StatePre: A Large Language Model-Based State-Handling Method for Network Protocol Fuzzing
Uloženo v:
| Vydáno v: | Electronics vol. 14, no. 10 (2025), p. 1931 |
|---|---|
| Hlavní autor: | |
| Další autoři: | , , , , |
| Vydáno: |
MDPI AG
|
| Témata: | |
| On-line přístup: | Citation/Abstract Full Text + Graphics Full Text - PDF |
| Tagy: |
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstrakt: | As essential components for communication, network protocol programs are highly security-critical, making it crucial to identify their vulnerabilities. Fuzzing is one of the most popular software vulnerability discovery techniques, being highly efficient and having low false-positive rates. However, current network protocol fuzzing is hindered by the coarse-grained and missing state annotations in programs. The current solutions primarily rely on the manual modification of programs, which is inefficient and prone to omissions. In this paper, we propose StatePre, a novel state-handling method for stateful network protocol programs, which leverages large language model (LLM) code- and text-understanding capabilities to analyze request for comments (RFC)-defined state knowledge and optimize the state handling of programs for fuzzing. StatePre automatically refines coarse-grained state annotations and complements missing state annotations in programs to ensure precise state tracking and fuzzing effectiveness. We implement a prototype of StatePre. The evaluation shows that programs modified with StatePre, with fine-grained and comprehensive state annotations, achieve better fuzzing efficiency, higher code coverage, and improved crash detection compared to those not modified with StatePre. Moreover, StatePre demonstrates good scalability, thus is applicable to various network protocol programs. |
|---|---|
| ISSN: | 2079-9292 |
| DOI: | 10.3390/electronics14101931 |
| Zdroj: | Advanced Technologies & Aerospace Database |