Relevant bibliographies by topics / Protocol fuzzing / Journal articles
To see the other types of publications on this topic, follow the link: Protocol fuzzing.

Journal articles on the topic 'Protocol fuzzing'

Author: Grafiati
Published: 28 June 2021
Last updated: 7 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 28 journal articles for your research on the topic 'Protocol fuzzing.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Wu, Xiao Lei. "Research on Network Security Algorithm Based on ZigBee Technology." Applied Mechanics and Materials 608-609 (October 2014): 503–6. http://dx.doi.org/10.4028/www.scientific.net/amm.608-609.503.

Full text
Abstract:
Paper study the MAC layer security mechanism and data frame structure in ZigBee protocol, improve the algorithm for random Fuzzing test technology, and test method of attack fusion boundary, structure of Fuzzing and the node clone, proposed a ZigBee routing protocol for the MAC layer security comprehensive detection algorithm. Fuzzing test show that the testing algorithm can not only greatly improve the test efficiency in Fuzzing, more than the structure of Fuzzing is increased by 50% in path coverage.
APA, Harvard, Vancouver, ISO, and other styles
2

Luo, Jian-Zhen, Chun Shan, Jun Cai, and Yan Liu. "IoT Application-Layer Protocol Vulnerability Detection using Reverse Engineering." Symmetry 10, no. 11 (November 1, 2018): 561. http://dx.doi.org/10.3390/sym10110561.

Full text
Abstract:
Fuzzing is regarded as the most promising method for protocol vulnerabilities discovering in network security of Internet of Things (IoT). However, one fatal drawback of existing fuzzing methods is that a huge number of test files are required to maintain a high test coverage. In this paper, a novel method based on protocol reverse engineering is proposed to reduce the amount of test files for fuzzing. The proposed method uses techniques in the field of protocol reverse engineering to identify message formats of IoT application-layer protocol and create test files by generating messages with error fields according to message formats. The protocol message treated as a sequence of bytes is assumed to obey a statistic process with change-points indicating the boundaries of message fields. Then, a multi-change-point detection procedure is introduced to identify change-points of byte sequences according to their statistic properties and divide them into segments according to their change-points. The message segments are further processed via a position-based occurrence probability test analysis to identify keyword fields, data fields and uncertain fields. Finally, a message generation procedure with mutation operation on message fields is applied to construct test files for fuzzing test. The results show that the proposed method can effectively find out the message fields and significantly reduce the amount of test files for fuzzing test.
APA, Harvard, Vancouver, ISO, and other styles
3

Zeng, Yingpei, Mingmin Lin, Shanqing Guo, Yanzhao Shen, Tingting Cui, Ting Wu, Qiuhua Zheng, and Qiuhua Wang. "MultiFuzz: A Coverage-Based Multiparty-Protocol Fuzzer for IoT Publish/Subscribe Protocols." Sensors 20, no. 18 (September 11, 2020): 5194. http://dx.doi.org/10.3390/s20185194.

Full text
Abstract:
The publish/subscribe model has gained prominence in the Internet of things (IoT) network, and both Message Queue Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) support it. However, existing coverage-based fuzzers may miss some paths when fuzzing such publish/subscribe protocols, because they implicitly assume that there are only two parties in a protocol, which is not true now since there are three parties, i.e., the publisher, the subscriber and the broker. In this paper, we propose MultiFuzz, a new coverage-based multiparty-protocol fuzzer. First, it embeds multiple-connection information in a single input. Second, it uses a message mutation algorithm to stimulate protocol state transitions, without the need of protocol specifications. Third, it uses a new desockmulti module to feed the network messages into the program under test. desockmulti is similar to desock (Preeny), a tool widely used by the community, but it is specially designed for fuzzing and is 10x faster. We implement MultiFuzz based on AFL, and use it to fuzz two popular projects Eclipse Mosquitto and libCoAP. We reported discovered problems to the projects. In addition, we compare MultiFuzz with AFL and two state-of-the-art fuzzers, MOPT and AFLNET, and find it discovering more paths and crashes.
APA, Harvard, Vancouver, ISO, and other styles
4

Hernández Ramos, Santiago, M. Teresa Villalba, and Raquel Lacuesta. "MQTT Security: A Novel Fuzzing Approach." Wireless Communications and Mobile Computing 2018 (2018): 1–11. http://dx.doi.org/10.1155/2018/8261746.

