Improving Code Coverage Metrics for Discovering Vulnerabilities in Stateful Network Protocols using Hybrid Fuzzing
Subject Areas : ICT
Hamid Rezaei Rahvard
1
,
Mehdi Salkhordeh Haghighi
2
*
1 - Faculty of Computer Eng and IT, Sadjad University, Mashhad, Iran
2 - Faculty of Computer Eng and IT, Sadjad University, Mashhad, Iran
Keywords: Software Testing, Fuzz Testing, Network Protocol Testing, Vulnerabilities, Symbolic Execution, Concolic Execution,
Abstract :
Fuzzing software is a method for finding security vulnerabilities in applications. In this method, by sending random data to the program, attempts are made to find cases that lead to undesirable behaviors and errors such as memory corruption or unauthorized access. One of the proposed methods for improving and enhancing fuzzing is the use of symbolic analysis and dynamic-symbolic execution. In this method, in addition to generating random data, logical analysis of the program and its symbolic execution are used to generate data that can cover new paths in program execution. In this research, we have shown that the dynamic-symbolic execution method can be used for fuzzing network protocols and also improve this process. For this purpose, the first framework for hybrid fuzzing of network protocols has been designed and implemented. The results on two services dcmtk and dnsmasq show that hybrid fuzzing performs better in terms of code coverage compared to traditional fuzzing. Branch coverage in the dcmtk service improved by 2.71 percent compared to AFLNet, which was able to make the negative performance of NyxNet compared to AFLNet positive. Also, branch coverage in the dnsmasq service improved by 37.72 percent compared to AFLNet and by 11.82 percent compared to NyxNet.