{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T16:21:28Z","timestamp":1774369288920,"version":"3.50.1"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"7-8","license":[{"start":{"date-parts":[[2024,8,13]],"date-time":"2024-08-13T00:00:00Z","timestamp":1723507200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,8,13]],"date-time":"2024-08-13T00:00:00Z","timestamp":1723507200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100003246","name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","doi-asserted-by":"publisher","award":["NWA.1160.18.301"],"award-info":[{"award-number":["NWA.1160.18.301"]}],"id":[{"id":"10.13039\/501100003246","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003246","name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","doi-asserted-by":"publisher","award":["NWA.1160.18.301"],"award-info":[{"award-number":["NWA.1160.18.301"]}],"id":[{"id":"10.13039\/501100003246","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003246","name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","doi-asserted-by":"publisher","award":["NWA.1160.18.301"],"award-info":[{"award-number":["NWA.1160.18.301"]}],"id":[{"id":"10.13039\/501100003246","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Ann. Telecommun."],"published-print":{"date-parts":[[2025,8]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>Fuzzing is a widely used and effective technique to test software. Unfortunately, certain systems, including network protocols, are more challenging to fuzz than others. An important complication with fuzzing network protocols is that this tends to be a slow process, which is problematic as fuzzing involves many test inputs. This article analyzes the root causes behind the inefficiency of fuzzing network protocols and strategies to avoid them. It extends our earlier work on network protocol fuzzers, which explored some of these strategies, to give a more comprehensive overview of overheads in fuzzing and ways to reduce them.<\/jats:p>","DOI":"10.1007\/s12243-024-01058-w","type":"journal-article","created":{"date-parts":[[2024,8,13]],"date-time":"2024-08-13T01:02:01Z","timestamp":1723510921000},"page":"659-668","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["On the (in)efficiency of fuzzing network protocols"],"prefix":"10.1007","volume":"80","author":[{"given":"Seyed Behnam","family":"Andarzian","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cristian","family":"Daniele","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Erik","family":"Poll","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,8,13]]},"reference":[{"key":"1058_CR1","doi-asserted-by":"crossref","unstructured":"Schumilo S et al (2022) Nyx-net: network fuzzing with incremental snapshots. Proceedings of the Seventeenth European Conference on Computer Systems","DOI":"10.1145\/3492321.3519591"},{"key":"1058_CR2","unstructured":"Libfuzzer (2023) A library for coverage-guided fuzz testing. Retrieved Feb 2, 2023 from https:\/\/llvm.org\/docs\/LibFuzzer.html"},{"key":"1058_CR3","unstructured":"Zardus (2023) preeny. Retrieved Jan 6, 2023 from https:\/\/github.com\/zardus\/preeny"},{"key":"1058_CR4","unstructured":"Google (2022) ClusterFuzz Trophies. Retrieved Feb 12, 2023 from https:\/\/google.github.io\/clusterfuzz\/#trophies"},{"key":"1058_CR5","unstructured":"Tuveri N (2021) Fuzzing open-SSL. Retrieved Feb 6, 2023 from https:\/\/github.com\/openssl\/openssl\/blob\/master\/fuzz\/README.md"},{"key":"1058_CR6","unstructured":"Low WCY (2022) Dissecting Microsoft IMAP Client Protocol. Retrieved Feb 6, 2023 from https:\/\/www.fortinet.com\/blog\/threat-research\/analyzing- microsoft- imap- client- protocol"},{"key":"1058_CR7","doi-asserted-by":"crossref","unstructured":"Aschermann C, Schumilo S, Abbasi A, Holz T (2020) Ijon: exploring deep state spaces via fuzzing. In: 2020 IEEE symposium on security and privacy (SP), pp 