Jinjing Zhao, Yan Wen, Gang Zhao,
How to efficiently reduce the fuzzing data scale while assuring high fuzzing veracity and vulnerability coverage is a pivotal issue in program fuzz test. This paper proposes a new heuristic method for fuzzing data generation named with H-Fuzzing. H-Fuzzing achieves a high program execution path coverage by ... property from the program. Our experiments evaluate H-Fuzzing, Java Path Finder (JPF) and random fuzzing method. The evaluation results demonstrate that H-Fuzzing can use fewer iterations and testing time to ...
Tópico(s): Teaching and Learning Programming
2011 - Springer Science+Business Media | Lecture notes in computer science
Baojiang Cui, Shurui Liang, Shilei Chen, Bing Zhao, Xiaobing Liang,
... devoted into finding the vulnerabilities of Zigbee by fuzzing. According to earlier test records, the majority of ... this paper, we propose a refined structure-based fuzzing algorithm for Zigbee based on FSM, FSM-fuzzing. Any malformed input in FSM-Fuzzing is injected to the tested sensor against a ... of the states would be traversed in FSM-fuzzing. A fuzzing tool, ZFSM-fuzzer, is designed for evaluating the performance of FSM-fuzzing. Experiment results show that there is a vulnerability ... addresses. Further, the quality of cases of FSM-fuzzing is higher than the previous algorithms. Therefore, FSM- ...
Tópico(s): Network Security and Intrusion Detection
2014 - Hindawi Publishing Corporation | International Journal of Distributed Sensor Networks
Jun Li, Bodong Zhao, Chao Zhang,
... advance, researchers have proposed several techniques, among which fuzzing is the most widely used one. In recent years, fuzzing solutions, like AFL, have made great improvements in ... the recent advances, analyzes how they improve the fuzzing process, and sheds light on future work in fuzzing. Firstly, we discuss the reason why fuzzing is popular, by comparing different commonly used vulnerability discovery techniques. Then we present an overview of fuzzing solutions, and discuss in detail one of the ...
Tópico(s): Network Security and Intrusion Detection
2018 - Springer Nature | Cybersecurity
Congxi Song, Xu Zhou, Qidi Yin, Xinglu He, Hangwei Zhang, Kai Lü,
Fuzzing is an effective technology in software testing and security vulnerability detection. Unfortunately, fuzzing is an extremely compute-intensive job, which may ... find a bug. Current novel works generally improve fuzzing efficiency by developing delicate algorithms. In this paper, ... field, i.e., leveraging parallel computing to improve fuzzing efficiency. In this way, we develop P-fuzz, a parallel fuzzing framework that can utilize massive, distributed computing resources ... P-fuzz uses a database to share the fuzzing status such as seeds, the coverage information, etc. ...
Tópico(s): Software Reliability and Analysis Research
2019 - Multidisciplinary Digital Publishing Institute | Applied Sciences
Zhihui Li, Hui Zhao, Jianqi Shi, Yanhong Huang, Jiawen Xiong,
Fuzzing (Fuzz testing) can effectively identify security vulnerabilities in software by providing a large amount of unexpected ... to the target program. An important part of fuzzing test is the fuzzing data generation. Numerous traditional methods to generate fuzzing data have been developed, such as model-based fuzzing data generation and random fuzzing data generation. These techniques require the specification of ... WGANs), a deep adversarial learning method, to generate fuzzing data. This method does not require defining the ...
Tópico(s): Software Testing and Debugging Techniques
2019 - Institute of Electrical and Electronics Engineers | IEEE Access
Tiantian Ji, Zhongru Wang, Zhihong Tian, Binxing Fang, Qiang Ruan, Haichen Wang, Wei Shi,
Fuzzing is a simple and popular technique that has been widely used to detect vulnerabilities in software. However, due to its blind mutation, fuzzing brings many limitations. First, it is difficult for fuzzing to pass the sanity checks, which makes fuzzing unable to target vulnerability or crash locations effectively. ... seed generation and makes it difficult for the fuzzing process to achieve convergence. In this paper, we propose a direction sensitive fuzzing solution AFLPro. On the one hand, it focuses ...