Full text
Abstract:
The Internet of Things is a concept that is increasingly present in our lives. The emergence of intelligent devices has led to a paradigm shift in the way technology interacts with the environment, leading society to a smarter planet. Consequently, new advanced telemetry approaches appear to connect all kinds of devices with each other, with companies, or with other networks, such as the Internet. On the road to an increasingly interconnected world, where critical devices rely on communication networks to provide an essential service, there arises the need to ensure the security and reliability of these protocols and applications. In this paper, we discuss a security-based approach for MQTT (Message Queue Telemetry Transport), which stands out as a very lightweight and widely used messaging and information exchange protocol for IoT (Internet of Things) devices throughout the world. To that end, we propose the creation of a framework that allows for performing a novel, template-based fuzzing technique on the MQTT protocol. The first experimental results showed that performance of the fuzzing technique presented here makes it a good candidate for use in network architectures with low processing power sensors, such as Smart Cities. In addition, the use of this fuzzer in widely used applications that implement MQTT has led to the discovery of several new security flaws not hitherto reported, demonstrating its usefulness as a tool for finding security vulnerabilities.
APA, Harvard, Vancouver, ISO, and other styles
5

Jero, Samuel, Maria Leonor Pacheco, Dan Goldwasser, and Cristina Nita-Rotaru. "Leveraging Textual Specifications for Grammar-Based Fuzzing of Network Protocols." Proceedings of the AAAI Conference on Artificial Intelligence 33 (July 17, 2019): 9478–83. http://dx.doi.org/10.1609/aaai.v33i01.33019478.

Full text
Abstract:
Grammar-based fuzzing is a technique used to find software vulnerabilities by injecting well-formed inputs generated following rules that encode application semantics. Most grammar-based fuzzers for network protocols rely on human experts to manually specify these rules. In this work we study automated learning of protocol rules from textual specifications (i.e. RFCs). We evaluate the automatically extracted protocol rules by applying them to a state-of-the-art fuzzer for transport protocols and show that it leads to a smaller number of test cases while finding the same attacks as the system that uses manually specified rules.
APA, Harvard, Vancouver, ISO, and other styles
6

Wang, Zhiqiang, Yuheng Lin, Zihan Zhuo, Jieming Gu, and Tao Yang. "GNFCVulFinder: NDEF Vulnerability Discovering for NFC-Enabled Smart Mobile Devices Based on Fuzzing." Security and Communication Networks 2021 (June 28, 2021): 1–14. http://dx.doi.org/10.1155/2021/9946022.

Full text
Abstract:
Near-field communication (NFC) is a set of communication protocols that enable two electronic devices. Its security and reliability are welcomed by mobile terminal manufactures, banks, telecom operators, and third-party payment platforms. Simultaneously, it has also drawn more and more attention from hackers and attackers, and NFC-enabled devices are facing increasing threats. To improve the security of the NFC technology, the paper studied the technology of discovering security vulnerabilities of NFC Data Exchange Format (NDEF), the most important data transmission protocol. In the paper, we proposed an algorithm, GTCT (General Test Case Construction and Test), based on fuzzing to construct test cases and test the NDEF protocol. GTCT adopts four strategies to construct test cases, manual, generation, mutation, and “reverse analysis,” which can detect logic vulnerabilities that fuzzing cannot find and improve the detection rate. Based on GTCT, we designed an NDEF vulnerability discovering framework and developed a tool named “GNFCVulFinder” (General NFC Vulnerability Finder). By testing 33 NFC system services and applications on Android and Windows Phones, we found eight vulnerabilities, including DoS vulnerabilities of NFC service, logic vulnerabilities about opening Bluetooth/Wi-Fi/torch, design flaws about the black screen, and DoS of NFC applications. Finally, we give some security suggestions for the developer to enhance the security of NFC.
APA, Harvard, Vancouver, ISO, and other styles
7

Song, Congxi, Bo Yu, Xu Zhou, and Qiang Yang. "SPFuzz: A Hierarchical Scheduling Framework for Stateful Network Protocol Fuzzing." IEEE Access 7 (2019): 18490–99. http://dx.doi.org/10.1109/access.2019.2895025.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Xie, Haofei, Zhihui Wang, and Deng Xin Yang. "Design of fuzzing test tool based on WIA-PA protocol." Journal of Physics: Conference Series 1856, no. 1 (April 1, 2021): 012046. http://dx.doi.org/10.1088/1742-6596/1856/1/012046.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Li, Xiaoyi, Xiaojun Pan, and Yanbin Sun. "PS-Fuzz: Efficient Graybox Firmware Fuzzing Based on Protocol State." Journal on Artificial Intelligence 3, no. 1 (2021): 21–31. http://dx.doi.org/10.32604/jai.2021.017328.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Wang, Enze, Baosheng Wang, Wei Xie, Zhenhua Wang, Zhenhao Luo, and Tai Yue. "EWVHunter: Grey-Box Fuzzing with Knowledge Guide on Embedded Web Front-Ends." Applied Sciences 10, no. 11 (June 10, 2020): 4015. http://dx.doi.org/10.3390/app10114015.

