Research

Paper

Back to Papers Download PDF
TESTING February 25, 2026

MulCovFuzz: A Multi-Component Coverage-Guided Greybox Fuzzer for 5G Protocol Testing

Authors

Yu Wang, Yang Xiang, Chandra Thapa, Hajime Suzuki

Abstract

As mobile networks transition to 5G infrastructure, ensuring robust security becomes more important due to the complex architecture and expanded attack surface. Traditional security testing approaches for 5G networks rely on black-box fuzzing techniques, which are limited by their inability to observe internal program state and coverage information. This paper presents MulCovFuzz, a novel coverage-guided greybox fuzzing tool for 5G network testing. Unlike existing tools that depend solely on system response, MulCovFuzz implements a multi-component coverage collection mechanism that dynamically monitors code coverage across different components of the 5G system architecture. Our approach introduces a novel testing paradigm that includes a scoring function combining coverage rewards with efficiency metrics to guide test case generation. We evaluate MulCovFuzz on open-source 5G implementation OpenAirInterface. Our experimental results demonstrate that MulCovFuzz significantly outperforms traditional fuzzing approaches, achieving a 5.85\% increase in branch coverage, 7.17\% increase in line coverage, and 16\% improvement in unique crash discovery during 24h fuzzing testing. MulCovFuzz uncovered three zero-day vulnerabilities, two of which were not identified by any other fuzzing technique. This work contributes to the advancement of security testing tools for next-generation mobile networks.

Metadata

arXiv ID: 2602.21794
Provider: ARXIV
Primary Category: cs.CR
Published: 2026-02-25
Fetched: 2026-02-26 05:00

Related papers

Fractal universe and quantum gravity made simple

Fabio Briscese, Gianluca Calcagni • 2026-03-25

POLY-SIM: Polyglot Speaker Identification with Missing Modality Grand Challenge 2026 Evaluation Plan

Marta Moscati, Muhammad Saad Saeed, Marina Zanoni, Mubashir Noman, Rohan Kuma... • 2026-03-25

LensWalk: Agentic Video Understanding by Planning How You See in Videos

Keliang Li, Yansong Li, Hongze Shen, Mengdi Liu, Hong Chang, Shiguang Shan • 2026-03-25

Orientation Reconstruction of Proteins using Coulomb Explosions

Tomas André, Alfredo Bellisario, Nicusor Timneanu, Carl Caleman • 2026-03-25

The role of spatial context and multitask learning in the detection of organic and conventional farming systems based on Sentinel-2 time series

Jan Hemmerling, Marcel Schwieder, Philippe Rufin, Leon-Friedrich Thomas, Mire... • 2026-03-25
Raw Data (Debug) 
{
  "raw_xml": "<entry>\n    <id>http://arxiv.org/abs/2602.21794v1</id>\n    <title>MulCovFuzz: A Multi-Component Coverage-Guided Greybox Fuzzer for 5G Protocol Testing</title>\n    <updated>2026-02-25T11:17:42Z</updated>\n    <link href='https://arxiv.org/abs/2602.21794v1' rel='alternate' type='text/html'/>\n    <link href='https://arxiv.org/pdf/2602.21794v1' rel='related' title='pdf' type='application/pdf'/>\n    <summary>As mobile networks transition to 5G infrastructure, ensuring robust security becomes more important due to the complex architecture and expanded attack surface. Traditional security testing approaches for 5G networks rely on black-box fuzzing techniques, which are limited by their inability to observe internal program state and coverage information. This paper presents MulCovFuzz, a novel coverage-guided greybox fuzzing tool for 5G network testing. Unlike existing tools that depend solely on system response, MulCovFuzz implements a multi-component coverage collection mechanism that dynamically monitors code coverage across different components of the 5G system architecture. Our approach introduces a novel testing paradigm that includes a scoring function combining coverage rewards with efficiency metrics to guide test case generation. We evaluate MulCovFuzz on open-source 5G implementation OpenAirInterface. Our experimental results demonstrate that MulCovFuzz significantly outperforms traditional fuzzing approaches, achieving a 5.85\\% increase in branch coverage, 7.17\\% increase in line coverage, and 16\\% improvement in unique crash discovery during 24h fuzzing testing. MulCovFuzz uncovered three zero-day vulnerabilities, two of which were not identified by any other fuzzing technique. This work contributes to the advancement of security testing tools for next-generation mobile networks.</summary>\n    <category scheme='http://arxiv.org/schemas/atom' term='cs.CR'/>\n    <published>2026-02-25T11:17:42Z</published>\n    <arxiv:comment>11 pages, 5 figures, 1 table</arxiv:comment>\n    <arxiv:primary_category term='cs.CR'/>\n    <author>\n      <name>Yu Wang</name>\n    </author>\n    <author>\n      <name>Yang Xiang</name>\n    </author>\n    <author>\n      <name>Chandra Thapa</name>\n    </author>\n    <author>\n      <name>Hajime Suzuki</name>\n    </author>\n  </entry>"
}