RSFuzz: A Robustness-Guided Swarm Fuzzing Framework Based on Behavioral Constraints
Ruoyu Zhou, Zhiwei Zhang, Haocheng Han, Xiaodong Zhang, Zehan Chen, Jun Sun, Yulong Shen, Dehai Xu
TL;DR
RSFuzz addresses the challenge of detecting logical vulnerabilities in complex multi-robot swarms by introducing a robustness-guided fuzzing framework that quantifies swarm state via STL-based behavioral constraints. It identifies a swarm key node using a Katz centrality-based constraint-influence graph and uses two fuzzing schemes, SA-Fuzzing and MA-Fuzzing, to generate failure-triggering scenarios that progressively expose vulnerabilities. The framework demonstrates improvements in both effectiveness and efficiency over the state-of-the-art across three swarm algorithms, with ablation and root-cause analyses clarifying the contributions of key components. The work includes extensive simulations and real-world drone experiments, and provides open-source code and data to support adoption and further research in swarm safety testing.
Abstract
Multi-robot swarms play an essential role in complex missions including battlefield reconnaissance, agricultural pest monitoring, as well as disaster search and rescue. Unfortunately, given the complexity of swarm algorithms, logical vulnerabilities are inevitable and often lead to severe safety and security consequences. Although various methods have been presented for detecting logical vulnerabilities through software testing, when they are used in swarm environments, these techniques face significant challenges: 1) Due to the swarm's vast composable parameter space, it is extremely difficult to generate failure-triggering scenarios, which is crucial to effectively expose logical vulnerabilities; 2) Because of the swarm's high flexibility and dynamism, it is challenging to model and evaluate the global swarm state, particularly in terms of cooperative behaviors, which makes it difficult to detect logical vulnerabilities. In this work, we propose RSFuzz, a robustness-guided swarm fuzzing framework designed to detect logical vulnerabilities in multi-robot systems. It leverages the robustness of behavioral constraints to quantitatively evaluate the swarm state and guide the generation of failure-triggering scenarios. In addition, RSFuzz identifies and targets key swarm nodes for perturbations, effectively reducing the input space. Upon the RSFuzz framework, we construct two swarm fuzzing schemes, Single Attacker Fuzzing (SA-Fuzzing) and Multiple Attacker Fuzzing (MA-Fuzzing), which employ single and multiple attackers, respectively, during fuzzing to disturb swarm mission execution. We evaluated RSFuzz's performance with three popular swarm algorithms in simulated environments. The results show that RSFuzz outperforms the state-of-the-art with an average improvement of 17.75\% in effectiveness and a 38.4\% increase in efficiency. We validated some vulnerabilities in real world.