| Specification-based fuzzing | Protocol state fuzzing | C&C [12], TLS [7], TCP [9], SSH [13], OPENVPN [14, 15], QUIC [16], IPSec [17], DTLS [18], SFADiff [19], MPInspector [20] | Learning-based-fuzzing [27] | Differential testing | Certificate verification [19ā23], HVLearn [24], TLS-diff [25], NEZHA [26] |
| Code-based fuzzing | Focus on input | TLS-attacker [28], Jero [29], Miff [30], MQTT [31], GANFuzz [32], Hfuzz [33], SeqFuzzer [34], Snipuzz [35] | ā | Focus on state | Chen (TLS) [36], AFLNET [8], StateAFL [37], Profuzzbench [38], TCP-fuzz [39], proposed method |
|
|