English
Related papers

Related papers: Fuzzing Based on Function Importance by Interproce…

200 papers

Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering…

Cryptography and Security · Computer Science 2019-04-09 Valentin J. M. Manes , HyungSeok Han , Choongwoo Han , Sang Kil Cha , Manuel Egele , Edward J. Schwartz , Maverick Woo

Fuzzing is an important dynamic program analysis technique designed for finding vulnerabilities in complex software. Fuzzing involves presenting a target program with crafted malicious input to cause crashes, buffer overflows, memory…

Fuzzing is an important method to discover vulnerabilities in programs. Despite considerable progress in this area in the past years, measuring and comparing the effectiveness of fuzzers is still an open research question. In software…

Software Engineering · Computer Science 2023-07-26 Philipp Görz , Björn Mathis , Keno Hassler , Emre Güler , Thorsten Holz , Andreas Zeller , Rahul Gopinath

A flurry of fuzzing tools (fuzzers) have been proposed in the literature, aiming at detecting software vulnerabilities effectively and efficiently. To date, it is however still challenging to compare fuzzers due to the inconsistency of the…

Cryptography and Security · Computer Science 2020-10-06 Yuwei Li , Shouling Ji , Yuan Chen , Sizhuang Liang , Wei-Han Lee , Yueyao Chen , Chenyang Lyu , Chunming Wu , Raheem Beyah , Peng Cheng , Kangjie Lu , Ting Wang

Blockchain smart contracts have given rise to a variety of interesting and compelling applications and emerged as a revolutionary force for the Internet. Quite a few practitioners have devoted themselves to developing tools for detecting…

Cryptography and Security · Computer Science 2023-01-13 Zhenguang Liu , Peng Qian , Jiaxu Yang , Lingfeng Liu , Xiaojun Xu , Qinming He , Xiaosong Zhang

WebAssembly binaries are often compiled from memory-unsafe languages, such as C and C++. Because of WebAssembly's linear memory and missing protection features, e.g., stack canaries, source-level memory vulnerabilities are exploitable in…

Cryptography and Security · Computer Science 2021-11-01 Daniel Lehmann , Martin Toldam Torp , Michael Pradel

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp

In recent years, fuzz testing has benefited from increased computational power and important algorithmic advances, leading to systems that have discovered many critical bugs and vulnerabilities in production software. Despite these…

Cryptography and Security · Computer Science 2022-05-31 Anastasios Andronidis , Cristian Cadar

Control Flow Graph (CFG) similarity analysis is an essential technique for a variety of security analysis tasks, including malware detection and malware clustering. Even though various algorithms have been developed, existing CFG similarity…

Cryptography and Security · Computer Science 2020-04-15 Yuping Li , Jiong Jang , Xinming Ou

We present a coverage-guided testing algorithm for distributed systems implementations. Our main innovation is the use of an abstract formal model of the system that is used to define coverage. Such abstract models are frequently developed…

Software Engineering · Computer Science 2025-09-03 Ege Berkay Gulcan , Burcu Kulahcioglu Ozkan , Rupak Majumdar , Srinidhi Nagendra

Protocol implementations are stateful which makes them difficult to test: Sending the same test input message twice might yield a different response every time. Our proposal to consider a sequence of messages as a seed for coverage-directed…

Software Engineering · Computer Science 2025-04-30 Ruijie Meng , Van-Thuan Pham , Marcel Böhme , Abhik Roychoudhury

Grammar-based fuzzing is a technique used to find software vulnerabilities by injecting well-formed inputs generated following rules that encode application semantics. Most grammar-based fuzzers for network protocols rely on human experts…

Cryptography and Security · Computer Science 2021-01-26 Samuel Jero , Maria Leonor Pacheco , Dan Goldwasser , Cristina Nita-Rotaru

Coverage-guided fuzz testing has received significant attention from the research community, with a strong focus on binary applications, greatly disregarding other targets, such as web applications. The importance of the World Wide Web in…

Cryptography and Security · Computer Science 2024-07-02 Sebastian Neef , Lorenz Kleissner , Jean-Pierre Seifert

Modern fuzzers scale to large, real-world software but often fail to exercise the program states developers consider most fragile or security-critical. Such states are typically deep in the execution space, gated by preconditions, or…

Cryptography and Security · Computer Science 2026-02-12 Viet Hoang Luu , Amirmohammad Pasdar , Wachiraphan Charoenwet , Toby Murray , Shaanan Cohney , Van-Thuan Pham

Recent research has shown that hardware fuzzers can effectively detect security vulnerabilities in modern processors. However, existing hardware fuzzers do not fuzz well the hard-to-reach design spaces. Consequently, these fuzzers cannot…

Cryptography and Security · Computer Science 2023-06-27 Chen Chen , Rahul Kande , Nathan Nguyen , Flemming Andersen , Aakash Tyagi , Ahmad-Reza Sadeghi , Jeyavijayan Rajendran

Fuzzing has become one of the most effective bug finding approach for software. In recent years, 24*7 continuous fuzzing platforms have emerged to test critical pieces of software, e.g., Linux kernel. Though capable of discovering many bugs…

Cryptography and Security · Computer Science 2021-11-12 Xiaochen Zou , Guoren Li , Weiteng Chen , Hang Zhang , Zhiyun Qian

Literature in traditional program fuzzing has confirmed that effectiveness is largely impacted by redundancy among initial seeds, thereby proposing a series of seed selection methods. JVM fuzzing, compared to traditional ones, presents…

Software Engineering · Computer Science 2024-08-19 Tianchang Gao , Junjie Chen , Dong Wang , Yile Guo , Yingquan Zhao , Zan Wang

With the widespread use of machine learning to support decision-making, it is increasingly important to verify and understand the reasons why a particular output is produced. Although post-training feature importance approaches assist this…

PHP, a dominant scripting language in web development, powers a vast range of websites, from personal blogs to major platforms. While existing research primarily focuses on PHP application-level security issues like code injection, memory…

Cryptography and Security · Computer Science 2025-02-05 Yuancheng Jiang , Chuqi Zhang , Bonan Ruan , Jiahao Liu , Manuel Rigger , Roland Yap , Zhenkai Liang

Coverage-guided fuzzing's aggressive, high-volume testing has helped reveal tens of thousands of software security flaws. While executing billions of test cases mandates fast code coverage tracing, the nature of binary-only targets leads to…

Cryptography and Security · Computer Science 2022-09-09 Stefan Nagy , Anh Nguyen-Tuong , Jason D. Hiser , Jack W. Davidson , Matthew Hicks
‹ Prev 1 4 5 6 7 8 10 Next ›