Semi-valid fuzz testing case generation for stateful network protocol

Network protocols are divided into stateless and stateful. Stateful network protocols have complex communication interactions and state transitions. However, the existing network protocol fuzzing does not support state transitions very well. This paper focuses on this issue and proposes the Semi-valid Fuzzing for the Stateful Network Protocol (SFSNP). The SFSNP analyzes protocol interactions and builds an extended finite state machine with a path marker for the network protocol; then it obtains test sequences of the extended finite state machine, and further performs the mutation operation using the semi-valid algorithm for each state transition in the test sequences; finally, it obtains fuzzing sequences. Moreover, because different test sequences may have the same state transitions, the SFSNP uses the state transition marking algorithm to reduce redundant test cases. By using the stateful rule tree of the protocol, the SFSNP extracts the constraints in the protocol specifications to construct semi-valid fuzz testing cases within the sub-protocol domain, and finally forms fuzzing sequences. Experimental results indicate that the SFSNP is reasonably effective at reducing the quantity of generated test cases and improving the quality of fuzz testing cases. The SFSNP can reduce redundancy and shorten testing time.