{"id":"https://openalex.org/W7084131976","doi":"https://doi.org/10.1109/infocom55648.2025.11044489","title":"5GC-Fuzz: Finding Deep Stateful Vulnerabilities in 5G Core Network with Black-Box Fuzzing","display_name":"5GC-Fuzz: Finding Deep Stateful Vulnerabilities in 5G Core Network with Black-Box Fuzzing","publication_year":2025,"publication_date":"2025-05-19","ids":{"openalex":"https://openalex.org/W7084131976","doi":"https://doi.org/10.1109/infocom55648.2025.11044489"},"language":"en","primary_location":{"id":"doi:10.1109/infocom55648.2025.11044489","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infocom55648.2025.11044489","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE INFOCOM 2025 - IEEE Conference on Computer Communications","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Yu Sun","orcid":null},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yu Sun","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University,China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University,China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Xinyu Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xinyu Liu","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University,China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University,China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Qian Sun","orcid":null},"institutions":[{"id":"https://openalex.org/I4210090176","display_name":"Institute of Computing Technology","ror":"https://ror.org/0090r4d87","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210090176"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qian Sun","raw_affiliation_strings":["Institute of Computing Technology,Chinese Academy of Sciences,China"],"affiliations":[{"raw_affiliation_string":"Institute of Computing Technology,Chinese Academy of Sciences,China","institution_ids":["https://openalex.org/I4210090176","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Jiaming Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiaming Wang","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University,China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University,China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Lin Tian","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210090176","display_name":"Institute of Computing Technology","ror":"https://ror.org/0090r4d87","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210090176"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lin Tian","raw_affiliation_strings":["Institute of Computing Technology,Chinese Academy of Sciences,China"],"affiliations":[{"raw_affiliation_string":"Institute of Computing Technology,Chinese Academy of Sciences,China","institution_ids":["https://openalex.org/I4210090176","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":null,"display_name":"Jianwei Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianwei Liu","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University,China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University,China","institution_ids":["https://openalex.org/I82880672"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I82880672"],"apc_list":null,"apc_paid":null,"fwci":2.9853,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.94282171,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":true,"primary_topic":{"id":"https://openalex.org/T10391","display_name":"Healthcare Policy and Management","score":0.24089999496936798,"subfield":{"id":"https://openalex.org/subfields/2002","display_name":"Economics and Econometrics"},"field":{"id":"https://openalex.org/fields/20","display_name":"Economics, Econometrics and Finance"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10391","display_name":"Healthcare Policy and Management","score":0.24089999496936798,"subfield":{"id":"https://openalex.org/subfields/2002","display_name":"Economics and Econometrics"},"field":{"id":"https://openalex.org/fields/20","display_name":"Economics, Econometrics and Finance"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T14370","display_name":"Economic, Social, and Health Studies","score":0.05559999868273735,"subfield":{"id":"https://openalex.org/subfields/2002","display_name":"Economics and Econometrics"},"field":{"id":"https://openalex.org/fields/20","display_name":"Economics, Econometrics and Finance"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12011","display_name":"Insurance, Mortality, Demography, Risk Management","score":0.03519999980926514,"subfield":{"id":"https://openalex.org/subfields/3317","display_name":"Demography"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9871000051498413},{"id":"https://openalex.org/keywords/stateful-firewall","display_name":"Stateful firewall","score":0.948199987411499},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.49549999833106995},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.4812999963760376},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.43959999084472656},{"id":"https://openalex.org/keywords/protocol-stack","display_name":"Protocol stack","score":0.4327000081539154},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4171000123023987},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.36809998750686646},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.3675999939441681}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9871000051498413},{"id":"https://openalex.org/C22927095","wikidata":"https://www.wikidata.org/wiki/Q1784206","display_name":"Stateful