i7Fuzzer: Neural-Guided Fuzzing for Enhancing Security Testing of Stateful Protocols
摘要
This article proposes i7Fuzzer, a hybrid fuzzing framework designed to enhance the security testing of stateful communication protocols such as Real-Time Streaming Protocol (RTSP) and Message Queuing Telemetry Transport (MQTT). These protocols, widely deployed in modern networked infrastructures, pose significant challenges for vulnerability detection due to their reliance on ordered message sequences and complex state transitions. i7Fuzzer addresses the limitations of traditional fuzzing approaches by integrating dynamic protocol analysis with machine learning–based mutation guidance. Specifically, a Long Short-Term Memory (LSTM) regression model is used to estimate bit-level mutation probabilities and prioritise the generation of high-impact test cases. The framework also automates the construction of syntactically valid message sequences aligned with protocol-specific states. Although demonstrated on protocols such as RTSP, MQTT, and File Transfer Protocol (FTP), the methodology is broadly applicable to a wide range of stateful protocols. Experimental results confirm that i7Fuzzer improves code coverage and effectively identifies potential protocol-specific vulnerabilities. These findings underscore the benefits of combining neural learning techniques with protocol-aware fuzzing to strengthen the security of critical communication systems.