The popularity of small office and home office routers has brought convenience,but it also caused many security issues due to vulnerabilities.Black-box fuzzing through network protocols to discover vulnerabilities bec...The popularity of small office and home office routers has brought convenience,but it also caused many security issues due to vulnerabilities.Black-box fuzzing through network protocols to discover vulnerabilities becomes a viable option.The main drawbacks of state-of-the-art black-box fuzzers can be summarized as follows.First,the feedback process neglects to discover the mising felds in the raw message.Secondly,the guidance of the raw message content in the mutation process is aimless.Finally,the randomized validity of the test case structure can cause most fuzzing tests to end up with an invalid response of the tested device.To address these challenges,we propose a novel black-box fuzzing framework called MSL Fuzzer.MSL Fuzzer infers the raw message structure according to the response from a tested device and generates a message segment list.Furthermore,MSL Fuzzer performs semantic,sequence,and stability analyses on each message segment to enhance the complementation of missing fields in the raw message and guide the mutation process.We construct a dataset of 35 real-world vulnerabilities and evaluate MSL Fuzzer.The evaluation results show that MSL Fuzzer can find more vulnerabilities and elicit more types of responses from fuzzing targets.Additionally,MSL Fuzzer successfully discovered 10 previously unknown vulnerabilities.展开更多
基金supported by the major project of Science and Technology Innovation 2030,"The next generation of Artificial Intelligence"under Grant Number 2021ZD0111400the Open project of the State Key Laboratory of Computer Architecture,Neural Network Enhanced Symbolic Execution Algorithm Research under Grant Number CARCH201910the Fundamental Research Fundsfor the Central Universities under Grant Number 3132018XNG1814 and 3132018XNG1815.
文摘The popularity of small office and home office routers has brought convenience,but it also caused many security issues due to vulnerabilities.Black-box fuzzing through network protocols to discover vulnerabilities becomes a viable option.The main drawbacks of state-of-the-art black-box fuzzers can be summarized as follows.First,the feedback process neglects to discover the mising felds in the raw message.Secondly,the guidance of the raw message content in the mutation process is aimless.Finally,the randomized validity of the test case structure can cause most fuzzing tests to end up with an invalid response of the tested device.To address these challenges,we propose a novel black-box fuzzing framework called MSL Fuzzer.MSL Fuzzer infers the raw message structure according to the response from a tested device and generates a message segment list.Furthermore,MSL Fuzzer performs semantic,sequence,and stability analyses on each message segment to enhance the complementation of missing fields in the raw message and guide the mutation process.We construct a dataset of 35 real-world vulnerabilities and evaluate MSL Fuzzer.The evaluation results show that MSL Fuzzer can find more vulnerabilities and elicit more types of responses from fuzzing targets.Additionally,MSL Fuzzer successfully discovered 10 previously unknown vulnerabilities.