Tópico(s): Software Reliability and Analysis Research
2020 - Elsevier BV | Journal of Information Security and Applications
Olivier Nourry, Yutaro Kashiwa, Bin Lin, Gabriele Bavota, Michele Lanza, Yasutaka Kamei,
Fuzz testing, also known as fuzzing, is a software testing technique aimed at identifying software vulnerabilities. In recent decades, fuzzing has gained increasing popularity in the research community. However, existing studies led by fuzzing experts mainly focus on improving the coverage and performance of fuzzing techniques. That is, there is still a gap in empirical knowledge regarding fuzzing, especially about the challenges developers face when they adopt fuzzing. Understanding these challenges can provide valuable insights to ...
Tópico(s): Adversarial Robustness in Machine Learning
2023 - Association for Computing Machinery | ACM Transactions on Software Engineering and Methodology
Xu Zhou, Pengfei Wang, Chenyifan Liu, Tai Yue, Yingying Liu, Congxi Song, Kai Lu, Qidi Yin, Xu Han,
Recent research has sought to improve fuzzing performance via parallel computing. However, researchers focus on improving efficiency while ignoring the increasing cost of testing resources. Parallel fuzzing in the distributed environment amplifies the resource-wasting problem caused by the random nature of fuzzing. In the parallel mode, owing to the lack of an appropriate task dispatching scheme and timely fuzzing status synchronization among different fuzzing instances, task conflicts and workload imbalance occur, making ...
Tópico(s): Software Testing and Debugging Techniques
2022 - IEEE Computer Society | IEEE Transactions on Software Engineering
Hyung-Hoon Kim, Yeonseon Jeong, Wonsuk Choi, Doon Hoon Lee, Hyo Jin Jo,
... critical functions in ECUs, researchers have studied CAN fuzzing methods. In existing CAN fuzzing methods, fuzzing input values are generally generated at random without ... of CAN messages, resulting in non-negligible CAN fuzzing time. In addition, existing fuzzing solutions have limited monitoring capabilities of the fuzzing results. In this paper, we propose a Structure-aware CAN Fuzzing protocol, in which the structure of CAN messages is considered and fuzzing input values are systematically generated to locate vulnerable ...
Tópico(s): Advanced Malware Detection Techniques
2022 - Institute of Electrical and Electronics Engineers | IEEE Access
Yan Wang, Peng Jia, Luping Liu, Cheng Huang, Zhonglin Liu,
... play a vital role in network security system. Fuzzing technology is widely used as a vulnerability discovery ... recent years, analyzes how machine learning improves the fuzzing process and results, and sheds light on future work in fuzzing. Firstly, this paper discusses the reasons why machine learning techniques can be used for fuzzing scenarios and identifies five different stages in which ... Then this paper systematically studies machine learning-based fuzzing models from five dimensions of selection of machine ...
Tópico(s): Network Security and Intrusion Detection
2020 - Public Library of Science | PLoS ONE
Yu Zhang, Wei Huo, Kunpeng Jian, Ji Shi, Longquan Liu, Yanyan Zou, Chao Zhang, Baoxu Liu,
... greatly endangering end users. To discover these vulnerabilities, fuzzing web server modules of SOHO routers is the ... environment recovery mechanisms. Moreover, existing works for device fuzzing are more likely to detect memory corruption vulnerabilities. ... address these issues. It is a fully automated fuzzing framework for testing physical SOHO devices. It continuously ... ESRFuzzer can work in two ways: general mode fuzzing and D-CONF mode fuzzing. General mode fuzzing can discover both issues which occur in the ...
Tópico(s): Network Packet Processing and Optimization
2021 - Springer Nature | Cybersecurity
Patrice Godefroid, Adam Kieżun, Michael Y. Levin,
Whitebox fuzzing is a form of automatic dynamic test generation, based on symbolic execution and constraint solving, designed for ... large applications. Unfortunately, the current effectiveness of whitebox fuzzing is limited when testing applications with highly-structured ... of control paths in early processing stages, whitebox fuzzing rarely reaches parts of the application beyond those ... this paper, we study how to enhance whitebox fuzzing of complex structured-input applications with a grammar- ... of our experiments show that grammar-based whitebox fuzzing explores deeper program paths and avoids dead-ends ...
