TY - GEN
T1 - RBFUZZ
T2 - 25th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2025
AU - Zhao, Siqi
AU - Ma, Rui
AU - Ren, Jingwen
AU - Zhai, Yuqi
AU - Xu, Shitong
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2026.
PY - 2026
Y1 - 2026
N2 - As network protocols grow increasingly complex, traditional greybox protocol fuzzing faces several challenges, particularly in state and seed selection strategies, which do not take into account branches with low execution frequency that may contain key methods of the protocol. These branches, referred to as rare branches, may reduce the effectiveness of fuzzing. To address these challenges, we propose RBFUZZ, a rare branch guided protocol fuzzing approach that enhances state selection and seed selection. To improve state selection, RBFUZZ adopts a strategy that incorporates the rare branch score as a new criterion and uses the TOPSIS decision-making method to evaluate protocol states by comprehensively considering this criterion with AFLNET’s original criteria. To improve the seed selection, we propose a rare branch guided strategy that prioritizes seeds capable of executing the least-executed branches associated with a given protocol state. We further evaluate the performance of RBFUZZ by comparing with AFLNET, AFLNWE and StateAFL, on 13 typical protocol implementations from ProFuzzBench. The experimental results show that RBFUZZ discovers 15.36%, 41.63% and 30.60% more paths, 49.26%, 187.43% and 57.19% more crashes than AFLNET, AFLNWE, and StateAFL on average, respectively. Besides, RBFUZZ discovers 50.0% more states and 21.59% state transitions than AFLNET on average. That highlights RBFuzz could improve the effectiveness of fuzzing.
AB - As network protocols grow increasingly complex, traditional greybox protocol fuzzing faces several challenges, particularly in state and seed selection strategies, which do not take into account branches with low execution frequency that may contain key methods of the protocol. These branches, referred to as rare branches, may reduce the effectiveness of fuzzing. To address these challenges, we propose RBFUZZ, a rare branch guided protocol fuzzing approach that enhances state selection and seed selection. To improve state selection, RBFUZZ adopts a strategy that incorporates the rare branch score as a new criterion and uses the TOPSIS decision-making method to evaluate protocol states by comprehensively considering this criterion with AFLNET’s original criteria. To improve the seed selection, we propose a rare branch guided strategy that prioritizes seeds capable of executing the least-executed branches associated with a given protocol state. We further evaluate the performance of RBFUZZ by comparing with AFLNET, AFLNWE and StateAFL, on 13 typical protocol implementations from ProFuzzBench. The experimental results show that RBFUZZ discovers 15.36%, 41.63% and 30.60% more paths, 49.26%, 187.43% and 57.19% more crashes than AFLNET, AFLNWE, and StateAFL on average, respectively. Besides, RBFUZZ discovers 50.0% more states and 21.59% state transitions than AFLNET on average. That highlights RBFuzz could improve the effectiveness of fuzzing.
KW - Protocol Fuzzing
KW - Rare Branch
KW - Seed Selection
KW - State Selection
UR - https://www.scopus.com/pages/publications/105038110068
U2 - 10.1007/978-981-95-8417-8_14
DO - 10.1007/978-981-95-8417-8_14
M3 - Conference contribution
AN - SCOPUS:105038110068
SN - 9789819584161
T3 - Lecture Notes in Computer Science
SP - 184
EP - 199
BT - Algorithms and Architectures for Parallel Processing - 25th International Conference, ICA3PP 2025, Proceedings
A2 - Liu, Huazhong
A2 - Ibrahim, Shadi
A2 - Rauber, Thomas
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 30 October 2025 through 2 November 2025
ER -