Emulation-Instrumented Fuzz Testing of 4G/LTE Android Mobile Devices Guided by Reinforcement Learning

摘要

The proliferation of 4G/LTE (Long Term Evolution)-capable mobile devices calls for new techniques and tools for assessing their vulnerabilities effectively and efficiently. Existing methods require significant human efforts, such as manual examination of LTE protocol specifications or manual analysis of LTE network traffic, to identify potential vulnerabilities. In this work, we investigate the possibility of automating vulnerability assessment of 4G/LTE mobile devices based on AI (Artificial Intelligence) techniques. Towards this end, we develop LEFT (LTE-Oriented Emulation-Instrumented Fuzzing Testbed), which perturbs the behavior of LTE network modules to elicit vulnerable internal states of mobile devices under test. To balance exploration and exploitation, LEFT uses reinforcement learning to guide behavior perturbation in an instrumented LTE network emulator. We have implemented LEFT in a laboratory environment to fuzz two key LTE protocols and used it to assess the vulnerabilities of four COTS (Commercial Off-The-Shelf) Android mobile phones. The experimental results have shown that LEFT can evaluate the security of 4G/LTE-capable mobile devices automatically and effectively.