ABSTRACT
According to the investigation from VERC, unpatched vulnerabilities in systems are the major causes leading to network security events. Fuzzing is widely applied to discover serious vulnerabilities of network protocols [1] such as DoS, Buer overflow [2], Integer overflow [3][4], format string and so on. Firstly, “malicious” network inputs to a special application are generated to uncover potential vulnerabilities. Eective mutations are generated based on protocol formats, but protocol specifications are always kept secret and the knowledge of nonpublic “open-source” protocols specifications traditionally is obtained by reverse engineering. Current practice in identifying protocol specifications is mostly manual. Such eorts are painstakingly time consuming and ineective.