Tópico(s): Web Application Security Vulnerabilities
2008 - Association for Computing Machinery | ACM SIGPLAN Notices
Dazhi Zhang, Donggang Liu, Yu Lei, David Chenho Kung, Christoph Csallner, Nathaniel Nystrom, Wenhua Wang,
Fuzzing is widely used to detect software vulnerabilities. Blackbox fuzzing does not require program source code. It mutates ... program state is low. As a result, blackbox fuzzing is often limited to identify vulnerabilities in input ... expensive to obtain such knowledge in practice. Whitebox fuzzing employs heavy analysis techniques, i.e., dynamic symbolic ... to path explosion. This paper proposes a novel fuzzing approach that aims to produce test inputs to explore deep program semantics effectively and efficiently. The fuzzing process comprises two stages. At the first stage, ...
Tópico(s): Software Engineering Research
2011 - Elsevier BV | Journal of Systems and Software
Maksim Olegovich Shudrak, Vyacheslav V. Zolotarev,
... software analysis; one of these approaches is called fuzzing. Fuzzing is performed by generating and sending potentially malformed ... application under test. Since first appearance in 1988, fuzzing has evolved a lot, but issues which addressed ... our research, we propose a novel approach of fuzzing effectiveness evaluation and improving, taking into account semantics ... a set of open-source tools for improving fuzzing effectiveness. The experimental results of effectiveness assessment have ... approach and allowed to reduce time costs for fuzzing campaign by an average of 26–28 % for ...
Tópico(s): Software Engineering Research
2016 - Springer Science+Business Media | Lecture notes in computer science
Hongliang Liang, Xiaoxiao Pei, Xiaodong Jia, Wuwei Shen, Jian Zhang,
... one of the most popular software testing techniques, fuzzing can find a variety of weaknesses in a ... generating numerous test inputs. Due to its effectiveness, fuzzing is regarded as a valuable bug hunting method. In this paper, we present an overview of fuzzing that concentrates on its general process, as well ... We further investigate and classify several widely used fuzzing tools. Our primary goal is to equip the stakeholder with a better understanding of fuzzing and the potential solutions for improving fuzzing methods ...
Tópico(s): Software Reliability and Analysis Research
2018 - Institute of Electrical and Electronics Engineers | IEEE Transactions on Reliability
Valentin J. M. Manès, Hyung-Seok Han, Choongwoo Han, Sang Kil, Manuel Egele, Edward J. Schwartz, Maverick Woo,
Among the many software testing techniques available today, fuzzing has remained highly popular due to its conceptual ... real-world software vulnerabilities. At a high level, fuzzing refers to a process of repeatedly running a ... invested a large and diverse effort towards improving fuzzing in recent years, this surge of work has ... to gain a comprehensive and coherent view of fuzzing. To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model ...
Tópico(s): Software Reliability and Analysis Research
2019 - IEEE Computer Society | IEEE Transactions on Software Engineering
LibKluzzer is a novel implementation of hybrid fuzzing, which combines the strengths of coverage-guided fuzzing and dynamic symbolic execution (a.k.a. whitebox fuzzing). While coverage-guided fuzzing can discover new execution paths at nearly native speed, whitebox fuzzing is capable of getting through complex branch conditions. ... level. It employs LibFuzzer as the coverage-guided fuzzing component and KLUZZER, an extension of KLEE, as the whitebox fuzzing component.
Tópico(s): Real-time simulation and control systems
2020 - Springer Science+Business Media | Lecture notes in computer science
Shisong Qin, Fan Hu, Zheyu Ma, Bodong Zhao, Tingting Yin, Chao Zhang,
... thus, it is vital to find their vulnerabilities. Fuzzing is currently one of the most popular software ... efficiency. In this article, we propose a new fuzzing solution NSFuzz for stateful network services. We studied ... 2) an efficient interaction synchronization mechanism to improve fuzzing efficiency. We implemented a prototype of NSFuzz, which ... state tracing to carry out efficient state-aware fuzzing via lightweight compile-time instrumentation. The evaluation results ... could infer a more accurate state model during fuzzing and improve fuzzing throughput by up to 200×. ...
