Systematic Meets Unintended: Prior Knowledge Adaptive 5G Vulnerability Detection via Multi-Fuzzing
CoRR(2023)
摘要
The virtualization and softwarization of 5G and NextG are critical enablers
of the shift to flexibility, but they also present a potential attack surface
for threats. However, current security research in communication systems
focuses on specific aspects of security challenges and lacks a holistic
perspective. To address this challenge, a novel systematic fuzzing approach is
proposed to reveal, detect, and predict vulnerabilities with and without prior
knowledge assumptions from attackers. It also serves as a digital twin platform
for system testing and defense simulation pipeline. Three fuzzing strategies
are proposed: Listen-and-Learn (LAL), Synchronize-and-Learn (SyAL), and
Source-and-Learn (SoAL). The LAL strategy is a black-box fuzzing strategy used
to discover vulnerabilities without prior protocol knowledge, while the SyAL
strategy, also a black-box fuzzing method, targets vulnerabilities more
accurately with attacker-accessible user information and a novel
probability-based fuzzing approach. The white-box fuzzing strategy, SoAL, is
then employed to identify and explain vulnerabilities through fuzzing of
significant bits. Using the srsRAN 5G platform, the LAL strategy identifies 129
RRC connection vulnerabilities with an average detection duration of 0.072s.
Leveraging the probability-based fuzzing algorithm, the SyAL strategy
outperforms existing models in precision and recall, using significantly fewer
fuzzing cases. SoAL detects three man-in-the-middle vulnerabilities stemming
from 5G protocol vulnerabilities. The proposed solution is scalable to other
open-source and commercial 5G platforms and protocols beyond RRC. Extensive
experimental results demonstrate that the proposed solution is an effective and
efficient approach to validate 5G security; meanwhile, it serves as real-time
vulnerability detection and proactive defense.
更多查看译文
关键词
vulnerability
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要