Abstract

As one of the most widely used technologies in software testing, fuzzing technology has been applied to network protocol vulnerability detection, and various network protocol fuzzers have been proposed. In this study, we first analyze and summarize some typical network protocol fuzzers to highlight the challenges when addressing stateful network protocol fuzzing. Then, a state-driven smart graybox protocol fuzzer (SGPFuzzer) is proposed to deal with these challenges. Finally, we evaluate SGPFuzzer on two widely used protocol implementations (LightFTP and tinyDTLS).The results show that SGPFuzzer outperforms Boofuzz and AFL in path coverage, unique crashes and the first time crash to crash, and it triggers a known bug which can't be trigged by the other two tools, fully proving its effectiveness and practicability.