{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T04:36:10Z","timestamp":1761971770163,"version":"build-2065373602"},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"Abstract<\/jats:title>\n \n Network protocol fuzzing is a critical method for detecting vulnerabilities in network protocol programs. However, traditional selection algorithms used in network protocol fuzzing often fail to accurately select effective states and seeds. To address this limitation, this paper proposes a fuzzing framework called Contextual AFL\n net<\/jats:sc>\n (CAFL\n net<\/jats:sc>\n ), which employs a selection algorithm that utilizes enhanced contextual information. This framework introduces key metrics, such as\n state in-degree<\/jats:italic>\n ,\n state out-degree<\/jats:italic>\n , and\n trace-adjacent call count<\/jats:italic>\n , to enhance contextual information. The selection algorithm is divided into two parts: (1) a state selection algorithm based on the linear upper confidence bound, which optimizes the balance between exploration and exploitation by utilizing enhanced contextual information, and (2) a tri-factor seed selection algorithm, designed to utilize contextual information such as seed labels, execution information, and session information to thoroughly and effectively evaluate seed value in the selection process. We evaluated our framework and AFL\n net<\/jats:sc>\n using eleven benchmark programs from ProFuzzBench and the real-world. The results demonstrate that our framework outperformed AFL\n net<\/jats:sc>\n by an average of 6.86% in terms of branch coverage, with a notable increase of 18.79% on PureFTPD. In addition, our framework slightly outperformed AFL\n net<\/jats:sc>\n in state discovery and exhibited superior performance in vulnerability detection, triggering known vulnerabilities earlier and more frequently and successfully exposing a previously unknown vulnerability.\n <\/jats:p>","DOI":"10.1186\/s42400-025-00377-2","type":"journal-article","created":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T03:02:06Z","timestamp":1761966126000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["CAFLnet: a network protocol fuzzing framework based on selection algorithm with enhanced contextual information"],"prefix":"10.1186","volume":"8","author":[{"given":"Zhiming","family":"Li","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-0548-8170","authenticated-orcid":false,"given":"Shuquan","family":"Zhou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaokan","family":"Luo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Heping","family":"Wei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guangkang","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,11,1]]},"reference":[{"key":"377_CR1","unstructured":"Ba J, B\u00f6hme M, Mirzamomen Z, Roychoudhury A (2022) Stateful greybox fuzzing. In: 31st USENIX security symposium (USENIX Security 22). USENIX Association, Boston, MA, pp 3255\u20133272"},{"issue":"5","key":"377_CR2","doi-asserted-by":"publisher","first-page":"489","DOI":"10.1109\/TSE.2017.2785841","volume":"45","author":"M B\u00f6hme","year":"2019","unstructured":"B\u00f6hme M, Pham VT, Roychoudhury A (2019) Coverage-based greybox fuzzing as Markov chain. IEEE Trans Softw Eng 45(5):489\u2013506. https:\/\/doi.org\/10.1109\/TSE.2017.2785841","journal-title":"IEEE Trans Softw Eng"},{"key":"377_CR3","doi-asserted-by":"publisher","unstructured":"Borcherding A, Giraud M, Fitzgerald I, Beyerer J (2023) The Bandit\u2019s states: modeling state selection for stateful network fuzzing as multi-armed bandit problem. In: 2023 IEEE European symposium on security and privacy workshops (EuroS &PW), pp 345\u2013350. https:\/\/doi.org\/10.1109\/EuroSPW59978.2023.00043","DOI":"10.1109\/EuroSPW59978.2023.00043"},{"key":"377_CR4","doi-asserted-by":"crossref","unstructured":"B\u00f6ttinger K, Godefroid P, Singh R (2018) Deep reinforcement fuzzing. In: 2018 IEEE security and privacy workshops (SPW), pp 116\u2013122,","DOI":"10.1109\/SPW.2018.00026"},{"key":"377_CR5","doi-asserted-by":"publisher","unstructured":"Chaslot