Donglan Liu,Rui Wang,Yingxian Chang,Jianfei Chen,Xin Liu,Fangzhe Zhang,Honglei Yao,Hao Zhang,Lili Sun,Hao Yu

DOI: https://doi.org/10.1109/ICEIEC58029.2023.10200674

2023-01-01

Abstract:In this paper, the fuzz testing optimization technology for power Internet of Things protocol is studied to improve the accuracy of vulnerability detection for power Internet of Things protocol. The automatic message generation technology of electric Internet of Things protocol based on symbol execution is proposed to solve the adaptation problem and path explosion problem of network protocol symbol execution. By adopting different search strategies and solving optimization to generate the initial seed of protocol message efficiently and with high quality, the preparation cost of fuzz testing is greatly reduced. A fuzz testing technique based on multi-party cooperation is proposed to analyze the execution flow of program blocks caused by message exchange between multiple programs. By designing a new coverage model considering program interaction, the collaborative interaction between different participants of the protocol is combined into coverage calculation, which reflects the overall execution process of complex protocol. We focus on the fuzz testing optimization technology for electric Internet of Things protocol. A fuzz testing optimization technique based on protocol state is proposed to monitor the changes of key state variables in protocol implementation. A new seed scheduling and change algorithm is designed for state change sequence, and a multi-party coordination scenario is combined to guide protocol fuzz testing. A fuzz testing optimization technique based on seed grouping is proposed. In view of the large differences in the seeds of power Internet of Things protocol messages, an efficient seed and execution path similarity calculation method, seed grouping method and a variety of fuzz testing optimization algorithms based on grouping are proposed to group seeds online. At the same time, the fuzz testing is optimized according to the characteristics of each class.

Donglan Liu,Jianfei Chen,Xin Liu,Yingxian Chang,Zhenghao Li,Rui Wang,Hao Yu,Fangzhe Zhang,Honglei Yao,Hao Zhang

DOI: https://doi.org/10.1109/ICEIEC58029.2023.10199463

2023-01-01

Abstract:For many power terminal devices, firmware binary code can be extracted directly from the device by different methods. And the binary firmware program security test, so as to find the Internet of Things terminal device security vulnerabilities. In this paper, the intelligent fuzz testing technology for power Internet of Things terminal is studied. Firstly, the basic framework of binary dynamic piling is studied, and the bottleneck of the existing framework is analyzed. In order to improve the performance of firmware program in dynamic pile driving environment, a dynamic simulation and dynamic pile driving framework combining user level simulation and system level simulation are proposed. Based on this framework, the pile driving method oriented to program coverage and the pile driving method oriented to program vulnerability guidance are studied respectively, which provides support for cross-platform fuzz testing. Secondly, dynamic stain analysis techniques are studied from both offline and online aspects. The advantage of offline dynamic smudge analysis is that it can fine-grained how data is propagated in memory during program execution, and can assist in the generation of initial test seeds. The advantage of online dynamic blot analysis is that it does not affect the performance of simulation test, and can dynamically infer the relationship between input bytes and constraints, so as to guide fuzz testing to carry out targeted variation. Finally, the intelligent prediction model of program vulnerability points is studied to intelligently locate potential defects in binary firmware programs. In order to solve these potential defects, the fuzz testing based on program coverage and potential vulnerability guidance is used, and the particle swarm optimization algorithm is used to optimize.

Donglan Liu,Xin Liu,Yingxian Chang,Jianfei Chen,Fangzhe Zhang,Rui Wang,Hao Zhang,Lili Sun,Fuhui Zhao,Mengqian Sun

DOI: https://doi.org/10.1109/ICEIEC58029.2023.10199571

2023-01-01

Abstract:In order to solve the security problems such as the lack of secure key management in the electric Internet of Things protocol, this paper studies the security enhancement technology of electric Internet of Things protocol based on lightweight cryptography technology and new trusted technology. A key exchange scheme based on lightweight cryptography technology is proposed to adapt to the resource-limited scenario of the Internet of Things. To protect keys and data on restricted devices and remote servers, explore lightweight cryptography and new trusted technologies. Performs cryptographic operations without exposing the private key and is resistant to tampering and probing attacks. To realize end-to-end communication and key management between Internet of Things devices and remote servers. At the same time, based on the fuzz testing technology, the unknown vulnerability mining technology of the edge device protocol of the electric Internet of Things is carried out. Firstly, the fuzz testing case intelligent optimization method is studied, and the test case set is reduced based on artificial intelligence algorithms such as genetic algorithm, protocol state machine and stain algorithm, so as to improve the test efficiency. Then, the unknown vulnerability discovery method based on state monitoring is studied, and the test case can be judged whether abnormal occurs by monitoring the state of returned data packets of the tested object, so as to determine whether there are vulnerabilities. Finally, the method of vulnerability intelligent location based on automatic location analysis is studied to accurately locate the test cases that cause vulnerability.

