Tianchang Yang (Pennsylvania State University), Sathiyajith K S (Pennsylvania State University), Ashwin Senthil Arumugam (Pennsylvania State University), Syed Rafiul Hussain (Pennsylvania State University)

We present our work-in-progress on designing and implementing a black-box evolutionary fuzzer for REST APIs, specifically targeting 5G core networks that utilize a service-based architecture (SBA). Unlike existing tools that rely on static generation-based approaches, our approach progressively refines test inputs to explore deeper code regions in the target system. We incorporate a thorough analysis of the limited response message feedback available in black-box settings and employ a carefully crafted mutation method to generate effective state-aware test inputs. Evaluation of our current implementation has uncovered two previously unknown vulnerabilities in open-source 5G core network implementations, resulting in the assignment of two CVEs. Additionally, our approach already demonstrates superior performance compared to existing black-box fuzzing methods.

View More Papers

Poster: FORESIGHT, A Unified Framework for Threat Modeling and...

ChaeYoung Kim (Seoul Women's University), Kyounggon Kim (Naif Arab University for Security Sciences)

Read More

Rethink Custom Transformers for Binary Analysis

Heng Yin, Professor, Department of Computer Science and Engineering, University of California, Riverside

Read More

A Method to Facilitate Membership Inference Attacks in Deep...

Zitao Chen (University of British Columbia), Karthik Pattabiraman (University of British Columbia)

Read More