MSFuzz: Augmenting Protocol Fuzzing with Message Syntax Comprehension via Large Language Models

被引:1
|
作者
Cheng, Mingjie [1 ,2 ]
Zhu, Kailong [1 ,2 ]
Chen, Yuanchao [1 ,2 ]
Yang, Guozheng [1 ,2 ]
Lu, Yuliang [1 ,2 ]
Lu, Canju [1 ,2 ]
机构
[1] Natl Univ Def Technol, Coll Elect Engn, Hefei 230037, Peoples R China
[2] Anhui Prov Key Lab Cyberspace Secur Situat Awarene, Hefei 230037, Peoples R China
关键词
fuzzing; syntax aware; protocol implementations; large language models; FUZZER;
D O I
10.3390/electronics13132632
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Network protocol implementations, as integral components of information communication, are critically important for security. Due to its efficiency and automation, fuzzing has become a popular method for protocol security detection. However, the existing protocol-fuzzing techniques face the critical problem of generating high-quality inputs. To address the problem, in this paper, we propose MSFuzz, which is a protocol-fuzzing method with message syntax comprehension. The core observation of MSFuzz is that the source code of protocol implementations contains detailed and comprehensive knowledge of the message syntax. Specifically, we leveraged the code-understanding capabilities of large language models to extract the message syntax from the source code and construct message syntax trees. Then, using these syntax trees, we expanded the initial seed corpus and designed a novel syntax-aware mutation strategy to guide the fuzzing. To evaluate the performance of MSFuzz, we compared it with the state-of-the-art (SOTA) protocol fuzzers, namely, AFLNET and CHATAFL. Experimental results showed that compared with AFLNET and CHATAFL, MSFuzz achieved average improvements of 22.53% and 10.04% in the number of states, 60.62% and 19.52% improvements in the number of state transitions, and 29.30% and 23.13% improvements in branch coverage. Additionally, MSFuzz discovered more vulnerabilities than the SOTA fuzzers.
引用
收藏
页数:19
相关论文
共 50 条
  • [41] Exploring Automated Assertion Generation via Large Language Models
    Zhang, Quanjun
    Sun, Weifeng
    Fang, Chunrong
    Yu, Bowen
    Li, Hongyan
    Yan, Meng
    Zhou, Jianyi
    Chen, Zhenyu
    ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2025, 34 (03)
  • [42] Guiding Large Language Models via Directional Stimulus Prompting
    Li, Zekun
    Peng, Baolin
    He, Pengcheng
    Galley, Michel
    Gao, Jianfeng
    Yan, Xifeng
    ADVANCES IN NEURAL INFORMATION PROCESSING SYSTEMS 36 (NEURIPS 2023), 2023,
  • [43] Augmenting Large Language Models with Rules for Enhanced Domain-Specific Interactions: The Case of Medical Diagnosis
    Panagoulias, Dimitrios P.
    Virvou, Maria
    Tsihrintzis, George A.
    ELECTRONICS, 2024, 13 (02)
  • [44] A Novel Approach for Machine Reading Comprehension using BERT-based Large Language Models
    Varghese, Nisha
    Shereef, Shafi
    Joy, Helen K.
    Ramasamy, Gobi
    Sridevi, R.
    Cynthia, T.
    Rajeshkanna, R.
    10TH INTERNATIONAL CONFERENCE ON ELECTRONICS, COMPUTING AND COMMUNICATION TECHNOLOGIES, CONECCT 2024, 2024,
  • [45] Tailoring glaucoma education using large language models: Addressing health disparities in patient comprehension
    Spina, Aidin C.
    Fereydouni, Pirooz
    Tang, Jordan N.
    Andalib, Saman
    Picton, Bryce G.
    Fox, Austin R.
    MEDICINE, 2025, 104 (02)
  • [46] Towards Language-Driven Video Inpainting via Multimodal Large Language Models
    Wu, Jianzong
    Li, Xiangtai
    Si, Chenyang
    Zhou, Shangchen
    Yang, Jingkang
    Zhang, Jiangning
    Li, Yining
    Chen, Kai
    Tong, Yunhai
    Liu, Ziwei
    Loy, Chen Change
    2024 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR), 2024, : 12501 - 12511
  • [47] Applications of Natural Language Processing and Large Language Models for Social Determinants of Health: Protocol for a Systematic Review
    Rajwal, Swati
    Zhang, Ziyuan
    Chen, Yankai
    Rogers, Hannah
    Sarker, Abeed
    Xiao, Yunyu
    JMIR RESEARCH PROTOCOLS, 2025, 14
  • [48] Time Series Classification With Large Language Models via Linguistic Scaffolding
    Jang, Hyeongwon
    Yong Yang, June
    Hwang, Jaeryong
    Yang, Eunho
    IEEE ACCESS, 2024, 12 : 170387 - 170398
  • [49] VISA: Reasoning Video Object Segmentation via Large Language Models
    Yan, Cilin
    Wang, Haochen
    Yan, Shilin
    Jiang, Xiaolong
    Hu, Yao
    Kang, Guoliang
    Xie, Weidi
    Gavves, Efstratios
    COMPUTER VISION - ECCV 2024, PT XV, 2025, 15073 : 98 - 115
  • [50] Data Stealing Attacks against Large Language Models via Backdooring
    He, Jiaming
    Hou, Guanyu
    Jia, Xinyue
    Chen, Yangyang
    Liao, Wenqi
    Zhou, Yinhang
    Zhou, Rang
    ELECTRONICS, 2024, 13 (14)