Network protocol fuzz testing for information systems and applications: a survey and taxonomy

Abstract

Fuzzing or fuzz testing has been introduced as a software testing technique to reduce vulnerabilities in software systems or given targets. To achieve a maximum benefit-to-cost ratio and without complication, we use fuzz testing [11]. In addition, during the development and debugging of a system, we may fail to notice the kinds of shortcoming that fuzz testing can expose. Fuzz testing types are different depending on the target they fuzz. Application, file format, and protocol fuzzing are the most common fuzzing types. A protocol fuzzer sends counterfeit packets to a target system while changing the normal packet en-route and sometimes replaying them. In addition, a protocol fuzzer sometimes acts as proxy server for clients. This survey study examines network protocol fuzz testing. We identified several studies on network protocol fuzzing. Most focus on application layers of the Open Systems Interconnection model. We primarily review the approaches of five studies and the targets and protocol layers they fuzz. We then develop criteria to compare these approaches in detail.