NSFuzz : Towards Efficient and State-Aware Network Service Fuzzing

As an essential component responsible for communication, network services are security-critical, and it is vital to find vulnerabilities in them. Fuzzing currently one of the most popular software vulnerability discovery techniques, widely adopted due its high efficiency low false positives. However, existing coverage-guided fuzzers mainly aim at stateless local applications, leaving stateful underexplored. Recently, some targeting have been proposed but certain limitations, e.g., insufficient or inaccurate state representation testing efficiency. In this paper, we propose a new fuzzing solution NSFuzz services. Specifically, studied typical implementations service programs figured out how they represent states interact with clients. Accordingly (1) program variable-based scheme (2) efficient interaction synchronization mechanism improve We implemented prototype NSFuzz, which uses static analysis annotation APIs identify points variables within services, then achieves fast I/O accurate tracing carry state-aware via lightweight compile-time instrumentation. The evaluation results show that compared other fuzzers, including AFL net S tate AFL, our could infer more model during throughput by up 200x. Besides, code coverage 25% trigger crashes less time. Furthermore, performed campaign bugs latest version target 8 zero-day found NSFuzz.