Learning-Based-Fuzzing icon indicating copy to clipboard operation
Learning-Based-Fuzzing copied to clipboard

verified publisher icon DES-Lab

Metadata

Using automata learning to mine models used for fuzzing of statefull systems

Supplemental Materials for "Learning-Based Fuzzing of IoT Message Brokers"

Getting Started

MQTT Broker Configurations

  • VerneMQ 1.11.0
    • https://github.com/vernemq/vernemq
    • docker run -p 1886:1883 -e "DOCKER_VERNEMQ_ALLOW_ANONYMOUS=on" -e "DOCKER_VERNEMQ_ACCEPT_EULA=yes" -e "DOCKER_VERNEMQ_listener.tcp.allowed_protocol_versions=5" --name vernemq1 -d vernemq/vernemq
  • Eclipse Mosquitto 1.6.8
    • https://mosquitto.org/download/
    • Port 1885
    • mosquitto -p 1885
  • HiveMq 2020.2
    • https://github.com/hivemq/hivemq-community-edition
    • Port 1884 (configuration in /hivemq-ce-2020.2/conf/config.xml)
    • ./hivemq-ce-2020.2/bin/run.sh
  • EMQ X v4.0.0
    • https://github.com/emqx/emqx
    • docker run -d --name emqx -p 1883:1883 -p 8083:8083 -p 8883:8883 -p 8084:8084 -p 18083:18083 emqx/emqx
  • ejabberd 20.7.0
    • https://github.com/processone/ejabberd
    • Port 1887
    • disable authentication

Running the Tool

  • After the MQTT broker setup the tool can be executed.
    Linux/MAC
    ./gradlew build
    ./gradlew learningBasedFuzzing
    Windows
    ./gradlew.bat build
    ./gradlew.bat learningBasedFuzzing

Brief Comments on the Code

In the Main.java following steps are performed.

  • Creation of the Eclipse Mosquitto adapter and MQTT client which will interact with the Eclipse Mosquitto broker

MQTTBrokerAdapterConfig mosquittoBrokerConfig = new MQTTBrokerAdapterConfig(InetAddress.getByName("127.0.0.1"), 1885, 200, true, true, true); MQTTClientWrapper mosquittoClient = new MQTTClientWrapper("c0", "mosquitto", mosquittoBrokerConfig);

  • Definition of the input alphabet for learning and the corresponding mapper that translates abstract inputs to concrete inputs
  • Learning of the Eclipse Mosquitto model
  • Results are saved in the 'learnedModels' folder
  • If you want to skip learning and use model in 'learnedModels' folder, remove (comment out) the last line:
Learner mosquittoLearner = new Learner(new LearningMapper(mosquittoClient));
 List<String> paperExample = Arrays.asList(
                "connect", "disconnect",
                "subscribe","publish", "unsubscribe",
                "invalid");

String experimentName = "MosquittoModel";
mosquittoLearner.learn(3000, experimentName, paperExample); // COMMENT OUT if you want to skip learning and use already existing model
  • Configuration of clients for other brokers
  • Same abstract input alphabet is used for the fuzzing mapper
  • Define number of random walks and its maximum length
FuzzingBasedTesting fuzzingBasedTesting =
                new FuzzingBasedTesting("learnedModels/MosquittoModel.dot", clients, new DemoFuzzingMapper());

fuzzingBasedTesting.setInputAlphabet(paperExample);

fuzzingBasedTesting.randomWalkWithFuzzing(1000, 10);

Metadata

16
Stars
0
Forks
Watchers

Owner

verified publisher icon DES-Lab

Metadata

Using automata learning to mine models used for fuzzing of statefull systems

Back