Submit

Login Login

Register Register

Home/ Journals/ CMC/ Vol.83, No.3, 2025/ 10.32604/cmc.2025.063592

Table of Content

Open Access iconOpen Access

ARTICLE

Sensitive Target-Guided Directed Fuzzing for IoT Web Services

Xiongwei Cui, Yunchao Wang, Qiang Wei*

School of Cyberspace Security, Information Engineering University, Zhengzhou, 450007, China

* Corresponding Author: Qiang Wei. Email: email

(This article belongs to the Special Issue: Security and Privacy in IoT and Smart City: Current Challenges and Future Directions)

Computers, Materials & Continua 2025, 83(3), 4939-4959. https://doi.org/10.32604/cmc.2025.063592

Received 18 January 2025; Accepted 27 February 2025; Issue published 19 May 2025

Abstract

The development of the Internet of Things (IoT) has brought convenience to people’s lives, but it also introduces significant security risks. Due to the limitations of IoT devices themselves and the challenges of re-hosting technology, existing fuzzing for IoT devices is mainly conducted through black-box methods, which lack effective execution feedback and are blind. Meanwhile, the existing static methods mainly rely on taint analysis, which has high overhead and high false alarm rates. We propose a new directed fuzz testing method for detecting bugs in web service programs of IoT devices, which can test IoT devices more quickly and efficiently. Specifically, we identify external input entry points using multiple features. Then we quickly find sensitive targets and paths affected by external input sources based on sensitive data flow analysis of decompiled code, treating them as testing objects. Finally, we perform a directed fuzzing test. We use debugging interfaces to collect execution feedback and guide the program to reach sensitive targets based on program pruning techniques. We have implemented a prototype system, AntDFuzz, and evaluated it on firmware from ten devices across five well-known manufacturers. We discovered twelve potential vulnerabilities, seven of which were confirmed and assigned bug id by China National Vulnerability Database (CNVD). The results show that our approach has the ability to find unknown bugs in real devices and is more efficient compared to existing tools.

Keywords

IoT; directed fuzzing; sensitive targets; vulnerabilities

Cite This Article

APA Style
Cui, X., Wang, Y., Wei, Q. (2025). Sensitive Target-Guided Directed Fuzzing for IoT Web Services. Computers, Materials & Continua, 83(3), 4939–4959. https://doi.org/10.32604/cmc.2025.063592
Vancouver Style
Cui X, Wang Y, Wei Q. Sensitive Target-Guided Directed Fuzzing for IoT Web Services. Comput Mater Contin. 2025;83(3):4939–4959. https://doi.org/10.32604/cmc.2025.063592
IEEE Style
X. Cui, Y. Wang, and Q. Wei, “Sensitive Target-Guided Directed Fuzzing for IoT Web Services,” Comput. Mater. Contin., vol. 83, no. 3, pp. 4939–4959, 2025. https://doi.org/10.32604/cmc.2025.063592
BibTex EndNote RIS



cc Copyright © 2025 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

  • 910

    View

  • 441

    Download

  • 0

    Like

Related articles

Copyright© 2025 Tech Science Press
© 1997-2025 TSP (Henderson, USA) unless otherwise stated

Share Link