Jiajie Ling,Siwei Miao,Xiaojuan Zhang,Changyu Chen,Cheng Peng,Quanyuan Jiang

DOI: https://doi.org/10.1109/ei250167.2020.9346941

2020-01-01

Abstract:With the accelerating development of the Internet of Things (IoT), its applications in power system are gradually becoming various and comphcated, followed by the diversity of relevant technical requirements. In order to identify the characteristics of these requirements of IoT in power system, this paper proposes a refined characterization approach to define, classify and summarize them from three different aspects, namely, performance-criticaL security-critical and reachability critical. In multiple IoT enabled apphcation scenarios, performance-critical index and security-critical index mainly focus on data transmission and calculation, while reachability-critical index focuses on the communication coverage and quality of service, which creates a new perspective to characterize power system IoT applications and their technical requirements.

Zhengxiong Luo,Junze Yu,Qingpeng Du,Yanyang Zhao,Feifan Wu,Heyuan Shi,Wanli Chang,Yu Jiang

DOI: https://doi.org/10.1109/tcad.2024.3444705

IF: 2.9

2024-11-09

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Internet of Things (IoT) messaging protocols play an important role in facilitating communications between users and IoT devices. Mainstream IoT platforms employ brokers, server-side implementations of IoT messaging protocols, to enable and mediate this user-device communication. Due to the complex nature of managing communications among devices with diverse roles and functionalities, comprehensive testing of the protocol brokers necessitates collaborative parallel fuzzing. However, being unaware of the relationship between test packets generated by different parties, existing parallel fuzzing methods fail to explore the brokers' diverse processing logic effectively. This article introduces MPFuzz, a parallel fuzzing tool designed to secure IoT messaging protocols through collaborative packet generation. The approach leverages the critical role of certain fields within IoT messaging protocols that specify the logic for message forwarding and processing by protocol brokers. MPFuzz employs an information synchronization mechanism to synchronize these key fields across different fuzzing instances and introduces a semantic-aware refinement module that optimizes generated test packets by utilizing the shared information and field semantics. This strategy facilitates a collaborative refinement of test packets across otherwise isolated fuzzing instances, thereby boosting the efficiency of parallel fuzzing. We evaluated MPFuzz on six widely used IoT messaging protocol implementations. Compared to two state-of-the-art protocol fuzzers with parallel capabilities, Peach and AFLNet, as well as two representative parallel fuzzers, SPFuzz and AFLTeam, MPFuzz achieves (6.1%, ), (20.2%, ), (1.9%, ), and (17.4%, ) higher branch coverage and fuzzing speed under the same computing resource. Furthermore, MPFuzz exposed seven previously unknown vulnerabilities in these extensively tested projects, all of which have been assigned with CVE identifiers.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Zhan Shu,Guanhua Yan

DOI: https://doi.org/10.1109/JIOT.2022.3182589

IF: 10.6

2022-11-15

IEEE Internet of Things Journal

Abstract:The popularity of Internet of Things (IoT) devices calls for effective yet efficient methods to assess the security and resilience of IoT devices. In this work, we explore a new heuristic based on finite state machine (FSM) inference to guide generation of test cases for blackbox fuzzing tests of IoT network protocol implementations. Our method, which is called IoTInfer, balances exploration and exploitation by continuously monitoring how likely mutation of an input message leads to counterexamples conflicting with the prediction by the current FSM. IoTInfer also applies clustering techniques to coarsen the FSM inferred when there are limited computational resources provisioned for fuzzing tests. We implement IoTInfer for both Bluetooth and Telnet protocols, which are widely used by existing IoT devices. Our experimental results with a variety of IoT devices reveal that IoTInfer is efficient at generating meaningful test cases, some of which can expose previously unknown vulnerabilities or implementation deviations from protocol specifications. We also compare IoTInfer with two other state-of-the-art blackbox IoT device fuzzing tools and find that IoTInfer is better at eliciting different types of responses from the fuzzing targets.

