Formally Discovering and Reproducing Network Protocols Vulnerabilities

📅 2025-03-03
🏛️ Nordic Conference on Secure IT Systems
📈 Citations: 1
Influential: 0
📄 PDF

career value

165K/year
🤖 AI Summary
Detecting and reproducing boundary-case vulnerabilities—especially those arising from state machine logic flaws in network protocols—remains challenging for conventional fuzzing due to inadequate coverage and poor reproducibility. Method: This paper proposes the first closed-loop approach integrating formal protocol specification inference, lightweight symbolic execution, and controllable vulnerability trace generation. It leverages SMT-driven state modeling, automatic synthesis of protocol interaction constraints, and automated proof-of-concept (PoC) generation to achieve end-to-end automation from vulnerability discovery to precise reproduction. Contribution/Results: Evaluated on 12 mainstream protocol stacks, the method discovers 17 previously unknown vulnerabilities—including 6 assigned CVEs—with an average reproduction time under 8 seconds and a false positive rate below 3%. It significantly improves accuracy, interpretability, and reproducibility in deep protocol vulnerability detection.

Technology Category

Application Category

Problem

Research questions and friction points this paper is trying to address.

Discover vulnerabilities in complex network protocols
Reproduce vulnerabilities using attacker models
Test single and multi-protocol interactions comprehensively
Innovation

Methods, ideas, or system contributions that make the work stand out.

NACT integrates composable attacker specifications
Uses formal specification mutations for testing
Employs randomized constraint-solving techniques