Full text
Abstract:
At present, embedded devices have become a part of people’s lives, so detecting security vulnerabilities contained in devices becomes imperative. There are three challenges in detecting embedded device vulnerabilities: (1) Most network protocols are stateful; (2) the communication between the web front-end and the device is encrypted or encoded; and (3) the conditional constraints of programs in the device reduce the depth and breadth of fuzz testing. To address these challenges, we propose a new type of gray-box fuzz testing framework in this paper, called EWVHunter, which is mainly used to find authentication bypass and command injection vulnerabilities in embedded devices. The key idea in this paper is based on the observation that most embedded devices are controlled through the web front-end. Such embedded devices often contain rich information in the communication protocol between the web front-end and device. Therefore, by filling data at the input source on the web front-end and reusing web front-end program logic, we can effectively solve the impact of the stateful network protocol and communication data encryption on fuzzing without relying on any knowledge about the communication protocol. Additionally, we use firmware information extraction to enhance EWVHunter so that it can detect vulnerabilities in deep layer codes and hidden interfaces. In our research, we implemented EWVHunter and evaluated 8 real-world embedded devices, and our approach identified 12 vulnerabilities (including 7 zero-days), which affect a total of 31,996 online devices.
APA, Harvard, Vancouver, ISO, and other styles
11

Kim, SungJin, Jaeik Cho, Changhoon Lee, and Taeshik Shon. "Smart seed selection-based effective black box fuzzing for IIoT protocol." Journal of Supercomputing 76, no. 12 (March 14, 2020): 10140–54. http://dx.doi.org/10.1007/s11227-020-03245-7.

Full text
APA, Harvard, Vancouver, ISO, and other styles
12

Qi, Xiong, Peng Yong, Zhonghua Dai, Shengwei Yi, and Ting Wang. "OPC-MFuzzer: A Novel Multi-Layers Vulnerability Detection Tool for OPC Protocol Based on Fuzzing Technology." International Journal of Computer and Communication Engineering 3, no. 4 (2014): 300–305. http://dx.doi.org/10.7763/ijcce.2014.v3.339.

Full text
APA, Harvard, Vancouver, ISO, and other styles
13

Wang, Guobin, Jingling Zhao, and Baojiang Cui. "Fuzzing method based on field filter and packet repair for GTPv2 protocol." Internet of Things 8 (December 2019): 100104. http://dx.doi.org/10.1016/j.iot.2019.100104.

Full text
APA, Harvard, Vancouver, ISO, and other styles
14

Zhang, Hangwei, Kai Lu, Xu Zhou, Qidi Yin, Pengfei Wang, and Tai Yue. "SIoTFuzzer: Fuzzing Web Interface in IoT Firmware via Stateful Message Generation." Applied Sciences 11, no. 7 (April 1, 2021): 3120. http://dx.doi.org/10.3390/app11073120.

Full text
Abstract:
Cyber attacks against the web management interface of Internet of Things (IoT) devices often have serious consequences. Current research uses fuzzing technologies to test the web interfaces of IoT devices. These IoT fuzzers generate messages (a test case sent from the client to the server to test its functionality) without considering their dependency, which is unlikely to bypass the early check of the server. These invalid test cases significantly reduce the efficiency of fuzzing. To overcome this problem, we propose a stateful message generation (SMG) mechanism for IoT web fuzzing. SMG addresses two problems in IoT fuzzing. First, we retrieve the message dependency by using web front-end analysis and status analysis. These dependent messages, which can easily bypass the server check, are used as a valid seed. Second, we adopt a multi-message seed format to preserve the dependency of the messages when mutating the seed to get a valid test case, so that the test case can bypass the state check of the server to make a valid test. Message dependency preservation is implemented by our proposed parameter mutation and structural mutation methods. We implement SMG in our IoT fuzzer, SIoTFuzzer, which applies IoT firmware on the latest Linux-based simulation tool, FirmAE. We test nine IoT devices including a router and an IP camera and adopt a vulnerability detection mechanism. Our evaluation results show that (1) SIoTFuzzer is capable of finding real-world vulnerabilities in IoT devices; (2) our SMG is effective as it enables Boofuzz (a popular protocol fuzzer) to find command injection and cross-site scripting (XSS) vulnerabilities; and (3) compared to FirmFuzz, SIoTFuzzer found all the vulnerabilities in our benchmarks, while FirmFuzz found only four—the efficiency of our tool increased by 20.57% on average.
APA, Harvard, Vancouver, ISO, and other styles
15

Kim, Woo-Nyon, Moon-Su Jang, Jeongtaek Seo, and Sangwook Kim. "Vulnerability Discovery Method Based on Control Protocol Fuzzing for a Railway SCADA System." Journal of Korea Information and Communications Society 39C, no. 4 (April 30, 2014): 362–69. http://dx.doi.org/10.7840/kics.2014.39c.4.362.

