Poster: Automatic Network Protocol Fingerprint Discovery with Difference-Guided Fuzzing

Poster: Automatic Network Protocol Fingerprint Discovery with Difference-Guided Fuzzing

연구 분야: Networking

학회: 2024 IEEE 32nd International Conference on Network Protocols (ICNP)

Network protocol fingerprinting is a critical technique for identifying various implementations of network protocols, which is essential for vulnerability assessment and security management. However, current fingerprinting methods such as Nmap still heavily rely on manual probe crafting, requiring experts with domain knowledge and leading to inefficiencies and potential oversights. This paper introduces pFuzz, an automatic network protocol fingerprint discovery system utilizing difference-guided fuzzing, to address the challenge of the vast search space inherent in fingerprinting. We propose a difference tree to model the nested recursive condition structure of network protocols and a packet oracle map to capture and utilize multifield relationships revealed by value co-occurrence. Our evaluation of pFuzz on the widely used TCP/IP protocol demonstrates its effectiveness and efficiency on discovering fingerprints.