Tópico(s): Software System Performance and Reliability
2023 - Association for Computing Machinery | ACM Transactions on Software Engineering and Methodology
Andrea Pferscher, Bernhard K. Aichernig,
Fuzzing (aka fuzz testing) shows promising results in security testing. The advantage of fuzzing is the relatively simple applicability compared to comprehensive ... security analysis. However, the effectiveness of black-box fuzzing is hard to judge since the internal structure ... in-depth behavior might not be covered by fuzzing. This paper aims at overcoming the limitations of black-box fuzzing. We present a stateful black-box fuzzing technique that uses a behavioral model of the ... model. Our framework generates a test suite for fuzzing that includes valid and invalid inputs. The goal ...
Tópico(s): Software Reliability and Analysis Research
2022 - Springer Science+Business Media | Lecture notes in computer science
Xiaogang Zhu, Sheng Wen, Seyit Camtepe, Yang Xiang,
Fuzz testing (fuzzing) has witnessed its prosperity in detecting security flaws recently. It generates a large number of test cases and monitors the executions for defects. Fuzzing has detected thousands of bugs and vulnerabilities in ... there lacks systematic analysis of gaps faced by fuzzing. As a technique of defect detection, fuzzing is required to narrow down the gaps between ... smaller than the entire input space. Besides, because fuzzing generates numerous test cases to repeatedly examine targets, ...
Tópico(s): Adversarial Robustness in Machine Learning
2022 - Association for Computing Machinery | ACM Computing Surveys
... the real world and cause a system failure. Fuzzing is a security testing technique in which testers ... Codenomics, recently finished co-authoring a book on fuzzing. In this article, he describes some of the ... and evaluate system security. While building a commercial fuzzing company that uses fuzzing principles to build world-leading security test tools, ... Miller (independent security evaluator). Finally, our book on fuzzing is out! 'Yet another book on fuzzing?' one may ask. Not quite.
Tópico(s): Information and Cyber Security
2008 - Elsevier BV | Network Security
Greg Banks, Marco Cova, Viktoria Felmetsger, Kevin C. Almeroth, Richard A. Kemmerer, Giovanni Vigna,
Fuzzing is a well-known black-box approach to the security testing of applications. Fuzzing has many advantages in terms of simplicity and ... over more complex, expensive testing approaches. Unfortunately, current fuzzing tools suffer from a number of limitations, and, in particular, they provide little support for the fuzzing of stateful protocols. In this paper, we present ... oriented, network protocol fuzzers. SNOOZE implements a stateful fuzzing approach that can be used to effectively identify ... each state. In addition, SNOOZE provides attack-specific fuzzing primitives that allow a tester to focus on ...
Tópico(s): Advanced Malware Detection Techniques
2006 - Springer Science+Business Media | Lecture notes in computer science
Martin Schneider, Jürgen Großmann, Nikolay Tcholtchev, Ina Schieferdecker, Andrej Pietschker,
... to break into or to crash a system, fuzzing is an established technique in industry. Model-based fuzzing complements model-based testing of functionality in order ... data, we present a complementary approach called behavioral fuzzing. Behavioral fuzzing does not inject invalid input data but sends ... functional test cases – and modify them by applying fuzzing operators in order to generate invalid sequences of messages. We present the identified fuzzing operators and propose a classification for them. A ...
Tópico(s): Advanced Malware Detection Techniques
2013 - Springer Science+Business Media | Lecture notes in computer science
Wanyou Lv, Jiawen Xiong, Jianqi Shi, Yanhong Huang, Shengchao Qin,
... protocols (ICPs) should be considered jointly. Fuzz testing (fuzzing) for the ICP is a common way to ... implemented with flaws and network security vulnerability. Traditional fuzzing methods promote the safety and security testing of ... of them have practical applications. However, most traditional fuzzing methods rely heavily on the specification of ICPs, ... study, we propose a smart and automated protocol fuzzing methodology based on improved deep convolution generative adversarial ... series of performance metrics. An automated and intelligent fuzzing framework BLSTM-DCNNFuzz for application is designed. Several ...