Engineering,Computer Science

Jian Gao,Licheng Wang,Chao Huo,Ganghong Zhang,Jianan Yuan,Yujie Xu

DOI: https://doi.org/10.1109/icccbda49378.2020.9095639

2020-01-01

Abstract:Based on the analysis of the security requirements of power internet of things and the idea of security solution provided by trusted computing, this paper studied the power Internet of things information security interaction model and key technologies to realize the information security interaction of power internet of things, and proposed a real-time evaluation model of terminal entities based on global trusted. Punishment factor and time factor were introduced to upgrade the evaluation method from single evaluation to global evaluation. Taking the power distribution system as an example, the information security intersection model of power internet of things based on behavioral trusted measurement mechanism was simulated. The simulation results showed that the model had continuous trusted measurement ability in dynamic uncertain network environment, and could make trustworthiness decision in real time and accurately. It is more practical and laid a good foundation for the research of trustworthiness connection, trustworthiness management and trustworthiness decision-making based on trusted measurement.

Jian Gao,Jianmin Pang,Ganghong Zhang,Chao Huo,Jianan Yuan,Zhibin Yin

DOI: https://doi.org/10.1109/ceepe55110.2022.9783265

2022-01-01

Abstract:Internet of Things technology is one of the basic support technologies for the construction of smart grid, digital grid and even new power system. Due to the complexity and diversity of communication protocols at each layer of the Power Internet of Things, it brings difficulties in connectivity and adaptability to the construction, operation and maintenance of the power Internet of Things. Based on analytic hierarchy process and bayesian maximum fusion method to build an application layer communication protocol adaptability evaluation model, set up power communication architecture of Internet of things, adaptability, flexibility, adaptability, network platform through business economic adaptability and security adaptive five aspect analysis, the quantitative evaluation of communication protocol adaptation. The evaluation method combines subjective and objective requirements and can provide reference for the construction of power Internet of Things communication platform.

Donglan Liu,Hao Zhang,Yang Guo,Yingxian Chang,Yong Zhang,Fangzhe Zhang,Xin Liu,Lei Ma

DOI: https://doi.org/10.1117/12.2631451

2022-01-01

Abstract:Power Internet of Things (IoT) devices are increasingly being used in power systems. Due to the variety and complexity of devices, there is no mature solution for security detection. In order to solve this situation, this paper proposes a power Internet of Things device security detection system. Based on key technologies such as device fingerprint identification, network protocol identification and firmware security analysis, comprehensive security analysis is conducted on power Internet of Things devices from the perspectives of vulnerability, configuration security and firmware security. The automatic system design greatly improves the efficiency of users to carry out the detection work. Through the design and implementation of power Internet of Things equipment security detection system, users can quickly and efficiently carry out network access security detection of power Internet of Things equipment. Based on this, it is decided whether to allow the Internet of things devices or systems to access the power system network, avoiding security risks and hidden dangers caused by the Internet of things devices entering the network.

Wanyou Lv,Jiawen Xiong,Jianqi Shi,Yanhong Huang,Shengchao Qin

DOI: https://doi.org/10.1007/s10845-020-01584-z

IF: 8.3

2020-05-23

Journal of Intelligent Manufacturing

Abstract:A growing awareness is brought that the safety and security of industrial control systems cannot be dealt with in isolation, and the safety and security of industrial control protocols (ICPs) should be considered jointly. Fuzz testing (fuzzing) for the ICP is a common way to discover whether the ICP itself is designed and implemented with flaws and network security vulnerability. Traditional fuzzing methods promote the safety and security testing of ICPs, and many of them have practical applications. However, most traditional fuzzing methods rely heavily on the specification of ICPs, which makes the test process a costly, time-consuming, troublesome and boring task. And the task is hard to repeat if the specification does not exist. In this study, we propose a smart and automated protocol fuzzing methodology based on improved deep convolution generative adversarial network and give a series of performance metrics. An automated and intelligent fuzzing framework BLSTM-DCNNFuzz for application is designed. Several typical ICPs, including Modbus and EtherCAT, are applied to test the effectiveness and efficiency of our framework. Experiment results show that our methodology outperforms the existing ones like General Purpose Fuzzer and other deep learning based fuzzing methods in convenience, effectiveness, and efficiency.

