@inproceedings{54a50526e17548c69d0d6ca0641bf200,
title = "Learning-Based Fuzzing of IoT Message Brokers",
abstract = "The number of devices in the Internet of Things (IoT) immensely grew in recent years. A frequent challenge in the assurance of the dependability of IoT systems is that components of the system appear as a black box. This paper presents a semi-automatic testing methodology for black-box systems that combines automata learning and fuzz testing. Our testing technique uses stateful fuzzing based on a model that is automatically inferred by automata learning. Applying this technique, we can simultaneously test multiple implementations for unexpected behavior and possible security vulnerabilities.We show the effectiveness of our learning-based fuzzing technique in a case study on the MQTT protocol. MQTT is a widely used publish/subscribe protocol in the IoT. Our case study reveals several inconsistencies between five different MQTT brokers. The found inconsistencies expose possible security vulnerabilities and violations of the MQTT specification.",
keywords = "Internet of Things, Learning automata, Protocols, Fuzz testing, MQTT, Model inference, Model-based testing, automata learning, model inference, active automata learning, stateful fuzzing, conformance testing, IoT",
author = "Bernhard Aichernig and Edi Muskardin and Andrea Pferscher",
year = "2021",
month = apr,
doi = "10.1109/ICST49551.2021.00017",
language = "English",
series = "Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021",
pages = "47--58",
booktitle = "Proceedings - 2021 IEEE 14th International Conference on Software Testing, Verification and Validation, ICST 2021",
note = "2021 IEEE International Conference on Software Testing : ICST 2021, ICST 2021 ; Conference date: 12-04-2021 Through 16-04-2021",
}