1597\u20131612. IEEE","DOI":"10.1109\/SP40000.2020.00117"},{"key":"1058_CR8","unstructured":"Ba J, B\u00f6hme M, Mirzamomen Z, Roychoudhury A (2022) Stateful greybox fuzzing. In: 31st USENIX security symposium (USENIX Security 22), pp 3255\u20133272"},{"key":"1058_CR9","doi-asserted-by":"publisher","first-page":"3401","DOI":"10.1007\/s00500-015-2017-6","volume":"21","author":"B Cui","year":"2017","unstructured":"Cui B, Wang F, Hao Y, Chen X (2017) WhirlingFuzzwork: a taint-analysis-based API in-memory fuzzing framework. Soft Comput 21:3401\u20133414","journal-title":"Soft Comput"},{"key":"1058_CR10","doi-asserted-by":"crossref","unstructured":"Daniele C, Andarzian SB, Poll E (2023) Fuzzers for stateful systems: survey and research directions. arXiv preprint arXiv:2301.02490","DOI":"10.1145\/3648468"},{"key":"1058_CR11","doi-asserted-by":"crossref","unstructured":"Isberner M, Howar F, Steffen B (2014) The TTT algorithm: a redundancy-free approach to active automata learning. In: Runtime verification: 5th international conference, September 22\u201325, 2014. Proceedings 5, pp 307\u2013322. Springer","DOI":"10.1007\/978-3-319-11164-3_26"},{"key":"1058_CR12","doi-asserted-by":"crossref","unstructured":"Maier D, Bittner O, Munier M, Beier J (2022) FitM: binary-only coverage-guided fuzzing for stateful network protocols. In: Workshop on Binary Analysis Research (BAR), vol","DOI":"10.14722\/bar.2022.23008"},{"key":"1058_CR13","doi-asserted-by":"crossref","unstructured":"Natella R, Pham V-T (2021) Profuzzbench: a benchmark for stateful protocol fuzzing. In: Proceedings of the 30th ACM SIGSOFT international symposium on software testing and analysis, pp 662\u2013665","DOI":"10.1145\/3460319.3469077"},{"key":"1058_CR14","doi-asserted-by":"crossref","unstructured":"Pham V-T, B\u00f6hme M, Roychoudhury A (2020) AFLNet: a greybox fuzzer for network protocols. In: 2020 IEEE 13th International Conference on Software Testing, validation and verification (ICST), pp 460\u2013465. IEEE","DOI":"10.1109\/ICST46399.2020.00062"},{"key":"1058_CR15","doi-asserted-by":"crossref","unstructured":"Schumilo S, Aschermann C, Jemmett A, Abbasi A, Holz T (2022) Nyx-net: network fuzzing with incremental snapshots. In: Proceedings of the seventeenth european conference on computer systems, pp 166\u2013180","DOI":"10.1145\/3492321.3519591"},{"key":"1058_CR16","unstructured":"Sutton M, Greene A, Amini P (2007) Fuzzing: brute force vulnerability discovery. Pearson Education"},{"key":"1058_CR17","doi-asserted-by":"publisher","first-page":"198668","DOI":"10.1109\/ACCESS.2020.3025037","volume":"8","author":"Y Yu","year":"2020","unstructured":"Yu Y, Chen Z, Gan S, Wang X (2020) SGPFuzzer: a state-driven smart graybox protocol fuzzer for network protocol implementations. IEEE Access 8:198668\u2013198678","journal-title":"IEEE Access"},{"issue":"18","key":"1058_CR18","doi-asserted-by":"publisher","first-page":"5194","DOI":"10.3390\/s20185194","volume":"20","author":"Y Zeng","year":"2020","unstructured":"Zeng Y, Lin M, Guo S, Shen Y, Cui T, Wu T, Zheng Q, Wang Q (2020) Multifuzz: a coverage-based multiparty-protocol fuzzer for iot publish\/subscribe protocols. Sensors 20(18):5194","journal-title":"Sensors"},{"key":"1058_CR19","doi-asserted-by":"crossref","unstructured":"Luo Z, Zuo F, Shen Y, Jiao X, Chang W, Jiang Y (2020) ICS protocol fuzzing: coverage guided packet crack and generation. In: 2020 57th ACM\/IEEE Design automation conference (DAC), pp 1\u20136. IEEE","DOI":"10.1109\/DAC18072.2020.9218603"},{"key":"1058_CR20","unstructured":"Mozilla Security (2021) Peach. Retrieved Feb 2, 2023 from https:\/\/github.com\/MozillaSecurity\/peach"},{"key":"1058_CR21","doi-asserted-by":"crossref","unstructured":"Yu B, Wang P, Yue T, Tang Y (2019) Poster: fuzzing IoT firmware via multi-stage message generation. