TY - JOUR
T1 - Advanced Security for NextG Mobile Networks
T2 - A Hybrid Fuzzing Approach
AU - Yang, Jingda
AU - Ratazzi, Paul
AU - Wang, Ying
N1 - Publisher Copyright:
© 2002-2012 IEEE.
PY - 2025
Y1 - 2025
N2 - This paper presents HyFuzz, a hybrid intelligent fuzz testing platform designed to enhance the security validation of next generation (NextG) mobile networks. HyFuzz integrates symbolic formal analysis with adaptive fuzzing to enable the discovery of vulnerabilities that emerge from subtle state inconsistencies and session level command manipulations. Specifically, HyFuzz demonstrates support for multi step intra session fuzzing, where carefully crafted command sequences cause persistent state desynchronization between User Equipment (UE) and the network. Complementing this, HyFuzz employs formal guided deep fuzzing, directing fuzzing efforts to high risk protocol states identified by symbolic analysis. Through a dual mode architecture supporting both virtual (ZMQ) and over the air (OTA) fuzzing, HyFuzz provides an extensible testbed for low level and behavioral vulnerability discovery. Experimental results across 1,281 test cases reveal 1,105 failure instances, including stealthy failures that manifest only under extended interaction contexts. Our findings suggest HyFuzz provides a foundational capability toward more realistic and semantically rich vulnerability detection in modern mobile infrastructure.
AB - This paper presents HyFuzz, a hybrid intelligent fuzz testing platform designed to enhance the security validation of next generation (NextG) mobile networks. HyFuzz integrates symbolic formal analysis with adaptive fuzzing to enable the discovery of vulnerabilities that emerge from subtle state inconsistencies and session level command manipulations. Specifically, HyFuzz demonstrates support for multi step intra session fuzzing, where carefully crafted command sequences cause persistent state desynchronization between User Equipment (UE) and the network. Complementing this, HyFuzz employs formal guided deep fuzzing, directing fuzzing efforts to high risk protocol states identified by symbolic analysis. Through a dual mode architecture supporting both virtual (ZMQ) and over the air (OTA) fuzzing, HyFuzz provides an extensible testbed for low level and behavioral vulnerability discovery. Experimental results across 1,281 test cases reveal 1,105 failure instances, including stealthy failures that manifest only under extended interaction contexts. Our findings suggest HyFuzz provides a foundational capability toward more realistic and semantically rich vulnerability detection in modern mobile infrastructure.
KW - fuzz testing
KW - Non-intrusive platform
KW - over-the-Air
KW - virtualization
KW - vulnerability
UR - https://www.scopus.com/pages/publications/105017306686
UR - https://www.scopus.com/pages/publications/105017306686#tab=citedBy
U2 - 10.1109/TMC.2025.3614127
DO - 10.1109/TMC.2025.3614127
M3 - Article
AN - SCOPUS:105017306686
SN - 1536-1233
JO - IEEE Transactions on Mobile Computing
JF - IEEE Transactions on Mobile Computing
ER -