BGPFuzz: Automated Configuration Fuzzing of the Border Gateway Protocol

• URL: http://arxiv.org/abs/2512.05358v1
• Date: Fri, 05 Dec 2025 01:53:14 GMT
• Title: BGPFuzz: Automated Configuration Fuzzing of the Border Gateway Protocol
• Authors: Chenlu Zhang, Amirmohammad Pasdar, Van-Thuan Pham,
• Abstract summary: Misconfigurations in Border Gateway Protocol (BGP) can lead to severe outages and security breaches.<n>We present BGPFuzz, a structure-aware and stateful fuzzing framework that systematically mutates BGP configurations and evaluates their effects in network.
• Score: 3.0013352260516744
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Telecommunications networks rely on configurations to define routing behavior, especially in the Border Gateway Protocol (BGP), where misconfigurations can lead to severe outages and security breaches, as demonstrated by the 2021 Facebook outage. Unlike existing approaches that rely on synthesis or verification, our work offers a cost-effective method for identifying misconfigurations resulting from BGP's inherent complexity or vendor-specific implementations. We present BGPFuzz, a structure-aware and stateful fuzzing framework that systematically mutates BGP configurations and evaluates their effects in virtualized network. Without requiring predefined correctness properties as in static analysis, BGPFuzz detects anomalies through runtime oracles that capture practical symptoms such as session resets, blackholing, and traffic redirection. Our experiments show that BGPFuzz can reliably reproduce and detect known failures, including max-prefix violations and sub-prefix hijacks.

Related papers

• TopoEdge: Topology-Grounded Agentic Framework for Edge Networking Code Generation and Repair [1.8860840010379987]
  TopoEdge is a framework for software-defined networking (SDN) configuration generation and repair.<n>TopoEdge represents each target topology as a router-level graph and embeds it using a contrastively trained graph neural network (GNN)<n>The target topology, retrieved reference topology, and reference driver are assembled into a topology-grounded retrieval-augmented generation context (TopoRAG)
  arXiv  Detail & Related papers  (2026-02-28T09:36:48Z)
• Certified Circuits: Stability Guarantees for Mechanistic Circuits [80.30622018787835]
  Certified Circuits provides provable stability guarantees for circuit discovery.<n>On ImageNet and OOD datasets, certified circuits achieve up to 91% higher accuracy.
  arXiv  Detail & Related papers  (2026-02-26T13:07:31Z)
• Why Does the LLM Stop Computing: An Empirical Study of User-Reported Failures in Open-Source LLMs [50.075587392477935]
  We conduct the first large-scale empirical study of 705 real-world failures from the open-source DeepSeek, Llama, and Qwen ecosystems.<n>Our analysis reveals a paradigm shift: white-box orchestration relocates the reliability bottleneck from model algorithmic defects to the systemic fragility of the deployment stack.
  arXiv  Detail & Related papers  (2026-01-20T06:42:56Z)
• Adapting, Fast and Slow: Transportable Circuits for Few-Shot Learning [54.930879235929204]
  Generalization across the domains is not possible without asserting a structure that constrains the unseen target domain w.r.t.<n>We design an algorithm for zero-shot compositional generalization which relies on access to qualitative domain knowledge.<n>Our theoretical results characterize classes of few-shot learnable tasks in terms of graphical circuit transportability criteria.
  arXiv  Detail & Related papers  (2025-12-28T04:38:43Z)
• BEAR: BGP Event Analysis and Reporting [10.153790653358625]
  Border Gateway Protocol (BGP) anomalies can divert traffic through unauthorized or inefficient paths, jeopardizing network reliability and security.<n>BGP Event Analysis and Reporting framework generates comprehensive reports explaining detected BGP anomaly events.<n> BEAR achieves 100% accuracy, outperforming Chain-of-Thought and in-context learning baselines.
  arXiv  Detail & Related papers  (2025-06-04T23:34:36Z)
• CANTXSec: A Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations [53.036288487863786]
  We propose CANTXSec, the first deterministic Intrusion Detection and Prevention system based on physical ECU activations.<n>It detects and prevents classical attacks in the CAN bus, while detecting advanced attacks that have been less investigated in the literature.<n>We prove the effectiveness of our solution on a physical testbed, where we achieve 100% detection accuracy in both classes of attacks while preventing 100% of FIAs.
  arXiv  Detail & Related papers  (2025-05-14T13:37:07Z)
• Defending against Indirect Prompt Injection by Instruction Detection [109.30156975159561]
  InstructDetector is a novel detection-based approach that leverages the behavioral states of LLMs to identify potential IPI attacks.<n>InstructDetector achieves a detection accuracy of 99.60% in the in-domain setting and 96.90% in the out-of-domain setting, and reduces the attack success rate to just 0.03% on the BIPIA benchmark.
  arXiv  Detail & Related papers  (2025-05-08T13:04:45Z)
• A Label-Free Heterophily-Guided Approach for Unsupervised Graph Fraud Detection [60.09453163562244]
  We propose a Heterophily-guided Unsupervised Graph fraud dEtection approach (HUGE) for unsupervised GFD.<n>In the estimation module, we design a novel label-free heterophily metric called HALO, which captures the critical graph properties for GFD.<n>In the alignment-based fraud detection module, we develop a joint-GNN architecture with ranking loss and asymmetric alignment loss.
  arXiv  Detail & Related papers  (2025-02-18T22:07:36Z)
• MaliGNNoma: GNN-Based Malicious Circuit Classifier for Secure Cloud FPGAs [1.6273816588362844]
  MaliGNNoma is a machine learning-based solution that accurately identifies malicious FPGA configurations. It can be employed by cloud service providers as an initial security layer within a necessary multi-tiered security system. MaliGNNoma achieves a classification accuracy and precision of 98.24% and 97.88%, respectively, surpassing state-of-the-art approaches.
  arXiv  Detail & Related papers  (2024-03-04T09:16:12Z)
• JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing [12.338137154105034]
  We investigate fuzzing for 7-Series and UltraScale(+) FPGA configuration engines. Our goal is to examine the effectiveness of fuzzing to analyze and document the inner workings of FPGA configuration engines.
  arXiv  Detail & Related papers  (2024-02-15T10:03:35Z)
• Seagull: Privacy preserving network verification system [0.07646713951724012]
  Border Gateway Protocol (BGP) serves as the core mechanism managing routing between autonomous systems.<n>Verifying the correctness and convergence of BGP configurations is essential for maintaining a stable and secure Internet.<n>This paper introduces a privacy-preserving verification framework that leverages multiparty computation.
  arXiv  Detail & Related papers  (2024-02-14T05:56:51Z)
• ISTR: End-to-End Instance Segmentation with Transformers [147.14073165997846]
  We propose an instance segmentation Transformer, termed ISTR, which is the first end-to-end framework of its kind. ISTR predicts low-dimensional mask embeddings, and matches them with ground truth mask embeddings for the set loss. Benefiting from the proposed end-to-end mechanism, ISTR demonstrates state-of-the-art performance even with approximation-based suboptimal embeddings.
  arXiv  Detail & Related papers  (2021-05-03T06:00:09Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.