CC-Fuzz: Genetic algorithm-based fuzzing for stress testing congestion control algorithms

TL;DR

CC-Fuzz is an automated testing framework that employs genetic algorithms to generate adversarial network conditions, effectively uncovering bugs and vulnerabilities in congestion control algorithms like BBR.

Contribution

This paper introduces CC-Fuzz, a novel genetic algorithm-based fuzzing framework for stress testing congestion control algorithms in diverse network scenarios.

Findings

Detected a bug in BBR causing permanent stalling

Automatically discovered the low-rate TCP attack

Demonstrated effectiveness in stress testing congestion algorithms

Abstract

Congestion control research has experienced a significant increase in interest in the past few years, with many purpose-built algorithms being designed with the needs of specific applications in mind. These algorithms undergo limited testing before being deployed on the Internet, where they interact with other congestion control algorithms and run across a variety of network conditions. This often results in unforeseen performance issues in the wild due to algorithmic inadequacies or implementation bugs, and these issues are often hard to identify since packet traces are not available. In this paper, we present CC-Fuzz, an automated congestion control testing framework that uses a genetic search algorithm in order to stress test congestion control algorithms by generating adversarial network traces and traffic patterns. Initial results using this approach are promising - CC-Fuzz automatically found a bug in BBR that causes it to stall permanently, and is able to automatically discover the well-known low-rate TCP attack, among other things.