firewall","level":3,"score":0.948199987411499},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8306000232696533},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.49549999833106995},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.4812999963760376},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.43959999084472656},{"id":"https://openalex.org/C38601921","wikidata":"https://www.wikidata.org/wiki/Q1757693","display_name":"Protocol stack","level":3,"score":0.4327000081539154},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4269999861717224},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4171000123023987},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.41359999775886536},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.36809998750686646},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.3675999939441681},{"id":"https://openalex.org/C2164484","wikidata":"https://www.wikidata.org/wiki/Q5170150","display_name":"Core (optical fiber)","level":2,"score":0.3643999993801117},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.3621000051498413},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.34630000591278076},{"id":"https://openalex.org/C12269588","wikidata":"https://www.wikidata.org/wiki/Q132364","display_name":"Communications protocol","level":2,"score":0.3296000063419342},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.3249000012874603},{"id":"https://openalex.org/C2778112365","wikidata":"https://www.wikidata.org/wiki/Q3511065","display_name":"Sequence (biology)","level":2,"score":0.3176000118255615},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3160000145435333},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.29159998893737793},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.28940001130104065},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.2806999981403351},{"id":"https://openalex.org/C2776788033","wikidata":"https://www.wikidata.org/wiki/Q320769","display_name":"Eavesdropping","level":2,"score":0.27149999141693115},{"id":"https://openalex.org/C128942645","wikidata":"https://www.wikidata.org/wiki/Q1568346","display_name":"Test case","level":3,"score":0.26499998569488525},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.25060001015663147}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/infocom55648.2025.11044489","is_oa":false,"landing_page_url":"https://doi.org/10.1109/infocom55648.2025.11044489","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE INFOCOM 2025 - IEEE Conference on Computer Communications","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G6189351073","display_name":null,"funder_award_id":"62472015","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Given":[0],"the":[1,25,95,118,163,192],"large-scale":[2],"deployment":[3],"of":[4,8,24,38,55,84,194],"5G,":[5],"rigorous":[6],"testing":[7],"its":[9],"core":[10],"network":[11],"(5GC)":[12],"is":[13,21],"essential":[14],"to":[15,67,93,111,135],"ensure":[16],"security":[17,193],"and":[18,52,121,124,139,151,156,184],"robustness.":[19],"Fuzzing":[20],"currently":[22],"one":[23],"most":[26],"popular":[27,148],"vulnerability":[28],"discovery":[29],"techniques.":[30],"However,":[31],"existing":[32],"fuzzers":[33],"suffer":[34],"from":[35,90],"low":[36],"coverage":[37],"3GPP-specified":[39],"5GC":[40,50,73,86,133,149],"states,":[41,51],"invalid":[42],"long":[43],"signaling":[44,102],"sequence":[45,103],"generation":[46],"when":[47],"exploring":[48],"deep":[49,69],"coarse-grained":[53],"feedback":[54,129],"closed-source":[56],"5G":[57,100],"systems.":[58],"This":[59],"paper":[60],"presents":[61],"5GC-Fuzz,":[62],"a":[63,81,85,99,126],"black-box":[64],"fuzzing":[65,96],"framework":[66],"detect":[68],"stateful":[70],"vulnerabilities":[71,187],"in":[72,188],"implementations.":[74],"5GC-Fuzz":[75,143,167],"integrates":[76],"three":[77,147],"innovative":[78],"techniques:":[79],"(1)":[80],"systematic":[82],"construction":[83],"state":[87,159],"machine":[88],"derived":[89],"3GPP":[91],"specifications":[92],"guide":[94],"process;":[97],"(2)":[98],"grammar-aware":[101],"mutation":[104],"method":[105],"based":[106,131],"on":[107,132,146],"protocol":[108],"stack":[109],"interception":[110],"generate":[112],"test":[113,137],"cases":[114],"while":[115],"maximally":[116],"guaranteeing":[117],"syntactic,":[119],"semantic,":[120],"cryptographic":[122],"correctness;":[123],"(3)":[125],"fine-grained":[127],"state-transition-path":[128],"mechanism":[130],"logs":[134],"optimize":[136],"states":[138,155,183],"sequences":[140],"selection.":[141],"The":[142],"was":[144],"evaluated":[145],"implementations":[150],"achieves":[152],"152.6%":[153],"more":[154,158,186],"206.7%":[157],"transition":[160],"paths":[161],"than":[162],"state-of-the-art":[164],"fuzzers.":[165],"Moreover,":[166],"exposed":[168],"22":[169],"security-critical":[170],"vulnerabilities,":[171],"with":[172],"6":[173],"CVEs":[174],"assigned.":[175],"In":[176],"general,":[177],"5GC-":[178],"Fuzz":[179],"could":[180],"explore":[181],"deeper":[182],"uncover":[185],"5GC,":[189],"significantly":[190],"enhancing":[191],"mobile":[195],"communication":[196],"infrastructures.":[197]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}