G, Bakkes S, Szita I, Spronck P (2021) Monte-Carlo tree search: a new framework for game AI. In: Proceedings of the AAAI conference on artificial intelligence and interactive digital entertainment, vol 4, no 1, pp 216\u2013217. https:\/\/doi.org\/10.1609\/aiide.v4i1.18700","DOI":"10.1609\/aiide.v4i1.18700"},{"key":"377_CR6","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1016\/j.cose.2018.02.002","volume":"75","author":"C Chen","year":"2018","unstructured":"Chen C, Cui B, Ma J, Wu R, Guo J, Liu W (2018) A systematic review of fuzzing techniques. Comput Secur 75:118\u2013137. https:\/\/doi.org\/10.1016\/j.cose.2018.02.002","journal-title":"Comput Secur"},{"key":"377_CR7","unstructured":"djmdjm (2020) Openssh seeds. https:\/\/github.com\/djmdjm\/openssh-fuzz-cases\/tree\/master\/kex. Accessed 19 June 2024"},{"key":"377_CR8","unstructured":"Exim (2023) Exim seeds. https:\/\/github.com\/Exim\/exim\/tree\/master\/test\/scripts\/0000-Basic. Accessed 19 Jun 2024"},{"issue":"16","key":"377_CR9","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.5756","volume":"34","author":"Z Gao","year":"2022","unstructured":"Gao Z, Dong W, Chang R, Wang Y (2022) Fw-fuzz: a code coverage-guided fuzzing framework for network protocols on firmware. Concurr Comput Pract Exp 34(16):e5756. https:\/\/doi.org\/10.1002\/cpe.5756","journal-title":"Concurr Comput Pract Exp"},{"key":"377_CR10","unstructured":"gstrauss, nitrox (2024) Lighttpd is a secure, fast, compliant, and very flexible web-server that has been optimized for high-performance environments. https:\/\/www.lighttpd.net\/. Accessed 10 Jan 2025"},{"key":"377_CR11","doi-asserted-by":"publisher","unstructured":"Helmke R, Winter E, Rademacher M (2021) EPF: an evolutionary, protocol-aware, and coverage-guided network fuzzing framework. In: 2021 18th international conference on privacy, security and trust (PST), pp 1\u20137. https:\/\/doi.org\/10.1109\/PST52912.2021.9647801","DOI":"10.1109\/PST52912.2021.9647801"},{"issue":"1","key":"377_CR12","doi-asserted-by":"publisher","first-page":"121","DOI":"10.3969\/j.issn.1671-1122.2024.01.012","volume":"24","author":"X Hong","year":"2024","unstructured":"Hong X, Ljjia P (2024) AFLNeTrans: fuzzing of protocols with state relationship awareness. Netinfo Secur 24(1):121. https:\/\/doi.org\/10.3969\/j.issn.1671-1122.2024.01.012","journal-title":"Netinfo Secur"},{"key":"377_CR13","doi-asserted-by":"publisher","unstructured":"Klees G, Ruef A, Cooper B, Wei S, Hicks M (2018) Evaluating fuzz testing. In: Proceedings of the 2018 ACM SIGSAC conference on computer and communications security. Association for Computing Machinery, New York, NY, USA, CCS \u201918, pp 2123\u20132138. https:\/\/doi.org\/10.1145\/3243734.3243804","DOI":"10.1145\/3243734.3243804"},{"key":"377_CR14","doi-asserted-by":"publisher","unstructured":"Krueger T, Gascon H, Kr\u00e4mer N, Rieck K (2012) Learning stateful models for network honeypots. In: Proceedings of the 5th ACM workshop on security and artificial intelligence. Association for Computing Machinery, New York, NY, USA, AISec \u201912, pp 37\u201348. https:\/\/doi.org\/10.1145\/2381896.2381904","DOI":"10.1145\/2381896.2381904"},{"key":"377_CR15","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-018-0002-y","author":"J Li","year":"2018","unstructured":"Li J, Zhao B, Zhang C (2018) Fuzzing: a survey. Cybersecurity. https:\/\/doi.org\/10.1186\/s42400-018-0002-y","journal-title":"Cybersecurity"},{"key":"377_CR16","doi-asserted-by":"publisher","first-page":"2673","DOI":"10.1109\/TIFS.2022.3192991","volume":"17","author":"J Li","year":"2022","unstructured":"Li J, Li S, Sun G, Chen T, Yu H (2022) SNPSFuzzer: a fast greybox fuzzer for stateful network protocols using snapshots. IEEE Trans Inf Forensics Secur 17:2673\u20132687. https:\/\/doi.org\/10.1109\/TIFS.2022.3192991","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"377_CR17","unstructured":"libFuzzer (2017) libFuzzer: a library for coverage-guided fuzz testing\u201d. http:\/\/llvm.org\/docs\/LibFuzzer.html. Accessed 6 May 2024"},{"key":"377_CR18","doi-asserted-by":"publisher","unstructured":"Li