Network protocol fuzz testing for information systems and applications: a survey and taxonomy

Fuzzing or fuzz testing has been introduced as a software testing technique to reduce vulnerabilities in software systems or given targets. To achieve a maximum benefit-to-cost ratio and without complication, we use fuzz testing [11]. In addition, during the development and debugging of a system, we may fail to notice the kinds of shortcoming that fuzz testing can expose. Fuzz testing types are different depending on the target they fuzz. Application, file format, and protocol fuzzing are the most common fuzzing types. A protocol fuzzer sends counterfeit packets to a target system while changing the normal packet en-route and sometimes replaying them. In addition, a protocol fuzzer sometimes acts as proxy server for clients. This survey study examines network protocol fuzz testing. We identified several studies on network protocol fuzzing. Most focus on application layers of the Open Systems Interconnection model. We primarily review the approaches of five studies and the targets and protocol layers they fuzz. We then develop criteria to compare these approaches in detail.

[1]  Changzhen Hu,et al.  Fuzz testing data generation for network protocol using classification tree , 2014 .

[2]  Arnold Rosenbloom,et al.  AutoFuzz: Automated Network Protocol Fuzzing Framework , 2010 .

[3]  Baojiang Cui,et al.  RFSM-Fuzzing a Smart Fuzzing Algorithm Based on Regression FSM , 2013, 2013 Eighth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[4]  Pedram Amini,et al.  Fuzzing: Brute Force Vulnerability Discovery , 2007 .

[5]  Jared D. DeMott,et al.  Fuzzing for Software Security Testing and Quality Assurance , 2008 .

[6]  David Lee,et al.  Detecting Communication Protocol Security Flaws by Formal Fuzz Testing and Machine Learning , 2008, FORTE.

[7]  Kenji Kono,et al.  AspFuzz: A state-aware protocol fuzzer based on application-layer protocols , 2010, The IEEE symposium on Computers and Communications.

[8]  Hoon Shin,et al.  New detection method and countermeasure of cyber attacks in mix networks , 2014, Multimedia Tools and Applications.

[9]  Tao Guo,et al.  A Model-Based Behavioral Fuzzing Approach for Network Service , 2013, 2013 Third International Conference on Instrumentation, Measurement, Computer, Communication and Control.

[10]  Qiaoyan Wen,et al.  A mutation-based fuzz testing approach for network protocol vulnerability detection , 2012, Proceedings of 2012 2nd International Conference on Computer Science and Network Technology.

[11]  Muhammad Torabi Dashti,et al.  SECFUZZ: Fuzz-testing security protocols , 2012, 2012 7th International Workshop on Automation of Software Test (AST).