English
Related papers

Related papers: Angora: Efficient Fuzzing by Principled Search

200 papers

Greybox fuzzing has achieved success in revealing bugs and vulnerabilities in programs. However, randomized mutation strategies have limited the fuzzer's performance on structured data. Specialized fuzzers can handle complex structured…

Cryptography and Security · Computer Science 2026-03-18 Hongxiang Zhang , Yuyang Rong , Yifeng He , Hao Chen

Coverage-based graybox fuzzer (CGF), such as AFL has gained great success in vulnerability detection thanks to its ease-of-use and bug-finding power. Since some code fragments such as memory allocation are more vulnerable than others,…

Cryptography and Security · Computer Science 2021-03-02 Wenshuo Wang , Liang Cheng , Yang Zhang

Fuzzers and static analyzers find many bugs but struggle with logic bugs in mature codebases. Triggering such a bug often requires multi-step reasoning that produces no distinctive execution feedback, and variants can appear across…

Cryptography and Security · Computer Science 2026-05-12 Junyoung Park , Insu Yun

We present a coverage-guided testing algorithm for distributed systems implementations. Our main innovation is the use of an abstract formal model of the system that is used to define coverage. Such abstract models are frequently developed…

Software Engineering · Computer Science 2025-09-03 Ege Berkay Gulcan , Burcu Kulahcioglu Ozkan , Rupak Majumdar , Srinidhi Nagendra

How to search for bugs in 1,000 programs using a pre-existing fuzzer and a standard PC? We consider this problem and show that a well-designed strategy that determines which programs to fuzz and for how long can greatly impact the number of…

Cryptography and Security · Computer Science 2025-01-28 Ivica Nikolic , Racchit Jain

Fuzzing is an automated software testing technique broadly adopted by the industry. A popular variant is mutation-based fuzzing, which discovers a large number of bugs in practice. While the research community has studied mutation-based…

Software Engineering · Computer Science 2022-10-24 Patrick Jauernig , Domagoj Jakobovic , Stjepan Picek , Emmanuel Stapf , Ahmad-Reza Sadeghi

Grey-box fuzzers such as American Fuzzy Lop (AFL) are popular tools for finding bugs and potential vulnerabilities in programs. While these fuzzers have been able to find vulnerabilities in many widely used programs, they are not efficient;…

Artificial Intelligence · Computer Science 2018-11-26 Siddharth Karamcheti , Gideon Mann , David Rosenberg

Greybox fuzzing is a lightweight testing approach that effectively detects bugs and security vulnerabilities. However, greybox fuzzers randomly mutate program inputs to exercise new paths; this makes it challenging to cover code that is…

Cryptography and Security · Computer Science 2018-07-23 Valentin Wüstholz , Maria Christakis

In this work, we set out to conduct the first ground-truth empirical evaluation of state-of-the-art DL fuzzers. Specifically, we first manually created an extensive DL bug benchmark dataset, which includes 627 real-world DL bugs from…

Software Engineering · Computer Science 2023-10-12 Nima Shiri Harzevili , Hung Viet Pham , Song Wang

Coverage guided fuzzing (CGF) is an effective testing technique which has detected hundreds of thousands of bugs from various software applications. It focuses on maximizing code coverage to reveal more bugs during fuzzing. However, a…

Software Engineering · Computer Science 2022-05-03 Ruixiang Qian , Quanjun Zhang , Chunrong Fang , Lihua Guo

Fuzzing has become a popular technique for automatically detecting vulnerabilities and bugs by generating unexpected inputs. In recent years, the fuzzing process has been integrated into continuous integration workflows (i.e., continuous…

Software Engineering · Computer Science 2026-02-06 Tatsuya Shirai , Olivier Nourry , Yutaro Kashiwa , Kenji Fujiwara , Hajimu Iida

Fuzzing is highly effective in detecting bugs due to the key contribution of randomness. However, randomness significantly reduces the efficiency of fuzzing, causing it to cost days or weeks to expose bugs. Even though directed fuzzing…

Software Engineering · Computer Science 2025-07-31 Xiaotao Feng , Xiaogang Zhu , Kun Hu , Jincheng Wang , Yingjie Cao , Guang Gong , Jianfeng Pan

Fuzzing has become the de facto standard technique for finding software vulnerabilities. However, even state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs. Most popular fuzzers use evolutionary guidance…

Cryptography and Security · Computer Science 2019-07-16 Dongdong She , Kexin Pei , Dave Epstein , Junfeng Yang , Baishakhi Ray , Suman Jana

Fuzzing has achieved tremendous success in discovering bugs and vulnerabilities in various software systems. Systems under test (SUTs) that take in programming or formal language as inputs, e.g., compilers, runtime engines, constraint…

Software Engineering · Computer Science 2024-12-11 Chunqiu Steven Xia , Matteo Paltenghi , Jia Le Tian , Michael Pradel , Lingming Zhang

Fuzzing is a well-established technique for detecting bugs and vulnerabilities. With the surge of fuzzers and fuzzer platforms being developed such as AFL and OSSFuzz rises the necessity to benchmark these tools' performance. A common…

Software Engineering · Computer Science 2025-03-26 Timothée Riom , Sabine Houy , Bruno Kreyssig , Alexandre Bartel

Fuzzing is a powerful software testing technique renowned for its effectiveness in identifying software vulnerabilities. Traditional fuzzing evaluations typically focus on overall fuzzer performance across a set of target programs, yet few…

Software Engineering · Computer Science 2025-06-19 Miao Miao

Coverage-guided Greybox Fuzzing (CGF) is one of the most successful and widely-used techniques for bug hunting. Two major approaches are adopted to optimize CGF: (i) to reduce search space of inputs by inferring relationships between input…

Cryptography and Security · Computer Science 2022-01-13 Kunpeng Zhang , Xi Xiao , Xiaogang Zhu , Ruoxi Sun , Minhui Xue , Sheng Wen

Mutation-based fuzzing typically uses an initial set of non-crashing seed inputs (a corpus) from which to generate new inputs by mutation. A corpus of potential seeds will often contain thousands of similar inputs. This lack of diversity…

Cryptography and Security · Computer Science 2020-09-22 Adrian Herrera , Hendra Gunadi , Liam Hayes , Shane Magrath , Felix Friedlander , Maggi Sebastian , Michael Norrish , Antony L. Hosking

Fuzzing is a security testing methodology effective in finding bugs. In a nutshell, a fuzzer sends multiple slightly malformed messages to the software under test, hoping for crashes or weird system behaviour. The methodology is relatively…

Cryptography and Security · Computer Science 2023-01-09 Cristian Daniele , Seyed Behnam Andarzian , Erik Poll

Network-facing applications are commonly exposed to all kinds of attacks, especially when connected to the internet. As a result, web servers like Nginx or client applications such as curl make every effort to secure and harden their code…

Cryptography and Security · Computer Science 2024-09-04 Nils Bars , Moritz Schloegel , Nico Schiller , Lukas Bernhard , Thorsten Holz