L, Chu W, Langford J, Schapire RE (2010) A contextual-bandit approach to personalized news article recommendation. In: Proceedings of the 19th international conference on world wide web. Association for Computing Machinery, New York, NY, USA, WWW \u201910, pp 661\u2013670. https:\/\/doi.org\/10.1145\/1772690.1772758","DOI":"10.1145\/1772690.1772758"},{"key":"377_CR19","doi-asserted-by":"publisher","first-page":"390","DOI":"10.1016\/j.future.2019.12.032","volume":"108","author":"X Liu","year":"2020","unstructured":"Liu X, Cui B, Fu J, Ma J (2020) HFuzz: towards automatic fuzzing testing of NB-IoT core network protocols implementations. Future Gener Comput Syst 108:390\u2013400. https:\/\/doi.org\/10.1016\/j.future.2019.12.032","journal-title":"Future Gener Comput Syst"},{"key":"377_CR20","doi-asserted-by":"publisher","unstructured":"Liu D, Pham T, Ernst G, Murray T, Rubinstein B (2022) State selection algorithms and their impact on the performance of stateful network protocol fuzzing. In: 2022 IEEE international conference on software analysis, evolution and reengineering (SANER), pp 720\u2013730. https:\/\/doi.org\/10.1109\/SANER53432.2022.00089","DOI":"10.1109\/SANER53432.2022.00089"},{"key":"377_CR21","unstructured":"LLVM-admin team (2017) libFuzzer: a library for coverage-guided fuzz testing. https:\/\/llvm.org\/docs\/LibFuzzer.html. Accessed 12 Jan 2025"},{"issue":"11","key":"377_CR22","doi-asserted-by":"publisher","first-page":"2312","DOI":"10.1109\/TSE.2019.2946563","volume":"47","author":"VJ Man\u00e8s","year":"2021","unstructured":"Man\u00e8s VJ, Han H, Han C, Cha SK, Egele M, Schwartz EJ, Woo M (2021) The art, science, and engineering of fuzzing: a survey. IEEE Trans Softw Eng 47(11):2312\u20132331. https:\/\/doi.org\/10.1109\/TSE.2019.2946563","journal-title":"IEEE Trans Softw Eng"},{"issue":"1","key":"377_CR23","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.4666","volume":"31","author":"S Mittal","year":"2019","unstructured":"Mittal S (2019) A survey of techniques for dynamic branch prediction. Concurr Comput Pract Exp 31(1):e4666. https:\/\/doi.org\/10.1002\/cpe.4666","journal-title":"Concurr Comput Pract Exp"},{"key":"377_CR24","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-022-10233-3","author":"R Natella","year":"2022","unstructured":"Natella R (2022) Stateafl: greybox fuzzing for stateful network servers. Empir Softw Eng. https:\/\/doi.org\/10.1007\/s10664-022-10233-3","journal-title":"Empir Softw Eng"},{"key":"377_CR25","doi-asserted-by":"publisher","unstructured":"Natella R, Pham VT (2021) ProFuzzBench: a benchmark for stateful protocol fuzzing. In: Proceedings of the 30th ACM SIGSOFT international symposium on software testing and analysis. Association for Computing Machinery, New York, NY, USA, ISSTA 2021, pp 662\u2013665. https:\/\/doi.org\/10.1145\/3460319.3469077","DOI":"10.1145\/3460319.3469077"},{"key":"377_CR26","unstructured":"openssl (2023) Openssl seeds. https:\/\/github.com\/openssl\/fuzz-corpora\/tree\/9f7667061314ecf9a287ce1c9702073ca1e345e3\/server. Accessed 19 Jun 2024"},{"key":"377_CR27","doi-asserted-by":"publisher","DOI":"10.1155\/2022\/6880677","author":"Y Pan","year":"2022","unstructured":"Pan Y, Lin W, Jiao L, Zhu Y (2022a) Model-based grey-box fuzzing of network protocols. Secur Commun Netw. https:\/\/doi.org\/10.1155\/2022\/6880677","journal-title":"Secur Commun Netw"},{"key":"377_CR28","doi-asserted-by":"publisher","DOI":"10.3390\/app12157459","author":"Z Pan","year":"2022","unstructured":"Pan Z, Zhang L, Hu Z, Li Y, Chen Y (2022b) SATFuzz: a stateful network protocol fuzzing framework from a novel perspective. Appl Sci. https:\/\/doi.org\/10.3390\/app12157459","journal-title":"Appl Sci"},{"key":"377_CR29","doi-asserted-by":"publisher","unstructured":"Pham VT, B\u00f6hme M, Roychoudhury A (2020) AFLNET: a greybox fuzzer for network protocols. In: 2020 IEEE 13th international conference on software testing, validation and verification (ICST), pp 460\u2013465. https:\/\/doi.org\/10.1109\/ICST46399.2020.00062","DOI":"10.1109\/ICST46399.2020.00062"},{"key":"377_CR30","doi-asserted-by":"publisher","DOI":"10.1145\/3580598","author":"S