English
Related papers

Related papers: FairFuzz: Targeting Rare Branches to Rapidly Incre…

200 papers

Protocol implementations are stateful which makes them difficult to test: Sending the same test input message twice might yield a different response every time. Our proposal to consider a sequence of messages as a seed for coverage-directed…

Software Engineering · Computer Science 2025-04-30 Ruijie Meng , Van-Thuan Pham , Marcel Böhme , Abhik Roychoudhury

Fuzzing is a widely used technique for discovering software vulnerabilities, but identifying hot bytes that influence program behavior remains challenging. Traditional taint analysis can track such bytes white-box, but suffers from…

Cryptography and Security · Computer Science 2025-06-11 Yuchong Xie , Wenhui Zhang , Dongdong She

Compared to fixed-function switches, the flexibility of programmable switches comes at a cost, as programmer mistakes frequently result in subtle bugs in the network data plane. In this paper, we present the design and implementation of…

Networking and Internet Architecture · Computer Science 2022-07-28 Nofel Yaseen , Liangcheng Yu , Caleb Stanford , Ryan Beckett , Vincent Liu

Coverage-based greybox fuzzing (CGF) is one of the most successful methods for automated vulnerability detection. Given a seed file (as a sequence of bits), CGF randomly flips, deletes or bits to generate new files. CGF iteratively…

Cryptography and Security · Computer Science 2020-05-22 Van-Thuan Pham , Marcel Böhme , Andrew E. Santosa , Alexandru Răzvan Căciulescu , Abhik Roychoudhury

As researchers, we already understand how to make testing more effective and efficient at finding bugs. However, as fuzzing (i.e., automated testing) becomes more widely adopted in practice, practitioners are asking: Which assurances does a…

Software Engineering · Computer Science 2018-12-18 Marcel Böhme

This paper presents a novel fuzzing framework, called MicroFuzz, specifically designed for Microservices. Mocking-Assisted Seed Execution, Distributed Tracing, Seed Refresh and Pipeline Parallelism approaches are adopted to address the…

Software Engineering · Computer Science 2024-02-06 Peng Di , Bingchang Liu , Yiyi Gao

Fuzzing is one of the most effective approaches to finding software flaws. However, applying it to microcontroller firmware incurs many challenges. For example, rehosting-based solutions cannot accurately model peripheral behaviors and thus…

Cryptography and Security · Computer Science 2022-04-20 Wenqiang Li , Jiameng Shi , Fengjun Li , Jingqiang Lin , Wei Wang , Le Guan

Machine learning models are notoriously difficult to interpret and debug. This is particularly true of neural networks. In this work, we introduce automated software testing techniques for neural networks that are well-suited to discovering…

Machine Learning · Statistics 2018-07-31 Augustus Odena , Ian Goodfellow

In recent years, fuzzing has been widely applied not only to application software but also to system software, including the Linux kernel and firmware, and has become a powerful technique for vulnerability discovery. Among these approaches,…

Cryptography and Security · Computer Science 2026-03-27 Masami Ichikawa

The importance of addressing security vulnerabilities is indisputable, with software becoming crucial in sectors such as national defense and finance. Consequently, The security issues caused by software vulnerabilities cannot be ignored.…

Cryptography and Security · Computer Science 2024-01-31 Liqun Yang , Chunan Li , Yongxin Qiu , Chaoren Wei , Jian Yang , Hongcheng Guo , Jinxin Ma , Zhoujun Li

Fuzzing has shown great success in evaluating the robustness of intelligent natural language processing (NLP) software. As large language model (LLM)-based NLP software is widely deployed in critical industries, existing methods still face…

Software Engineering · Computer Science 2025-09-23 Mingxuan Xiao , Yan Xiao , Shunhui Ji , Jiahe Tu , Pengcheng Zhang

BusyBox, an open-source software bundling over 300 essential Linux commands into a single executable, is ubiquitous in Linux-based embedded devices. Vulnerabilities in BusyBox can have far-reaching consequences, affecting a wide array of…

Software Engineering · Computer Science 2025-03-26 Asmita , Yaroslav Oliinyk , Michael Scott , Ryan Tsang , Chongzhou Fang , Houman Homayoun

Deep learning (DL) systems can make our life much easier, and thus are gaining more and more attention from both academia and industry. Meanwhile, bugs in DL systems can be disastrous, and can even threaten human lives in safety-critical…

Software Engineering · Computer Science 2022-03-01 Anjiang Wei , Yinlin Deng , Chenyuan Yang , Lingming Zhang

FuzzPilot is a controller for AFL++ that moves expensive reasoning out of the mutation hot path. When coverage plateaus, it snapshots the corpus, prepares candidate mutation recipes, evaluates them in short isolated AFL++ micro-campaigns,…

Software Engineering · Computer Science 2026-05-27 Zhiyi Yao

Fuzzing is a powerful software testing technique renowned for its effectiveness in identifying software vulnerabilities. Traditional fuzzing evaluations typically focus on overall fuzzer performance across a set of target programs, yet few…

Software Engineering · Computer Science 2025-06-19 Miao Miao

Greybox fuzzing is one of the most popular methods for detecting software vulnerabilities, which conducts a biased random search within the program input space. To enhance its effectiveness in achieving deep coverage of program behaviors,…

Software Engineering · Computer Science 2026-05-06 Ruijie Meng , Gregory J. Duck , Abhik Roychoudhury

Fuzz testing effectively uncovers software vulnerabilities; however, it faces challenges with Autonomous Systems (AS) due to their vast search spaces and complex state spaces, which reflect the unpredictability and complexity of real-world…

Software Engineering · Computer Science 2024-12-30 Taohong Zhu , Adrians Skapars , Fardeen Mackenzie , Declan Kehoe , William Newton , Suzanne Embury , Youcheng Sun

Modern fuzzers increasingly use Large Language Models (LLMs) to generate structured inputs, but LLM-driven fuzzing is sensitive to prompt initialization and sampling variance, which can reduce exploration efficiency and lead to redundant…

Cryptography and Security · Computer Science 2026-05-05 Mario Rodríguez Béjar , B. Romera-Paredes , Jose L. Hernández-Ramos

Fuzzing has been proven extremely effective in finding vulnerabilities in software. When it comes to fuzz stateless systems, analysts have no doubts about the choice to make. In fact, among the plethora of stateless fuzzers devised in the…

Software Engineering · Computer Science 2024-06-13 Cristian Daniele

Fuzz testing proved its great effectiveness in finding software bugs in the latest years, however, there are still open challenges. Coverage-guided fuzzers suffer from the fact that covering a program point does not ensure the trigger of a…

Software Engineering · Computer Science 2020-12-22 Andrea Fioraldi