网络应用程序经常受到攻击。我们研究了为最近通过的QUIC网络协议开发有效且高效模糊测试工具的问题，以发现安全漏洞。QUIC提供了一种统一的传输层，用于低延迟、可靠的传输流，并且其设计本质上是安全的，代表了互联网的一种复杂协议设计，具有新特性和功能。模糊测试一个安全的传输层协议并非易事。目标交互的实时性、严格的规则约束、异步通信方式、状态依赖的交互特性、通信的安全机制（如完整性校验和加密）以及固有的开销（如目标初始化）对通用网络协议模糊测试工具提出了挑战。我们讨论并解决了针对传输层协议（如QUIC）进行模糊测试的相关挑战，开发了能够快速、有效地测试QUIC实现的机制，构建了一个原型灰盒突变型模糊测试工具——QUIC-Fuzz。我们使用QUIC-Fuzz测试了包括Google和阿里巴巴在内的6个维护良好的服务器端实现。结果显示，该模糊测试工具既高度有效又具备普适性。我们的测试发现了10个新的安全漏洞，其中已有2个获得了CVE编号。在代码覆盖率方面，QUIC-Fuzz在所有目标上的表现均优于其他现有的最先进的网络协议模糊测试工具（如Fuzztruction-Net、ChatAFL和ALFNet），代码覆盖率提升了高达84%，并且在大多数情况下，只有QUIC-Fuzz能够发现这些漏洞。我们已在GitHub上开源了QUIC-Fuzz。

Network applications are routinely under attack. We consider the problem of developing an effective and efficient fuzzer for the recently ratified QUIC network protocol to uncover security vulnerabilities. QUIC offers a unified transport layer for low latency, reliable transport streams that is inherently secure, ultimately representing a complex protocol design characterised by new features and capabilities for the Internet. Fuzzing a secure transport layer protocol is not trivial. The interactive, strict, rule-based, asynchronous nature of communications with a target, the stateful nature of interactions, security mechanisms to protect communications (such as integrity checks and encryption), and inherent overheads (such as target initialisation) challenge generic network protocol fuzzers. We discuss and address the challenges pertinent to fuzzing transport layer protocols (like QUIC), developing mechanisms that enable fast, effective fuzz testing of QUIC implementations to build a prototype grey-box mutation-based fuzzer; QUIC-Fuzz. We test 6, well-maintained server-side implementations, including from Google and Alibaba with QUIC-Fuzz. The results demonstrate the fuzzer is both highly effective and generalisable. Our testing uncovered 10 new security vulnerabilities, precipitating 2 CVE assignments thus far. In code coverage, QUIC-Fuzz outperforms other existing state-of-the-art network protocol fuzzers (Fuzztruction-Net, ChatAFL, and ALFNet) with up to an 84% increase in code coverage where QUIC-Fuzz outperformed statistically significantly across all targets and with a majority of bugs only discoverable by QUIC-Fuzz. We open-source QUIC-Fuzz on GitHub.