Qin","year":"2023","unstructured":"Qin S, Hu F, Ma Z, Zhao B, Yin T, Zhang C (2023) NSFuzz: towards efficient and state-aware network service fuzzing. ACM Trans Softw Eng Methodol. https:\/\/doi.org\/10.1145\/3580598","journal-title":"ACM Trans Softw Eng Methodol"},{"key":"377_CR31","unstructured":"Rzechonek M, Dummer M (2022) atftp is a client\/server implementation of the tftp. https:\/\/sourceforge.net\/projects\/atftp\/. Accessed 08 Jan 2025"},{"issue":"1\u20132","key":"377_CR32","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1561\/2200000068","volume":"12","author":"A Slivkins","year":"2019","unstructured":"Slivkins A (2019) Introduction to multi-armed bandits. Found Trends Mach Learn 12(1\u20132):1\u2013286. https:\/\/doi.org\/10.1561\/2200000068","journal-title":"Found Trends Mach Learn"},{"key":"377_CR33","doi-asserted-by":"publisher","first-page":"74843","DOI":"10.1109\/ACCESS.2024.3404918","volume":"12","author":"Y Su","year":"2024","unstructured":"Su Y, Xiong D, Wan Y, Shi C, Zeng Q (2024) LinFuzz: program-sensitive seed scheduling greybox fuzzing based on LinUCB algorithm. IEEE Access 12:74843\u201374860. https:\/\/doi.org\/10.1109\/ACCESS.2024.3404918","journal-title":"IEEE Access"},{"key":"377_CR34","volume-title":"Reinforcement learning: an introduction","author":"RS Sutton","year":"2018","unstructured":"Sutton RS, Barto AG (2018) Reinforcement learning: an introduction. MIT Press, Cambridge"},{"key":"377_CR35","unstructured":"ttrssreal (2023) Dnsmasq Seeds. https:\/\/github.com\/ttrssreal\/dnsmasq-fuzz\/blob\/master\/seeds.tar.gz. Accessed 19 Jun 2024"},{"key":"377_CR36","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09927-3","author":"X Wang","year":"2021","unstructured":"Wang X, Hu C, Ma R, Tian D, He J (2021) CMFuzz: context-aware adaptive mutation for fuzzers. Empir Softw Eng. https:\/\/doi.org\/10.1007\/s10664-020-09927-3","journal-title":"Empir Softw Eng"},{"key":"377_CR37","unstructured":"Wikipedia Contributors (2019) WannaCry ransomware attack. https:\/\/en.wikipedia.org\/wiki\/WannaCry_ransomware_attack. Accessed 4 May 2024"},{"key":"377_CR38","doi-asserted-by":"publisher","DOI":"10.3390\/app132413172","author":"C Xie","year":"2023","unstructured":"Xie C, Jia P, Yang P, Hu C, Kuang H, Ye G, Hong X (2023) Not all seeds are important: fuzzing guided by untouched edges. Appl Sci. https:\/\/doi.org\/10.3390\/app132413172","journal-title":"Appl Sci"},{"key":"377_CR39","unstructured":"Zalewski M (2014) American fuzzy lop. https:\/\/lcamtuf.coredump.cx\/afl\/. Accessed 12 Jan 2025"},{"key":"377_CR40","doi-asserted-by":"publisher","DOI":"10.3390\/electronics12132904","author":"Z Zhang","year":"2023","unstructured":"Zhang Z, Zhang H, Zhao J, Yin Y (2023) A survey on the development of network protocol fuzzing techniques. Electronics. https:\/\/doi.org\/10.3390\/electronics12132904","journal-title":"Electronics"},{"key":"377_CR41","doi-asserted-by":"publisher","DOI":"10.1145\/3696788","author":"X Zhang","year":"2024","unstructured":"Zhang X, Zhang C, Li X, Du Z, Mao B, Li Y, Zheng Y, Li Y, Pan L, Liu Y, Deng R (2024) A survey of protocol fuzzing. ACM Comput Surv. https:\/\/doi.org\/10.1145\/3696788","journal-title":"ACM Comput Surv"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00377-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00377-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00377-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T03:02:09Z","timestamp":1761966129000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-025-00377-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,1]]},"references-count":41,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["377"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00377-2","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11,1]]},"assertion":[{"value":"25 November 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 February 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 November 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"81"}}