| 引用本文: |
-
龚琪,徐少文,闫骏新,杨祥聪,周启航,解亚敏.网络协议实现中的状态机漏洞挖掘方法综述[J].信息安全学报,已采用 [点击复制]
- gongqi,xushaowen,yanjunxin,yangxiangcong,zhouqihang,xieyamin.A Survey on State Machine Vulnerability Discovery Techniques in Network Protocol Implementation[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 现代网络协议通常具有功能复杂、状态机结构繁复等特点,其代码实现中普遍存在大量安全漏洞,对网络系统的安全性构成严重威胁。传统软件漏洞挖掘方法在应对由时序特性与状态转换逻辑引发的协议漏洞方面存在明显局限。因此,面向网络协议实现的状态机漏洞挖掘已成为当前网络安全领域的重要研究方向。本文对近年来网络协议实现中状态机漏洞挖掘的相关研究进行了系统性调研与归纳。首先,界定了网络协议与状态机漏洞等核心概念;在此基础上,梳理了该领域的代表性研究成果,并依据是否显式构建状态模型,将现有方法划分为基于状态转换分析与基于网络协议状态机建模两类,前者以探索协议实现中的状态转换路径为核心,后者则需要对目标协议构建形式化的状态机模型。本文重点从方法适用性与分析效率等维度对各类方法进行了比较分析。此外,特别综述了人工智能技术在网络协议状态机漏洞挖掘中的应用进展,重点阐述了大语言模型引入该领域的动机及其初步成效。最后,本文总结了网络协议实现中状态机漏洞挖掘方法的发展趋势,指出加密流量分析与智能化方法应用将成为未来研究的重点方向。 |
| 关键词: 状态机 网络协议漏洞 网络安全 漏洞挖掘 |
| DOI: |
| 投稿时间:2026-01-08修订日期:2026-06-09 |
| 基金项目: |
|
| A Survey on State Machine Vulnerability Discovery Techniques in Network Protocol Implementation |
|
gongqi1, xushaowen1, yanjunxin1, yangxiangcong2, zhouqihang2, xieyamin2
|
| (1.Institute of Information Engineering,Chinese Academy of Sciences;2.IIE) |
| Abstract: |
| Modern network protocols are typically characterized by functional complexity and intricate state machine structures, and their code implementations commonly contain numerous security vulnerabilities that pose serious threats to the security of network systems. Traditional software vulnerability discovery methods exhibit significant limitations in addressing protocol vulnerabilities arising from temporal characteristics and state transition logic, as they struggle to effectively cover deep state transition paths. Consequently, state-machine-oriented vulnerability discovery in network protocol implementations has emerged as a critical research direction in the field of cybersecurity. This paper presents a systematic survey of recent research on state machine vulnerability discovery in network protocol implementations. First, it defines core concepts including network protocols, finite state machines, and state machine vulnerabilities, establishing the theoretical foundation for subsequent analysis. Building upon this foundation, the paper reviews representative research contributions and classifies existing approaches into two categories based on whether an explicit state model is constructed: state-transition-based analysis, which centers on exploring state transition paths within protocol implementations and encompasses program analysis methods, fuzz testing methods, and hybrid methods combining static and dynamic techniques; and network-protocol-state-machine modeling, which constructs formal state machine models for target protocols through protocol specification documents or runtime traffic data, and subsequently identifies potential vulnerabilities by comparing actual system behavior against the expected model. A comparative analysis of these two categories is provided across multiple dimensions, including method applicability, analytical efficiency, and vulnerability coverage. Furthermore, the paper reviews recent advances in applying artificial intelligence techniques to this field, with particular emphasis on large language models in fuzz testing input generation and protocol specification comprehension, elaborating their preliminary achievements and inherent limitations. Finally, the paper identifies key open challenges including state space explosion and encryption mechanisms, and highlights that encrypted traffic analysis and the integration of intelligent methods will constitute pivotal directions for future research. |
| Key words: state machine network protocol vulnerability network security vulnerability discovery |
