Related papers: MulCovFuzz: A Multi-Component Coverage-Guided Greybox Fuzzer for 5G Protocol Testing

MulCovFuzz: A Multi-Component Coverage-Guided Greybox Fuzzer for 5G Protocol Testing

URL: http://arxiv.org/abs/2602.21794v1
Date: Wed, 25 Feb 2026 11:17:42 GMT
Title: MulCovFuzz: A Multi-Component Coverage-Guided Greybox Fuzzer for 5G Protocol Testing
Authors: Yu Wang, Yang Xiang, Chandra Thapa, Hajime Suzuki,
Abstract summary: MulCovFuzz is a coverage-guided greybox fuzzing tool for 5G network testing.<n>Our experimental results demonstrate that MulCovFuzz significantly outperforms traditional fuzzing approaches.
Score: 10.0157834235145
License: http://creativecommons.org/licenses/by/4.0/
Abstract: As mobile networks transition to 5G infrastructure, ensuring robust security becomes more important due to the complex architecture and expanded attack surface. Traditional security testing approaches for 5G networks rely on black-box fuzzing techniques, which are limited by their inability to observe internal program state and coverage information. This paper presents MulCovFuzz, a novel coverage-guided greybox fuzzing tool for 5G network testing. Unlike existing tools that depend solely on system response, MulCovFuzz implements a multi-component coverage collection mechanism that dynamically monitors code coverage across different components of the 5G system architecture. Our approach introduces a novel testing paradigm that includes a scoring function combining coverage rewards with efficiency metrics to guide test case generation. We evaluate MulCovFuzz on open-source 5G implementation OpenAirInterface. Our experimental results demonstrate that MulCovFuzz significantly outperforms traditional fuzzing approaches, achieving a 5.85\% increase in branch coverage, 7.17\% increase in line coverage, and 16\% improvement in unique crash discovery during 24h fuzzing testing. MulCovFuzz uncovered three zero-day vulnerabilities, two of which were not identified by any other fuzzing technique. This work contributes to the advancement of security testing tools for next-generation mobile networks.

Related papers

OpenRT: An Open-Source Red Teaming Framework for Multimodal LLMs [36.57820295876294]
We introduce OpenRT, a unified, modular, and high- throughput red-teaming framework for MLLM safety evaluation.<n>At its core, OpenRT architects a paradigm shift in automated red-teaming by introducing an adversarial kernel that enables modular separation across five dimensions.<n>Our framework integrates 37 diverse attack methodologies, spanning white-box gradients, multi-modal perturbations, and sophisticated multi-agent evolutionary strategies.
arXiv Detail & Related papers (2026-01-04T16:41:33Z)
GoldenFuzz: Generative Golden Reference Hardware Fuzzing [13.434848597658215]
Existing hardware fuzzers suffer from limited semantic awareness, inefficient test refinement, and high computational overhead.<n>We present GoldenFuzz, a novel two-stage hardware fuzzing framework that partially decouples test case refinement from coverage and vulnerability exploration.<n>GoldenFuzz uncovers all known vulnerabilities and discovers five new ones, four of which are classified as highly severe with CVSS v3 severity scores exceeding seven out of ten.
arXiv Detail & Related papers (2025-12-25T06:16:55Z)
Cross-Service Token: Finding Attacks in 5G Core Networks [58.86003502940164]
We present FivGeeFuzz, a grammar-based fuzzing framework designed to uncover security flaws in 5G core SBIs.<n>Using FivGeeFuzz, we discovered 8 previously unknown vulnerabilities in free5GC, leading to runtime crashes, improper error handling, and unauthorized access to resources.
arXiv Detail & Related papers (2025-09-10T20:40:33Z)
LLAMA: Multi-Feedback Smart Contract Fuzzing Framework with LLM-Guided Seed Generation [56.84049855266145]
We propose a Multi-feedback Smart Contract Fuzzing framework (LLAMA) that integrates evolutionary mutation strategies, and hybrid testing techniques.<n>LLAMA achieves 91% instruction coverage and 90% branch coverage, while detecting 132 out of 148 known vulnerabilities.<n>These results highlight LLAMA's effectiveness, adaptability, and practicality in real-world smart contract security testing scenarios.
arXiv Detail & Related papers (2025-07-16T09:46:58Z)
QUIC-Fuzz: An Effective Greybox Fuzzer For The QUIC Protocol [3.591122855617648]
We develop a fuzzer for the recently ratified QUIC network protocol to uncover security vulnerabilities.<n>We test 6, well-maintained server-side implementations, including from Google and Alibaba with QUIC-Fuzz.<n>Our testing uncovered 10 new security vulnerabilities, precipitating 2 CVE assignments thus far.
arXiv Detail & Related papers (2025-03-25T07:21:35Z)
CovFUZZ: Coverage-based fuzzer for 4G&5G protocols [3.708656266586145]
This paper introduces an automated fuzzing framework designed to test the security of 4G and 5G attach procedure implementations. Our framework provides a comprehensive solution for uplink and downlink fuzzing in 4G, as well as downlink fuzzing in 5G, while supporting fuzzing on all layers except the physical layer.
arXiv Detail & Related papers (2024-10-28T12:22:10Z)
G-Fuzz: A Directed Fuzzing Framework for gVisor [48.85077340822625]
G-Fuzz is a directed fuzzing framework for gVisor. G-Fuzz has been deployed in industry and has detected multiple serious vulnerabilities.
arXiv Detail & Related papers (2024-09-20T01:00:22Z)
Advanced Penetration Testing for Enhancing 5G Security [0.0]
This paper reviews penetration testing approaches for identifying security vulnerabilities in 5G networks. It examines ways adversaries exploit vulnerabilities in 5G networks, covering tactics and strategies targeted at 5G features. Our research indicates that 5G penetration testing should use a multithreaded approach for addressing current security challenges.
arXiv Detail & Related papers (2024-07-24T13:35:35Z)
Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
We present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
arXiv Detail & Related papers (2024-03-04T09:27:11Z)
Smart Fuzzing of 5G Wireless Software Implementation [4.1439060468480005]
We introduce a comprehensive approach to bolstering the security, reliability, and comprehensibility of OpenAirInterface5G (OAI5G) We employ AFL++, a powerful fuzzing tool, to fuzzy-test OAI5G with respect to its configuration files rigorously. Secondly, we harness the capabilities of Large Language Models such as Google Bard to automatically decipher and document the meanings of parameters within the OAI5G that are used in fuzzing.
arXiv Detail & Related papers (2023-09-22T16:45:42Z)
Artificial Intelligence Empowered Multiple Access for Ultra Reliable and Low Latency THz Wireless Networks [76.89730672544216]
Terahertz (THz) wireless networks are expected to catalyze the beyond fifth generation (B5G) era. To satisfy the ultra-reliability and low-latency demands of several B5G applications, novel mobility management approaches are required. This article presents a holistic MAC layer approach that enables intelligent user association and resource allocation, as well as flexible and adaptive mobility management.
arXiv Detail & Related papers (2022-08-17T03:00:24Z)
MFNet: Multi-filter Directive Network for Weakly Supervised Salient Object Detection [104.0177412274975]
Weakly supervised salient object detection (WSOD) targets to train a CNNs-based saliency network using only low-cost annotations. Existing WSOD methods take various techniques to pursue single "high-quality" pseudo label from low-cost annotations and then develop their saliency networks. We introduce a new multiple-pseudo-label framework to integrate more comprehensive and accurate saliency cues from multiple labels.
arXiv Detail & Related papers (2021-12-03T06:12:42Z)

This list is automatically generated from the titles and abstracts of the papers in this site.