engineering, manufacturing,computer science, artificial intelligence

Lingyun Situ,Chi Zhang,Le Guan,Zhiqiang Zuo,Linzhang Wang,Xuandong Li,Peng Liu,Jin Shi

DOI: https://doi.org/10.1109/jiot.2023.3303780

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:With the rapid expansion of the Internet of Things, a vast number of microcontroller-based IoT devices are now susceptible to attacks through the Internet. Vulnerabilities within the firmware are one of the most important attack surfaces. Fuzzing has emerged as one of the most effective techniques for identifying such vulnerabilities. However, when applied to IoT firmware, several challenges arise, including: (1) the inability of firmware to execute properly in the absence of peripherals, (2) the lack of support for exploring input spaces of multiple peripherals, (3) difficulties in instrumenting and gathering feedback, and (4) the absence of a fault detection mechanism. To address these challenges, we have developed and implemented an innovative peripheral-independent hybrid fuzzing tool called . This tool enables testing of microcontroller-based firmware without reliance on specific peripheral hardware. First, a unified virtual peripheral was integrated to model the behaviors of various peripherals, thus enabling the physical devices-agnostic firmware execution. Then, a hybrid event generation approach was used to generate inputs for different peripheral accesses. Furthermore, two-level coverage feedback was collected to optimize the testcase generation. Finally, a plugin-based fault detection mechanism was implemented to identify typical memory corruption vulnerabilities. A Large-scale experimental evaluation has been performed to show ’s effectiveness and efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qianmu Li,Yaozong Liu,Shunmei Meng,Hanrui Zhang,Haiyuan Shen,Huaqiu Long

DOI: https://doi.org/10.1186/s13638-020-01734-0

2020-06-03

EURASIP Journal on Wireless Communications and Networking

Abstract:Abstract The safety of the Industrial Internet Control Systems has been a hotspot in the information security. To meet the needs of communication, a large variety of proprietary protocols have emerged in the field of industrial control. The protocol field is often trusted in the implementation of industrial control terminal code. If attackers modify the data of these fields using the protocol defect, the operation of the program can be controlled and the entire system will be affected. To cope with such security threats, academia and industry generally adopt fuzz test methods. However, the current industrial control protocol fuzz test methods generally have low code coverage, where unified description models are missing and test cases are not targeted. A method of fuzzification processing combined with dynamic multi-modal sensor communication data is proposed. To track the program execution, the dynamic pollution analysis is used to search for the input fields that affect the execution of the conditional branch and capture the dependencies between the conditional branches to guide the grammar generation of test cases, which can increase the chances of executing deep code. The experimental results show that the proposed method improves the validity and code coverage of test cases to a certain extent and greatly increases the probability of anomaly detection in the protocol implementation.

telecommunications,engineering, electrical & electronic

Xinyao Liu,Baojiang Cui,Junsong Fu,Jinxin Ma

DOI: https://doi.org/10.1016/j.future.2019.12.032

IF: 7.307

2020-07-01

Future Generation Computer Systems

Abstract:Narrowband Internet of Things (NB-loT) is widely deployed in the cellular network of operators, yet implementations of its core network protocols are suffering from bugs. Due to the complexity of the frame structure of NB-IoT core network protocols, testing the protocols in this field is notoriously difficult. In this paper, we propose a novel fuzzing framework, named HFuzz, to generate a great many high-quality test inputs automatically. HFuzz is an automatic hierarchy-aware fuzzing framework and can allocate computing resources efficiently. We put forward the concept of Message Structure Tree to transform the seed file and generate mutated data of the tested protocols and optimize the resource allocation for each hierarchy of the transformed structure by a novel scheduling algorithm. Therefore HFuzz can get a balance between breadth and depth in finding new paths. Compared to traditional fuzzing tools, HFuzz can easily pass the early verification and induce a better coverage of the target implementations by taking full advantage of format information of NB-IoT core network protocols. Our framework applies to various protocols, and we evaluate the performance of HFuzz on GPRS Tunnelling Protocol version 2(GTPv2) in this paper and conduct experiments with two protocol implementations, Open Air Interface (OAI) and B*(a development system). The experimental results show HFuzz yields higher coverage than American Fuzzy Lop (AFL) and Peach, and we further find a real implementation bug in OAI.