Full text
APA, Harvard, Vancouver, ISO, and other styles
16

Ma, Rui, Daguang Wang, Changzhen Hu, Wendong Ji, and Jingfeng Xue. "Test data generation for stateful network protocol fuzzing using a rule-based state machine." Tsinghua Science and Technology 21, no. 3 (June 2016): 352–60. http://dx.doi.org/10.1109/tst.2016.7488746.

Full text
APA, Harvard, Vancouver, ISO, and other styles
17

Kim, Sung Jin, and Taeshik Shon. "Field classification-based novel fuzzing case generation for ICS protocols." Journal of Supercomputing 74, no. 9 (February 14, 2017): 4434–50. http://dx.doi.org/10.1007/s11227-017-1980-3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
18

Liu, Xinyao, Baojiang Cui, Junsong Fu, and Jinxin Ma. "HFuzz: Towards automatic fuzzing testing of NB-IoT core network protocols implementations." Future Generation Computer Systems 108 (July 2020): 390–400. http://dx.doi.org/10.1016/j.future.2019.12.032.

Full text
APA, Harvard, Vancouver, ISO, and other styles
19

Pechenkin, A. I., and A. V. Nikolskiy. "Architecture of a scalable system of fuzzing network protocols on a multiprocessor cluster." Automatic Control and Computer Sciences 49, no. 8 (December 2015): 758–65. http://dx.doi.org/10.3103/s0146411615080313.

Full text
APA, Harvard, Vancouver, ISO, and other styles
20

Pechenkin, A. I., and D. S. Lavrova. "Modeling the search for vulnerabilities via the fuzzing method using an automation representation of network protocols." Automatic Control and Computer Sciences 49, no. 8 (December 2015): 826–33. http://dx.doi.org/10.3103/s0146411615080325.

Full text
APA, Harvard, Vancouver, ISO, and other styles
21

Harris, J. "On the correlation of statistical and automatic process control." Proceedings of the Institution of Mechanical Engineers, Part B: Journal of Engineering Manufacture 217, no. 1 (January 1, 2003): 99–109. http://dx.doi.org/10.1243/095440503762502314.

Full text
Abstract:
A process control strategy is proposed based upon the twin themes of statistical and automatic process control. The main categories of product fault are identified and related to the capabilities of statistical and automatic control. Statistical control is supported by process fault information from a process-specific fault tree analysis, which provides the basis for a corrective intervention protocol. Application is discussed in terms of fuzzy automatic control, which offers a greater generality than conventional automatic control modelling. Prior publications that fuzzify statistical control zones are arguably incomplete in the application of logic propositions and also in the identification of process faults. The present work proposes a general strategy, which may be adapted to specific processes. Both control by variables and control by attributes may be included within this treatment.
APA, Harvard, Vancouver, ISO, and other styles
22

Brandão, Euzeli Da Silva, Iraci Dos Santos, and Regina Serrão Lanzillotti. "Contribuições do cuidado de enfermagem na redução da dor em clientes com dermatoses imunobolhosas: avaliação pela lógica fuzzi." Online Brazilian Journal of Nursing 15, no. 4 (December 30, 2016): 675. http://dx.doi.org/10.17665/1676-4285.20165467.

Full text
Abstract:
Aim: to evaluate the intensity of the client’s pain with autoimmune bullous dermatoses, before and after the protocol of nursing care is applied to a client with autoimmune bullous dermatoses. Method: the data were treated using fuzzy logic. Results: when associating the implementation of the protocol with pain reduction in the 14 study subjects the following stand out: in T0, seven subjects presented high levels of pain, with a pertinence of 1.0; in T1, 24 hours after intervention, eight presented a low level of pain, with pertinences ranging from 1.0 and 0.75, and only one with high level of pain; in T2, only one remained with a high level of pain. Discussion: the use of analgesics prior to application of the protocol demonstrates that change in pain intensity was not influenced by use of medication, but rather by the implemented care. Conclusion: based on the classifications of fuzzy logic, there was a significant reduction of pain levels, especially in the first 24 hours.
APA, Harvard, Vancouver, ISO, and other styles
23

Xia, Hui, San-shun Zhang, Ben-xia Li, Li Li, and Xiang-guo Cheng. "Towards a Novel Trust-Based Multicast Routing for VANETs." Security and Communication Networks 2018 (October 1, 2018): 1–12. http://dx.doi.org/10.1155/2018/7608198.

