Learning-Guided Fuzzing for Testing Stateful SDN Controllers

TL;DR

This paper introduces SeqFuzzSDN, a learning-guided fuzzing approach that effectively tests stateful SDN controllers by exploring their state space, generating diverse failure-inducing tests, and inferring accurate failure models, outperforming existing methods.

Contribution

SeqFuzzSDN is a novel learning-guided fuzzing method specifically designed for stateful SDN controllers, improving failure detection and model inference over prior techniques.

Findings

SeqFuzzSDN generates more diverse failure-inducing message sequences.

It produces more accurate failure models.

It outperforms state-of-the-art fuzzing methods in sensitivity and efficiency.

Abstract

Controllers for software-defined networks (SDNs) are centralised software components that enable advanced network functionalities, such as dynamic traffic engineering and network virtualisation. However, these functionalities increase the complexity of SDN controllers, making thorough testing crucial. SDN controllers are stateful, interacting with multiple network devices through sequences of control messages. Identifying stateful failures in an SDN controller is challenging due to the infinite possible sequences of control messages, which result in an unbounded number of stateful interactions between the controller and network devices. In this article, we propose SeqFuzzSDN, a learning-guided fuzzing method for testing stateful SDN controllers. SeqFuzzSDN aims to (1) efficiently explore the state space of the SDN controller under test, (2) generate effective and diverse tests (i.e., control message sequences) to uncover failures, and (3) infer accurate failure-inducing models that characterise the message sequences leading to failures. In addition, we compare SeqFuzzSDN with three extensions of state-of-the-art (SOTA) methods for fuzzing SDNs. Our findings show that, compared to the extended SOTA methods, SeqFuzzSDN (1) generates more diverse message sequences that lead to failures within the same time budget, and (2) produces more accurate failure-inducing models, significantly outperforming the other extended SOTA methods in terms of sensitivity.