Leveraging Textual Specifications for Grammar-based Fuzzing of Network Protocols
This work addresses the need to reduce manual effort in fuzzing for network protocol security, though it is incremental as it builds on existing fuzzing methods.
The paper tackled the problem of automating grammar-based fuzzing for network protocols by learning protocol rules from textual specifications like RFCs, resulting in a system that used fewer test cases while finding the same attacks as manual rule specification.
Grammar-based fuzzing is a technique used to find software vulnerabilities by injecting well-formed inputs generated following rules that encode application semantics. Most grammar-based fuzzers for network protocols rely on human experts to manually specify these rules. In this work we study automated learning of protocol rules from textual specifications (i.e. RFCs). We evaluate the automatically extracted protocol rules by applying them to a state-of-the-art fuzzer for transport protocols and show that it leads to a smaller number of test cases while finding the same attacks as the system that uses manually specified rules.