Abstract:Fuzzing plays a significant role in discovering security vulnerabilities and improving security in protocol software. In recent years, the introduction of the state into server program fuzzing has received widespread attention. This study addresses the problem of low efficiency of fuzzing due to the insufficient utilization of information in the protocol fuzzing process and the inability to continuously focus on key states. The study also proposes a protocol fuzzing method based on the cooperation of double cover information. Firstly, the state selection algorithm proposed in this study sets weights for each state by mapping the state space to the program space and using heuristic calculation methods to guide the fuzzing to continuously focus on states that are more likely to have defects. Secondly, the study detects a seed position that will not affect the state but can change the program coverage and restricts the mutation position to adequately test the code area corresponding to the focus state. The study also verifies the effectiveness of the improved algorithm on the baseline tools AFLNet and SnapFuzz and integrates them into a protocol fuzzing tool, namely C2SFuzz. Experiments are carried out on the latest version of protocol server programs such as LightFTP and Live555, and five unknown vulnerabilities are detected.