge Pham, Van-Thuan Rubinstein, Benjamin I.P. Ernst, Gidon |
| Author_xml | – sequence: 1 givenname: Dongge surname: Liu fullname: Liu, Dongge email: donggel@student.unimelb.edu.au organization: The University of Melbourne,Melbourne,Australia – sequence: 2 givenname: Van-Thuan surname: Pham fullname: Pham, Van-Thuan email: thuan.pham@unimelb.edu.au organization: The University of Melbourne,Melbourne,Australia – sequence: 3 givenname: Gidon surname: Ernst fullname: Ernst, Gidon email: gidon.ernst@lmu.de organization: LMU Munich,Munich,Germany – sequence: 4 givenname: Toby surname: Murray fullname: Murray, Toby email: toby.murray@unimelb.edu.au organization: The University of Melbourne,Melbourne,Australia – sequence: 5 givenname: Benjamin I.P. surname: Rubinstein fullname: Rubinstein, Benjamin I.P. email: brubinstein@unimelb.edu.au organization: The University of Melbourne,Melbourne,Australia |
| BookMark | eNotjNFKwzAUQCPog5t-gQj5gdYkt2maxzI2HYw5bN9HltxuwbYZWYa4r3eoT4fDgTMht2MYkZBnznLOmX5p6vX8Q0IBIhdMiJwxVukbMuFlKQtQVQn3xDbJJKQN9miTDyOt-32IPh2GEzWjo-0BfaTL4Whsotd8dbrB2IU4mNEiDR39PXTnnq4xfYX4STcxpGBDTxfny8WP-wdy15n-hI__nJJ2MW9nb9nq_XU5q1eZFwxSZqDg0gEKlG5X2HLnlKo0KFC6LI20VmiOyJhTDriRoAtuER1Y7JgzHKbk6W_rEXF7jH4w8XurKyGVrOAHG85TyA |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/SANER53432.2022.00089 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Xplore Digital Library IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 1665437863 9781665437868 |
| EndPage | 730 |
| ExternalDocumentID | 9825758 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: Commonwealth Scientific and Industrial Research Organisation's Data61 funderid: 10.13039/501100000943 – fundername: Defence Science and Technology Group's funderid: 10.13039/501100008812 |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i203t-a3415d3e2e5db4c6bd77893737966a5cc291ee00d7d31a53941ceed3cef0da13 |
| IEDL.DBID | RIE |
| IngestDate | Thu Jun 29 18:36:50 EDT 2023 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i203t-a3415d3e2e5db4c6bd77893737966a5cc291ee00d7d31a53941ceed3cef0da13 |
| PageCount | 11 |
| ParticipantIDs | ieee_primary_9825758 |
| PublicationCentury | 2000 |
| PublicationDate | 2022-March |
| PublicationDateYYYYMMDD | 2022-03-01 |
| PublicationDate_xml | – month: 03 year: 2022 text: 2022-March |
| PublicationDecade | 2020 |
| PublicationTitle | 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) |
| PublicationTitleAbbrev | SANER |
| PublicationYear | 2022 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 2.361611 |
| Snippet | The statefulness property of network protocol implementations poses a unique challenge for testing and verification techniques, including Fuzzing. Stateful... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 720 |
| SubjectTerms | Fuzzing Monte Carlo tree search network protocol Network servers Protocols Search problems Software Software algorithms Throughput |
| Title | State Selection Algorithms and Their Impact on The Performance of Stateful Network Protocol Fuzzing |
| URI | https://ieeexplore.ieee.org/document/9825758 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PT8IwFG6Akyc1YPydHjw6aNeV2SMxLGgCIYIJN9K1b2rEzeh24a_3tUMwxoO3rs32mtcu733t-94j5MpYYa1SNmCR0UGkQAcqCm2gpNXmJkt5DI47PJ70R4_R_UIuGuR6y4UBAB98Bl3X9Hf5tjCVOyrrKYQz6N82SROBW83V2pByOFO92WAyfJCOKImwL_R5OF3x9h9FU7zNSPbJ-FtaHSry2q3KtGvWvxIx_nc6B6SzY-fR6dbuHJIG5G1ivNdIZ76sDeqaDlZPBQL_57dPqnNL5-5CgN55TiTFYXym0x1pgBYZ9V_IqhWd1KHhTkhZ4EahSbVeo6gOmSfD-e0o2BRQCF5CJspAo4mSVkAI0qaR6ac2jp1_ImIEOVoaEyoOwJiNreBaChVxN3dhIGNWc3FEWnmRwzGhMWMaX2IgNP71HLSWLhNaig5Uxk0oT0jb6Wf5XqfIWG5Uc_p39xnZcytUh3Kdk1b5UcEF2vYyvfSL-gXPkqfP |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PT8IwFG4QD3pSA8bf9uDRQbuuzB6JgYDCQmQm3EjXdmrEzeh24a_3tUMwxoO3rs32mtcu33vt-95D6EppprUQ2iOBkl4gjPRE4GtPcC3VTZrQ0Fju8DjqDB6Duxmf1dD1mgtjjHHBZ6Zlm-4uX-eqtEdlbQHuDNi3W2gbcJ_Tiq21ouVQItrTbtR74JYqCY6f7zJx2vLtP8qmONTo76Hxt7wqWOS1VRZJSy1_pWL874T2UXPDz8OTNfIcoJrJGkg5uxFPXWEb0DbuLp5ycP2f3z6xzDSO7ZUAHjpWJIZheMaTDW0A5yl2X0jLBY6q4HArpMhhq-B-uVyCqCaK-734duCtSih4Lz5hhScBpLhmxjdcJ4HqJDoMrYXCQnBzJFfKF9QYQnSoGZWciYDauTNlUqIlZYeonuWZOUI4JETCS8QwCf89NVJymwstARMqpcrnx6hh9TN_r5JkzFeqOfm7-xLtDOLxaD4aRvenaNeuVhXYdYbqxUdpzgHpi-TCLfAXv2yrGA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2022+IEEE+International+Conference+on+Software+Analysis%2C+Evolution+and+Reengineering+%28SANER%29&rft.atitle=State+Selection+Algorithms+and+Their+Impact+on+The+Performance+of+Stateful+Network+Protocol+Fuzzing&rft.au=Liu%2C+Dongge&rft.au=Pham%2C+Van-Thuan&rft.au=Ernst%2C+Gidon&rft.au=Murray%2C+Toby&rft.date=2022-03-01&rft.pub=IEEE&rft.spage=720&rft.epage=730&rft_id=info:doi/10.1109%2FSANER53432.2022.00089&rft.externalDocID=9825758 |