MSLFuzzer:black-box fuzzing of SOHO router devices via message segment list inference  

作　　者：Yixuan Cheng Wenqing Fan Wei Huang Jingyu Yang Gaoqing Yu Wen Liu 

机构地区：[1]State Key Laboratory of Media Convergence and Communication,Communication Universityof China,Beijing,China [2]School of Computer and Cyber Sciences,Communication University of China,Bejing,China

出　　处：《Cybersecurity》2024年第4期89-109,共21页网络空间安全科学与技术（英文）

基　　金：supported by the major project of Science and Technology Innovation 2030,"The next generation of Artificial Intelligence"under Grant Number 2021ZD0111400;the Open project of the State Key Laboratory of Computer Architecture,Neural Network Enhanced Symbolic Execution Algorithm Research under Grant Number CARCH201910;the Fundamental Research Fundsfor the Central Universities under Grant Number 3132018XNG1814 and 3132018XNG1815.

摘　　要：The popularity of small office and home office routers has brought convenience,but it also caused many security issues due to vulnerabilities.Black-box fuzzing through network protocols to discover vulnerabilities becomes a viable option.The main drawbacks of state-of-the-art black-box fuzzers can be summarized as follows.First,the feedback process neglects to discover the mising felds in the raw message.Secondly,the guidance of the raw message content in the mutation process is aimless.Finally,the randomized validity of the test case structure can cause most fuzzing tests to end up with an invalid response of the tested device.To address these challenges,we propose a novel black-box fuzzing framework called MSL Fuzzer.MSL Fuzzer infers the raw message structure according to the response from a tested device and generates a message segment list.Furthermore,MSL Fuzzer performs semantic,sequence,and stability analyses on each message segment to enhance the complementation of missing fields in the raw message and guide the mutation process.We construct a dataset of 35 real-world vulnerabilities and evaluate MSL Fuzzer.The evaluation results show that MSL Fuzzer can find more vulnerabilities and elicit more types of responses from fuzzing targets.Additionally,MSL Fuzzer successfully discovered 10 previously unknown vulnerabilities.

关 键 词：Vulnerability discovery Black-box fuzzing SOHO routers Feedback mechanism 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]