Full text
Abstract:
The Intelligent Transportation System (ITS) is an important application area of the Cyber-Physical System (CPS). To further promote effective communication between vehicles, vehicular ad hoc networks (VANETs) have been widely used in the ITS. However, the communication efficiency in VANETs is not only affected by the external environment but also more vulnerable to malicious attacks. In order to address the above-mentioned issues, we propose a novel trust-based multicast routing protocol (TMR) to defend against multiple attacks and improve the routing efficiency. In the proposed trust model, direct trust is calculated based on Bayesian theory and indirect trust is computed according to evaluation credibility and activity. The fuzzy logic theory is used to fuzzify the direct and indirect trust values, and then the total trust value of the node is obtained by defuzzification. With the help of the obtained trust values, malicious vehicle nodes are eliminated in the processes of route establishment and route maintenance, and finally, the network establishes trusted and efficient routes for data delivery. Comprehensive simulation experiments show that our new protocol can effectively improve the transmission rate of data packets at the expense of a slight increase in end-to-end delay and control overhead.
APA, Harvard, Vancouver, ISO, and other styles
24

Lin, Pei-Yi, Chia-Wei Tien, Ting-Chun Huang, and Chin-Wei Tien. "ICPFuzzer: proprietary communication protocol fuzzing by using machine learning and feedback strategies." Cybersecurity 4, no. 1 (August 3, 2021). http://dx.doi.org/10.1186/s42400-021-00087-5.

Full text
Abstract:
AbstractThe fuzzing test is able to discover various vulnerabilities and has more chances to hit the zero-day targets. And ICS(Industrial control system) is currently facing huge security threats and requires security standards, like ISO 62443, to ensure the quality of the device. However, some industrial proprietary communication protocols can be customized and have complicated structures, the fuzzing system cannot quickly generate test data that adapt to various protocols. It also struggles to define the mutation field without having prior knowledge of the protocols. Therefore, we propose a fuzzing system named ICPFuzzer that uses LSTM(Long short-term memory) to learn the features of a protocol and generates mutated test data automatically. We also use the responses of testing and adjust the weight strategies to further test the device under testing (DUT) to find more data that cause unusual connection status. We verified the effectiveness of the approach by comparing with the open-source and commercial fuzzers. Furthermore, in a real case, we experimented with the DLMS/COSEM for a smart meter and found that the test data can cause a unusual response. In summary, ICPFuzzer is a black-box fuzzing system that can automatically execute the testing process and reveal vulnerabilities that interrupt and crash industrial control communication. Not only improves the quality of ICS but also improves safety.
APA, Harvard, Vancouver, ISO, and other styles
25

Kwon, Soonhong, Sang‐Jin Son, Yangseo Choi, and Jong‐Hyouk Lee. "Protocol fuzzing to find security vulnerabilities of RabbitMQ." Concurrency and Computation: Practice and Experience, September 14, 2020. http://dx.doi.org/10.1002/cpe.6012.

Full text
APA, Harvard, Vancouver, ISO, and other styles
26

"RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing." KSII Transactions on Internet and Information Systems 7, no. 8 (August 30, 2013): 1989–2009. http://dx.doi.org/10.3837/tiis.2013.08.014.

Full text
APA, Harvard, Vancouver, ISO, and other styles
27

Gao, Zicong, Weiyu Dong, Rui Chang, and Yisen Wang. "Fw-fuzz: A code coverage-guided fuzzing framework for network protocols on firmware." Concurrency and Computation: Practice and Experience, April 8, 2020. http://dx.doi.org/10.1002/cpe.5756.

Full text
APA, Harvard, Vancouver, ISO, and other styles
28

Lv, Wanyou, Jiawen Xiong, Jianqi Shi, Yanhong Huang, and Shengchao Qin. "A deep convolution generative adversarial networks based fuzzing framework for industry control protocols." Journal of Intelligent Manufacturing, May 23, 2020. http://dx.doi.org/10.1007/s10845-020-01584-z.

Full text
APA, Harvard, Vancouver, ISO, and other styles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography