StatePre: A Large Language Model-Based State-Handling Method for Network Protocol Fuzzing
保存先:
| 出版年: | Electronics vol. 14, no. 10 (2025), p. 1931 |
|---|---|
| 第一著者: | |
| その他の著者: | , , , , |
| 出版事項: |
MDPI AG
|
| 主題: | |
| オンライン・アクセス: | Citation/Abstract Full Text + Graphics Full Text - PDF |
| タグ: |
タグなし, このレコードへの初めてのタグを付けませんか!
|
| 抄録: | As essential components for communication, network protocol programs are highly security-critical, making it crucial to identify their vulnerabilities. Fuzzing is one of the most popular software vulnerability discovery techniques, being highly efficient and having low false-positive rates. However, current network protocol fuzzing is hindered by the coarse-grained and missing state annotations in programs. The current solutions primarily rely on the manual modification of programs, which is inefficient and prone to omissions. In this paper, we propose StatePre, a novel state-handling method for stateful network protocol programs, which leverages large language model (LLM) code- and text-understanding capabilities to analyze request for comments (RFC)-defined state knowledge and optimize the state handling of programs for fuzzing. StatePre automatically refines coarse-grained state annotations and complements missing state annotations in programs to ensure precise state tracking and fuzzing effectiveness. We implement a prototype of StatePre. The evaluation shows that programs modified with StatePre, with fine-grained and comprehensive state annotations, achieve better fuzzing efficiency, higher code coverage, and improved crash detection compared to those not modified with StatePre. Moreover, StatePre demonstrates good scalability, thus is applicable to various network protocol programs. |
|---|---|
| ISSN: | 2079-9292 |
| DOI: | 10.3390/electronics14101931 |
| ソース: | Advanced Technologies & Aerospace Database |