Related papers: APFuzz: Towards Automatic Greybox Protocol Fuzzing

APFuzz: Towards Automatic Greybox Protocol Fuzzing

URL: http://arxiv.org/abs/2602.21892v1
Date: Wed, 25 Feb 2026 13:21:06 GMT
Title: APFuzz: Towards Automatic Greybox Protocol Fuzzing
Authors: Yu Wang, Yang Xiang, Chandra Thapa, Hajime Suzuki,
Abstract summary: We propose APFuzz (Automatic greybox Protocol Fuzzer) with novel designs to increase the smartness of greybox protocol fuzzers.<n>APFuzz employs a two-stage process of static and dynamic analysis to automatically identify state variables.<n>On the other hand, APFuzz introduces field-level mutation operations for binary protocols.
Score: 10.0157834235145
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Greybox protocol fuzzing is a random testing approach for stateful protocol implementations, where the input is protocol messages generated from mutations of seeds, and the search in the input space is driven by the feedback on coverage of both code and state. State model and message model are the core components of communication protocols, which also have significant impacts on protocol fuzzing. In this work, we propose APFuzz (Automatic greybox Protocol Fuzzer) with novel designs to increase the smartness of greybox protocol fuzzers from the perspectives of both the state model and the message model. On the one hand, APFuzz employs a two-stage process of static and dynamic analysis to automatically identify state variables, which are then used to infer an accurate state model during fuzzing. On the other hand, APFuzz introduces field-level mutation operations for binary protocols, leveraging message structure awareness enabled by Large Language Models. We conduct extensive experiments on a public protocol fuzzing benchmark, comparing APFuzz with the baseline fuzzer AFLNET as well as several state-of-the-art greybox protocol fuzzers.

Related papers

Proto-Former: Unified Facial Landmark Detection by Prototype Transformer [77.47431726595111]
Proto-Former is a unified, adaptive, end-to-end facial landmark detection framework.<n>It enables joint training across multiple datasets within a unified architecture.<n>Proto-Former achieves superior performance compared to existing state-of-the-art methods.
arXiv Detail & Related papers (2025-10-17T06:00:25Z)
Adaptive Attacks on Trusted Monitors Subvert AI Control Protocols [80.68060125494645]
We study adaptive attacks by an untrusted model that knows the protocol and the monitor model.<n>We instantiate a simple adaptive attack vector by which the attacker embeds publicly known or zero-shot prompt injections in the model outputs.
arXiv Detail & Related papers (2025-10-10T15:12:44Z)
MultiFuzz: A Dense Retrieval-based Multi-Agent System for Network Protocol Fuzzing [0.0]
MultiFuzz is a novel dense retrieval-based multi-agent system for protocol fuzzing.<n>It integrates semantic-aware context retrieval, specialized agents, and structured tool-assisted reasoning.<n>It significantly improves branch coverage and explores deeper protocol states and transitions over state-of-the-art fuzzers.
arXiv Detail & Related papers (2025-08-19T22:42:04Z)
LLM-Assisted Model-Based Fuzzing of Protocol Implementations [9.512044399020514]
Faults in protocol behavior can lead to vulnerabilities and system failures.<n>A common approach to protocol testing involves constructing Markovian models that capture the state transitions and expected behaviors of the protocol.<n>We propose a novel method that leverages large language models (LLMs) to automatically generate sequences for testing network protocol implementations.
arXiv Detail & Related papers (2025-08-03T13:16:18Z)
QUIC-Fuzz: An Effective Greybox Fuzzer For The QUIC Protocol [3.591122855617648]
We develop a fuzzer for the recently ratified QUIC network protocol to uncover security vulnerabilities.<n>We test 6, well-maintained server-side implementations, including from Google and Alibaba with QUIC-Fuzz.<n>Our testing uncovered 10 new security vulnerabilities, precipitating 2 CVE assignments thus far.
arXiv Detail & Related papers (2025-03-25T07:21:35Z)
Experimental Simulation of Two Pulses and Three Pulses Coherent One Way Quantum Key Distribution Protocol in Noisy/Noiseless and Wired/Wireless Environment [1.8638865257327277]
Coherent One Way (COW) protocol is one of the most famous protocol because of its ease of hardware deployment. We demonstrate the encoding as well as decoding portions of the protocols under both noisy and noiseless scenario.
arXiv Detail & Related papers (2024-09-23T11:02:52Z)
Games for AI Control: Models of Safety Evaluations of AI Deployment Protocols [52.40622903199512]
This paper introduces AI-Control Games, a formal decision-making model of the red-teaming exercise as a multi-objective, partially observable game. We apply our formalism to model, evaluate and synthesise protocols for deploying untrusted language models as programming assistants.
arXiv Detail & Related papers (2024-09-12T12:30:07Z)
FuzzCoder: Byte-level Fuzzing Test via Large Language Model [46.18191648883695]
We propose to adopt fine-tuned large language models (FuzzCoder) to learn patterns in the input files from successful attacks. FuzzCoder can predict mutation locations and strategies locations in input files to trigger abnormal behaviors of the program.
arXiv Detail & Related papers (2024-09-03T14:40:31Z)
Multistep Inverse Is Not All You Need [87.62730694973696]
In real-world control settings, the observation space is often unnecessarily high-dimensional and subject to time-correlated noise. It is therefore desirable to learn an encoder to map the observation space to a simpler space of control-relevant variables. We propose a new algorithm, ACDF, which combines multistep-inverse prediction with a latent forward model.
arXiv Detail & Related papers (2024-03-18T16:36:01Z)
QuTE: decentralized multiple testing on sensor networks with false discovery rate control [93.1040521878626]
This paper designs methods for decentralized multiple hypothesis testing on graphs equipped with provable guarantees on the false discovery rate (FDR)<n>We consider the setting where distinct agents reside on the nodes of an undirected graph, and each agent possesses p-values corresponding to one or more hypotheses local to its node.<n>Each agent must individually decide whether to reject one or more of its local hypotheses by only communicating with its neighbors, with the joint aim that the global FDR over the entire graph must be controlled at a predefined level.
arXiv Detail & Related papers (2022-10-09T19:48:39Z)
SNPSFuzzer: A Fast Greybox Fuzzer for Stateful Network Protocols using Snapshots [14.927657157570053]
SNPSFuzzer is a fast greybox fuzzer for stateful network protocol using snapshots. SNPSFuzzer dumps the context information when the network protocol program is under a specific state and restores it when the state needs to be fuzzed.
arXiv Detail & Related papers (2022-02-08T04:53:36Z)

This list is automatically generated from the titles and abstracts of the papers in this site.