Shihao Jiang,Yu Zhang,Junqiang Li,Hongfang Yu,Long Luo,Gang Sun

2024-02-27

Abstract:As one of the most successful and effective software testing techniques in recent years, fuzz testing has uncovered numerous bugs and vulnerabilities in modern software, including network protocol software. In contrast to other fuzzing targets, network protocol software exhibits its distinct characteristics and challenges, introducing a plethora of research questions that need to be addressed in the design and implementation of network protocol fuzzers. While some research work has evaluated and systematized the knowledge of general fuzzing techniques at a high level, there is a lack of similar analysis and summarization for fuzzing research specific to network protocols. This paper offers a comprehensive exposition of network protocol software's fuzzing-related features and conducts a systematic review of some representative advancements in network protocol fuzzing since its inception. We summarize state-of-the-art strategies and solutions in various aspects, propose a unified protocol fuzzing process model, and introduce the techniques involved in each stage of the model. At the same time, this paper also summarizes the promising research directions in the landscape of protocol fuzzing to foster exploration within the community for more efficient and intelligent modern network protocol fuzzing techniques.

Networking and Internet Architecture

Fanglei Zhang,Baojiang Cui,Chen Chen,Yiqi Sun,Kairui Gong,Jinxin Ma

DOI: https://doi.org/10.1007/978-3-030-79728-7_30

2021-01-01

Abstract:The early research on IoT (Internet of Things) firmware is mostly based on the hardware environment, the software interfaces and hardware resources are very limited, and the traditional dynamic debugging and fuzzing tools cannot be executed efficiently, which leads to high research costs. In order to solve this problem, a simulation-based fuzzing prototype tool for smart IoT devices (IoTSFT) is proposed in this paper. It builds a pure software virtual environment to make the firmware run out of hardware constraints. In addition, the security analysis of the firmware can be completed by combining the path coverage-based fuzzing technology. It is verified by experiments that IoTSFT can successfully simulate binary, obtain the sample execution path coverage, and fuzz the target binary.

Zhaowei Zhang,Hongzheng Zhang,Jinjing Zhao,Yanfei Yin

DOI: https://doi.org/10.3390/electronics12132904

IF: 2.9

2023-07-02

Electronics

Abstract:Network protocols, as the communication rules among computer network devices, are the foundation for the normal operation of networks. However, security issues arising from design flaws and implementation vulnerabilities in network protocols pose significant risks to network operations and security. Network protocol fuzzing is an effective technique for discovering and mitigating security flaws in network protocols. It offers unparalleled advantages compared to other security analysis techniques thanks to the minimal requirement for prior knowledge of the target and low deployment complexity. Nevertheless, the randomness in test case generation, uncontrollable test coverage, and unstable testing efficiency introduce challenges in ensuring the controllability of the testing process and results. In order to comprehensively survey the development of network protocol fuzzing techniques and analyze their advantages and existing issues, in this paper, we categorized and summarized the protocol fuzzing and its related techniques based on the generation methods of test cases and testing conditions. Specifically, we overviewed the development trajectory and patterns of these techniques over the past two decades according to chronological order. Based on this analysis, we further predict the future directions of fuzzing techniques.

engineering, electrical & electronic,computer science, information systems,physics, applied

Fan Zhang,Qianmei Wu,Bohan Xuan,Yuqi Chen,Wei Lin,Christopher M. Poskitt,Jun Sun,Binbin Chen

DOI: https://doi.org/10.1109/tse.2023.3309330

2020-01-01

Abstract:Cyber-physical systems (CPSs) automating critical public infrastructure face a pervasive threat of attack, motivating research into different types of countermeasures. Assessing the effectiveness of these countermeasures is challenging, however, as benchmarks are difficult to construct manually, existing automated testing solutions often make unrealistic assumptions, and blindly fuzzing is ineffective at finding attacks due to the enormous search spaces and resource requirements. In this work, we propose active sensor fuzzing , a fully automated approach for building test suites without requiring any a prior knowledge about a CPS. Our approach employs active learning techniques. Applied to a real-world water treatment system, our approach manages to find attacks that drive the system into 15 different unsafe states involving water flow, pressure, and tank levels, including nine that were not covered by an established attack benchmark. Furthermore, we successfully generate targeted multi-point attacks which have been long suspected to be possible. We reveal that active sensor fuzzing successfully extends the attack benchmarks generated by our previous work, an ML-guided fuzzing tool, with two more kinds of attacks. Finally, we investigate the impact of active learning on models and the reason that the model trained with active learning is able to discover more attacks.

