What problem does this paper attempt to address?

### Problems Addressed by the Paper This paper aims to address the issue of insufficient path coverage in existing coverage-based fuzz testing tools when testing Internet of Things (IoT) publish/subscribe protocols. Specifically, existing fuzz testing tools typically assume that there are only two participants (i.e., sender and receiver) in a network protocol, ignoring the three participants (publisher, subscriber, and broker) in publish/subscribe protocols. This assumption leads to the inability of existing tools to simulate the complete multi-participant interaction process during testing, potentially missing some important execution paths and potential vulnerabilities. ### Background and Motivation 1. **Importance of the Publish/Subscribe Model**: - The publish/subscribe model is very popular in IoT networks because it provides loose coupling and scalability. For example, both MQTT and CoAP protocols support this model. - This model allows multiple publishers to send data to multiple subscribers without direct communication between them. 2. **Limitations of Existing Fuzz Testing Tools**: - Existing coverage-based fuzz testing tools (such as AFL) typically assume that there are only two participants in a network protocol, thus can only simulate single-connection interactions. - In publish/subscribe protocols, this assumption leads to the inability of the tools to simulate the complete multi-participant interaction process, potentially missing some important execution paths and potential vulnerabilities. ### Solution To overcome the above issues, this paper proposes a new coverage-based multi-participant protocol fuzz testing tool—MultiFuzz. The main features of MultiFuzz include: 1. **Multi-Connection Information Embedding**: - MultiFuzz embeds multi-connection information in a single input, allowing each input to contain messages from multiple connections. - This way, the tool can simulate the interaction process of multiple participants in a single test. 2. **Message Mutation Algorithm**: - MultiFuzz uses a new message mutation algorithm to stimulate protocol state transitions without requiring the user to provide protocol specifications. - This algorithm mutates messages at a higher level, thereby more effectively exploring different states of the protocol. 3. **New desockmulti Module**: - MultiFuzz introduces a new desockmulti module to input network messages into the program under test. - desockmulti is 10 times faster than the existing desock tool and supports multiple connections. ### Experimental Results - **Performance Comparison**: - MultiFuzz outperforms existing fuzz testing tools such as AFL, MO PT, and AFL NET in terms of discovering paths and crashes. - For example, when testing Eclipse Mosquitto, MultiFuzz discovered 44.6% more paths than AFL NET, 126.6% more than AFL, and 125.4% more than MO PT. - **Practical Application**: - The authors used MultiFuzz to test two popular projects: Eclipse Mosquitto (an MQTT broker) and libCoAP (a CoAP library). - The discovered vulnerabilities have been reported to the respective projects and have been confirmed. ### Conclusion The MultiFuzz tool proposed in this paper effectively addresses the issue of insufficient path coverage in existing fuzz testing tools when testing publish/subscribe protocols by supporting multi-connection and multi-participant interactions. Experimental results show that MultiFuzz has significant advantages in discovering paths and vulnerabilities.