Tópico(s): Software Testing and Debugging Techniques
2020 - Springer Science+Business Media | Journal of Intelligent Manufacturing
Zhenguang Liu, Peng Qian, Jiaxu Yang, Lingfeng Liu, Xiaojun Xu, Qinming He, Xiaosong Zhang,
... positive rates. Another line of works concentrate on fuzzing techniques. Unfortunately, current fuzzing approaches for smart contracts tend to conduct fuzzing starting from the initial state of the contract, ... the appended sequence $\mathcal {S}_{2}$ can start fuzzing from states that are different from the initial ... higher branch coverage than state-of-the-art fuzzing approaches, (ii) IR-Fuzz detects more vulnerabilities and ...
Tópico(s): Blockchain Technology Applications and Security
2023 - Institute of Electrical and Electronics Engineers | IEEE Transactions on Information Forensics and Security
Joobeom Yun, Fayozbek Rustamov, Juhwan Kim, Youngjoo Shin,
... detecting and eliminating these vulnerabilities immediately are crucial. Fuzzing is an efficient method to identify vulnerabilities automatically, ... many publications have been released to date. However, fuzzing for embedded systems has not been studied extensively ... difficulties, and limited resources. Thus, the article introduces fuzzing techniques for embedded systems and the fuzzing differences for desktop and embedded systems. Further, we ... their advantages and disadvantages, and classify embedded system fuzzing tools. Finally, future directions for fuzzing research of ...
Tópico(s): Physical Unclonable Functions (PUFs) and Hardware Security
2022 - Association for Computing Machinery | ACM Computing Surveys
Youngjoo Ko, Bin Zhu, Jong Kim,
... which raises scalability issues. This paper introduces AutoInter-fuzzing, a fuzzer controlling thread interleavings elaborately and providing ... detect vulnerabilities in a multi-threaded program. AutoInter-fuzzing consists of static analysis and dynamic fuzzing. At the static analysis, the fuzzer extracts and ... We apply the power schedule in the dynamic fuzzing to focus on the seeds that reveal the ... effectively enlarges the untested interleaving space, and AutoInter-fuzzing outperforms AFL and ConAFL in detecting interleaving-relevant ...
Tópico(s): Software System Performance and Reliability
2022 - Elsevier BV | Journal of Systems and Software
Black-box mutational fuzzing is a simple yet effective method for finding software vulnerabilities. In this work, we collect and analyze fuzzing campaign data of 60,000 fuzzing runs, 4,000 crashes and 363 unique bugs, from multiple Linux programs using CERT Basic Fuzzing Framework. Motivated by the results of empirical analysis, ... the expected number of bugs discovered in a fuzzing campaign within a given time, why improving software ...
Tópico(s): Software Engineering Research
2016 - Springer Science+Business Media | Lecture notes in computer science
Gen Zhang, Xu Zhou, Yingqi Luo, Xugang Wu, Erxue Min,
Greybox fuzzing, such as american fuzzy lop (AFL), is very efficient in finding software vulnerability, which makes it the state-of-the-art fuzzing technology. Greybox fuzzing leverages the branch information collected during program running as feedback to guide choosing seeds. Current greybox fuzzing generally uses two kinds of methods to collect ... low. In this paper, we propose a greybox fuzzing approach named PTfuzz, which leverages hardware mechanism (Intel ...
Tópico(s): Software Reliability and Analysis Research
2018 - Institute of Electrical and Electronics Engineers | IEEE Access
Chen Chen, Baojiang Cui, Jinxin Ma, Runpu Wu, Jianchao Guo, Wenqian Liu,
Fuzzing is an effective and widely used technique for finding security bugs and vulnerabilities in software. It ... in the program execution. Since the first random fuzzing system was constructed, fuzzing efficiency has been greatly improved by combination with ... systematically review these techniques and their corresponding representative fuzzing systems. By introducing the principles, advantages and disadvantages ... researchers with a systematic and deeper understanding of fuzzing techniques and provide some references for this field.
Tópico(s): Advanced Malware Detection Techniques
2018 - Elsevier BV | Computers & Security