A Survey of Network Protocol Fuzzing: Model, Techniques and Directions
Shihao Jiang, Yu Zhang, Junqiang Li, Hongfang Yu, Long Luo, Gang Sun
TL;DR
The paper analyzes network protocol fuzzing, identifying four key challenges posed by protocol-specific characteristics and proposing a unified four-stage fuzzing process model. It surveys state-of-the-art methods across protocol syntax acquisition/modeling, test case generation, test execution/monitoring, and feedback utilization, and categorizes fuzzers into blackbox, whitebox, greybox, plus spec-dependent and spec-free varieties. By detailing techniques for syntax learning, state inference, and feedback-driven fuzzing—such as AFLNet, StateAFL, FITM, and PULSAR—it provides a cohesive framework to compare approaches and guide future research. The work highlights directions like improved expandability, richer feedback signals, handling complex, multi-party testing scenarios, and extending testing capabilities to underlying protocol layers, aiming to make protocol fuzzing more scalable and effective in real-world settings.
Abstract
As one of the most successful and effective software testing techniques in recent years, fuzz testing has uncovered numerous bugs and vulnerabilities in modern software, including network protocol software. In contrast to other fuzzing targets, network protocol software exhibits its distinct characteristics and challenges, introducing a plethora of research questions that need to be addressed in the design and implementation of network protocol fuzzers. While some research work has evaluated and systematized the knowledge of general fuzzing techniques at a high level, there is a lack of similar analysis and summarization for fuzzing research specific to network protocols. This paper offers a comprehensive exposition of network protocol software's fuzzing-related features and conducts a systematic review of some representative advancements in network protocol fuzzing since its inception. We summarize state-of-the-art strategies and solutions in various aspects, propose a unified protocol fuzzing process model, and introduce the techniques involved in each stage of the model. At the same time, this paper also summarizes the promising research directions in the landscape of protocol fuzzing to foster exploration within the community for more efficient and intelligent modern network protocol fuzzing techniques.