Large Language Model guided Protocol Fuzzing
National University of Singapore · Max Planck Institute for Security and Privacy · +1 more institution
Abstract
How to find security flaws in a protocol implementation without a machine-readable specification of the protocol?Facing the internet, protocol implementations are particularly security-critical software systems where inputs must adhere to a specific structure and order that is often informally specified in hundreds of pages in natural language (RFC).Without some machine-readable version of that protocol, it is difficult to automatically generate valid test inputs for its implementation that follow the required structure and order.It is possible to partially alleviate this challenge using mutational fuzzing on a set of recorded message sequences as seed inputs.However, the set of available seeds is often quite…
Citation impact
- FWCI
- 74.78
- Percentile
- 100%
- References
- 56
Authors
4Topics & keywords
- Fuzz testing
- Computer science
- Protocol (science)
- Programming language
- Software