SGANFuzz: A Deep Learning-Based MQTT Fuzzing Method Using Generative Adversarial Networks | IEEE Journals & Magazine | IEEE Xplore

SGANFuzz: A Deep Learning-Based MQTT Fuzzing Method Using Generative Adversarial Networks


SGANFuzz: A deep learning-based method for fuzzing MQTT network protocol. This fuzzer mainly contains three parts. They are test case generation, fuzzing tool, and log sy...

Abstract:

As the Internet of Things (IoT) industry grows, the risk of network protocol security threats has also increased. One protocol that has come under scrutiny for its securi...Show More

Abstract:

As the Internet of Things (IoT) industry grows, the risk of network protocol security threats has also increased. One protocol that has come under scrutiny for its security vulnerabilities is MQTT (Message Queuing Telemetry Transport), which is widely used. To address this issue, an automated execution program called fuzz has been developed to verify the security of MQTT brokers. This program is provided with various random and unexpected input data and monitored for different responses, such as acknowledgments, crashes, failures, or memory leaks. To generate a significant number of realistic MQTT protocols, we have proposed a Generative Adversarial Networks (GAN)-based protocol fuzzer called SGANFuzz. Our experimental results show that SGANFuzz has successfully detected 6 vulnerabilities among 7 MQTT implementations, including 3 CVE bugs. Compared to the state-of-the-art fuzzing tools, SGANFuzz has proven to be the most efficient fuzzing tool in terms of vulnerability detection and has expanded the feedback coverage by receiving more unique network responses from MQTT brokers.
SGANFuzz: A deep learning-based method for fuzzing MQTT network protocol. This fuzzer mainly contains three parts. They are test case generation, fuzzing tool, and log sy...
Published in: IEEE Access ( Volume: 12)
Page(s): 27210 - 27224
Date of Publication: 13 February 2024
Electronic ISSN: 2169-3536

References

References is not available for this document.