Yifei Gao,Xu Zhou,Wei Xie,Baosheng Wang,Enze Wang,Zhenhua Wang

DOI: https://doi.org/10.3390/app12136429

2022-01-01

Applied Sciences

Abstract:IoT web fuzzing is an effective way to detect security flaws in IoT devices. However, without enough information of the tested targets, IoT web fuzzing is often blind and inefficient. In this paper, we propose to use static analysis to assist IoT web fuzzing. Our insight is that plenty of useful information is hidden in firmwares, which can be mined by static analysis and used to guide the subsequent dynamic analysis—fuzzing. Hence, our approach contains two stages: pre-fuzzing stage and fuzzing stage. In the pre-fuzzing stage, we perform static analysis on the IoT firmwares to exploit helpful information, such as web page paths, interfaces, and shared keywords. These kinds of information are used to construct diverse seeds for covering more web paths and interfaces, and are also used to prioritize seeds according to their importance (related to shared keywords) in the fuzzing stage. Based on this approach, we implement a prototype IoT web fuzzing system—IoTParser. Experiments show that IoTParser increased the vulnerability discovery capability by 44% on average, while increasing the vulnerability discovery efficiency by 48.2% on average compared with state-of-the-art IoT web fuzzer. In addition, IoTParser has found 13 vulnerabilities, including 7 0-day.

Zhengxiong Luo,Zhe Liu,Yu Jiang,Junze Yu,Feilong Zuo

DOI: https://doi.org/10.1109/DAC18074.2021.9586321

2021-12-05

Abstract:The rapid development of in-vehicle networks and protocols brings efficient communication service but also increases the risk of attack. Any vulnerability may be leveraged to cause serious consequences. It is of vital importance to guarantee their security. However, the vulnerability detection efficiency of traditional techniques such as fuzzing is challenged by the complex relations among protocol states.In this paper, we propose PAVFuzz, a state-sensitive fuzz testing framework to secure those protocols used in autonomous vehicles. It automatically learns relations between two data elements in different protocol states. The relations will then be used to calculate and update the mutation weight of each data element continuously. Accordingly, PAVFuzz is able to select the target data elements and perform state-sensitive mutation to boost the efficiency. Experiments show that, compared with state-of-the-art fuzzers Peach and AFL, PAVFuzz increases branch coverage by averagely 22.51% and 369.19% within 24 hours. It has successfully exposed 12 serious previously unknown vulnerabilities among several protocols that are widely used in autonomous vehicles, such as RTPS and SOME/IP. We have reported them to the developers and corresponding patches have been released.

Engineering,Computer Science

Hangwei Zhang,Kai Lu,Xu Zhou,Qidi Yin,Pengfei Wang,Tai Yue

DOI: https://doi.org/10.3390/app11073120

2021-01-01

Abstract:Cyber attacks against the web management interface of Internet of Things (IoT) devices often have serious consequences. Current research uses fuzzing technologies to test the web interfaces of IoT devices. These IoT fuzzers generate messages (a test case sent from the client to the server to test its functionality) without considering their dependency, which is unlikely to bypass the early check of the server. These invalid test cases significantly reduce the efficiency of fuzzing. To overcome this problem, we propose a stateful message generation (SMG) mechanism for IoT web fuzzing. SMG addresses two problems in IoT fuzzing. First, we retrieve the message dependency by using web front-end analysis and status analysis. These dependent messages, which can easily bypass the server check, are used as a valid seed. Second, we adopt a multi-message seed format to preserve the dependency of the messages when mutating the seed to get a valid test case, so that the test case can bypass the state check of the server to make a valid test. Message dependency preservation is implemented by our proposed parameter mutation and structural mutation methods. We implement SMG in our IoT fuzzer, SIoTFuzzer, which applies IoT firmware on the latest Linux-based simulation tool, FirmAE. We test nine IoT devices including a router and an IP camera and adopt a vulnerability detection mechanism. Our evaluation results show that (1) SIoTFuzzer is capable of finding real-world vulnerabilities in IoT devices; (2) our SMG is effective as it enables Boofuzz (a popular protocol fuzzer) to find command injection and cross-site scripting (XSS) vulnerabilities; and (3) compared to FirmFuzz, SIoTFuzzer found all the vulnerabilities in our benchmarks, while FirmFuzz found only four-the efficiency of our tool increased by 20.57% on average.