English

A Feature-Oriented Corpus for Understanding, Evaluating and Improving Fuzz Testing

Software Engineering 2019-05-07 v1

Abstract

Fuzzing is a promising technique for detecting security vulnerabilities. Newly developed fuzzers are typically evaluated in terms of the number of bugs found on vulnerable programs/binaries. However,existing corpora usually do not capture the features that prevent fuzzers from finding bugs, leading to ambiguous conclusions on the pros and cons of the fuzzers evaluated. A typical example is that Driller detects more bugs than AFL, but its evaluation cannot establish if the advancement of Driller stems from the concolic execution or not, since, for example, its ability in resolving a dataset`s magic values is unclear. In this paper, we propose to address the above problem by generating corpora based on search-hampering features. As a proof-of-concept, we have designed FEData, a prototype corpus that currently focuses on four search-hampering features to generate vulnerable programs for fuzz testing. Unlike existing corpora that can only answer "how", FEData can also further answer "why" by exposing (or understanding) the reasons for the identified weaknesses in a fuzzer. The "why" information serves as the key to the improvement of fuzzers.

Keywords

Cite

@article{arxiv.1905.01405,
  title  = {A Feature-Oriented Corpus for Understanding, Evaluating and Improving Fuzz Testing},
  author = {Xiaogang Zhu and Xiaotao Feng and Tengyun Jiao and Sheng Wen and Yang Xiang and Seyit Camtepe and Jingling Xue},
  journal= {arXiv preprint arXiv:1905.01405},
  year   = {2019}
}

Comments

13 pages, 12 figures, conference ACCS

R2 v1 2026-06-23T08:56:47.993Z