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security (CCS 2019), pp 2525\u20132527","DOI":"10.1145\/3319535.3363247"},{"key":"1058_CR22","doi-asserted-by":"crossref","unstructured":"Natella R (2022) StateAFL: greybox fuzzing for stateful network servers. Empirical Softw Eng 27(7)","DOI":"10.1007\/s10664-022-10233-3"},{"key":"1058_CR23","unstructured":"Fioraldi A, Maier D, Ei\u00dffeldt H, Heuse M (2020) AFL++: combining incremental steps of fuzzing research. In: 14th USENIX Workshop on offensive technologies (WOOT 20)"},{"key":"1058_CR24","unstructured":"The OPC foundation (2023) The OPC Unified Architecture (UA). Retrieved April 2, 2023 from https:\/\/opcfoundation.org\/about\/opc-technologies\/opc-ua\/"},{"key":"1058_CR25","unstructured":"Modbus organization (2023) Modbus data communications protocol. Retrieved April 2, 2023 from https:\/\/modbus.org\/"},{"key":"1058_CR26","unstructured":"Cheremushkin, Temnikov (2023) OPC UA security analysis. Technical report, Kaspersky. Retrieved April 14, 2023 from https:\/\/ics-cert.kaspersky.com\/publications\/reports\/2018\/05\/10\/opc-ua-security-analysis\/"},{"key":"1058_CR27","unstructured":"Serebryany K (2017) OSS-Fuzz-Google\u2019s continuous fuzzing service for open source software. USENIX"},{"key":"1058_CR28","doi-asserted-by":"crossref","unstructured":"Klooster T, Turkmen F, Broenink G, Ten Hove R, B\u00f6hme M (2023) Continuous fuzzing: a study of the effectiveness and scalability of fuzzing in CI\/CD pipelines. In: 2023 IEEE\/ACM International workshop on Search-Based and Fuzz Testing (SBFT), pp 25\u201332. IEEE","DOI":"10.1109\/SBFT59156.2023.00015"},{"key":"1058_CR29","unstructured":"Gorter F, Barberis E, Isemann R, van der Kouwe E, Giuffrida C, Bos H (2023) FloatZone: how floating point additions can detect memory errors. USENIX"},{"key":"1058_CR30","doi-asserted-by":"crossref","unstructured":"Andronidis A, Cadar C (2022) Snapfuzz: high-throughput fuzzing of network applications. In: Proceedings of the 31st ACM SIGSOFT international symposium on software testing and analysis, pp 340\u2013351","DOI":"10.1145\/3533767.3534376"},{"key":"1058_CR31","doi-asserted-by":"crossref","unstructured":"Andarzian SB, Daniele C, Poll E (2023) Green-Fuzz: efficient fuzzing for network protocol implementations. In: Proceedings of the 16th international symposium on foundations and practice of security FPS","DOI":"10.1007\/978-3-031-57537-2_16"},{"key":"1058_CR32","doi-asserted-by":"crossref","unstructured":"Geretto E, Giuffrida C, Bos H, Van Der Kouwe E (2022) Snappy: efficient fuzzing with adaptive and mutable snapshots. In: Proceedings of the 38th annual computer security applications conference, pp 375\u2013387","DOI":"10.1145\/3564625.3564639"},{"key":"1058_CR33","unstructured":"Anonymous (2024) AFL*: a simple approach to fuzzing stateful systems. OpenReview Preprint"},{"key":"1058_CR34","unstructured":"POSIX shared memory (2024) Retrieved Feb 6, 2024 from https:\/\/man7.org\/linux\/man-pages\/man7\/shm_overview.7.html"}],"container-title":["Annals of Telecommunications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-024-01058-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12243-024-01058-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-024-01058-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,5]],"date-time":"2025-09-05T20:35:22Z","timestamp":1757104522000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12243-024-01058-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,8,13]]},"references-count":34,"journal-issue":{"issue":"7-8","published-print":{"date-parts":[[2025,8]]}},"alternative-id":["1058"],"URL":"https:\/\/doi.org\/10.1007\/s12243-024-01058-w","relation":{},"ISSN":["0003-4347","1958-9395"],"issn-type":[{"value":"0003-4347","type":"print"},{"value":"1958-9395","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,8,13]]},"assertion":[{"value":"15 February 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 July 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 August 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}}]}}