This article proposes i7Fuzzer, a hybrid fuzzing framework designed to enhance the security testing of stateful communication protocols such as Real-Time Streaming Protocol (RTSP) and Message Queuing Telemetry Transport (MQTT). These protocols, widely deployed in modern networked infrastructures, pose significant challenges for vulnerability detection due to their reliance on ordered message sequences and complex state transitions. i7Fuzzer addresses the limitations of traditional fuzzing approaches by integrating dynamic protocol analysis with machine learning–based mutation guidance. Specifically, a Long Short-Term Memory (LSTM) regression model is used to estimate bit-level mutation probabilities and prioritise the generation of high-impact test cases. The framework also automates the construction of syntactically valid message sequences aligned with protocol-specific states. Although demonstrated on protocols such as RTSP, MQTT, and File Transfer Protocol (FTP), the methodology is broadly applicable to a wide range of stateful protocols. Experimental results confirm that i7Fuzzer improves code coverage and effectively identifies potential protocol-specific vulnerabilities. These findings underscore the benefits of combining neural learning techniques with protocol-aware fuzzing to strengthen the security of critical communication systems.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

i7Fuzzer: Neural-Guided Fuzzing for Enhancing Security Testing of Stateful Protocols

  • Loui Al Sardy,
  • Avinash Rajendra Prasad,
  • Reinhard German

摘要

This article proposes i7Fuzzer, a hybrid fuzzing framework designed to enhance the security testing of stateful communication protocols such as Real-Time Streaming Protocol (RTSP) and Message Queuing Telemetry Transport (MQTT). These protocols, widely deployed in modern networked infrastructures, pose significant challenges for vulnerability detection due to their reliance on ordered message sequences and complex state transitions. i7Fuzzer addresses the limitations of traditional fuzzing approaches by integrating dynamic protocol analysis with machine learning–based mutation guidance. Specifically, a Long Short-Term Memory (LSTM) regression model is used to estimate bit-level mutation probabilities and prioritise the generation of high-impact test cases. The framework also automates the construction of syntactically valid message sequences aligned with protocol-specific states. Although demonstrated on protocols such as RTSP, MQTT, and File Transfer Protocol (FTP), the methodology is broadly applicable to a wide range of stateful protocols. Experimental results confirm that i7Fuzzer improves code coverage and effectively identifies potential protocol-specific vulnerabilities. These findings underscore the benefits of combining neural learning techniques with protocol-aware fuzzing to strengthen the security of critical communication systems.