Learning-Based Fuzzing of IoT Message Brokers

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung


The number of devices in the Internet of Things (IoT) immensely grew in recent years. A frequent challenge in the assurance of the dependability of IoT systems is that components of the system appear as a black box. This paper presents a semi-automatic testing methodology for black-box systems that combines automata learning and fuzz testing. Our testing technique uses stateful fuzzing based on a model that is automatically inferred by automata learning. Applying this technique, we can simultaneously test multiple implementations for unexpected behavior and possible security vulnerabilities.We show the effectiveness of our learning-based fuzzing technique in a case study on the MQTT protocol. MQTT is a widely used publish/subscribe protocol in the IoT. Our case study reveals several inconsistencies between five different MQTT brokers. The found inconsistencies expose possible security vulnerabilities and violations of the MQTT specification.
TitelProceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021
ISBN (elektronisch)978-1-7281-6836-4
PublikationsstatusVeröffentlicht - Apr 2021
Veranstaltung2021 IEEE International Conference on Software Testing: ICST 2021 - Virtuell, Brasilien
Dauer: 12 Apr 202116 Apr 2021


NameProceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021


Konferenz2021 IEEE International Conference on Software Testing
KurztitelICST 2021

ASJC Scopus subject areas

  • Software
  • Artificial intelligence
  • Sicherheit, Risiko, Zuverlässigkeit und Qualität


Untersuchen Sie die Forschungsthemen von „Learning-Based Fuzzing of IoT Message Brokers“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren