English
Related papers

Related papers: SLOPT: Bandit Optimization Framework for Mutation-…

200 papers

Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs,…

Software Engineering · Computer Science 2020-09-14 Dongdong She , Rahul Krishna , Lu Yan , Suman Jana , Baishakhi Ray

Fuzzing has become the de facto standard technique for finding software vulnerabilities. However, even state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs. Most popular fuzzers use evolutionary guidance…

Cryptography and Security · Computer Science 2019-07-16 Dongdong She , Kexin Pei , Dave Epstein , Junfeng Yang , Baishakhi Ray , Suman Jana

Fuzzing is widely used for software vulnerability detection. There are various kinds of fuzzers with different fuzzing strategies, and most of them perform well on their targets. However, in industry practice and empirical study, the…

Software Engineering · Computer Science 2019-05-07 Yuanliang Chen , Yu Jiang , Fuchen Ma , Jie Liang , Mingzhe Wang , Chijin Zhou , Zhuo Su , Xun Jiao

Fuzzing is an important method to discover vulnerabilities in programs. Despite considerable progress in this area in the past years, measuring and comparing the effectiveness of fuzzers is still an open research question. In software…

Software Engineering · Computer Science 2023-07-26 Philipp Görz , Björn Mathis , Keno Hassler , Emre Güler , Thorsten Holz , Andreas Zeller , Rahul Gopinath

Fuzzing has gained in popularity for software vulnerability detection by virtue of the tremendous effort to develop a diverse set of fuzzers. Thanks to various fuzzing techniques, most of the fuzzers have been able to demonstrate great…

Cryptography and Security · Computer Science 2023-02-28 Yu-Fu Fu , Jaehyuk Lee , Taesoo Kim

Fuzzing has become a widely adopted technique for vulnerability discovery, yet it remains ineffective for structured-input programs due to strict syntactic constraints and limited semantic awareness. Traditional greybox fuzzers rely on…

Cryptography and Security · Computer Science 2026-04-21 Yihao Zou , Tianming Zheng , Futai Zou , Yue Wu

Fuzz Testing techniques are the state of the art in software testing for security issues nowadays. Their great effectiveness attracted the attention of researchers and hackers and involved them in developing a lot of new techniques to…

Cryptography and Security · Computer Science 2021-02-09 Andrea Fioraldi , Luigi Paolo Pileggi

Fuzzing is one of the most effective technique to identify potential software vulnerabilities. Most of the fuzzers aim to improve the code coverage, and there is lack of directedness (e.g., fuzz the specified path in a software). In this…

Cryptography and Security · Computer Science 2020-10-26 Xiaogang Zhu , Shigang Liu , Xian Li , Sheng Wen , Jun Zhang , Camtepe Seyit , Yang Xiang

Mutation-based fuzzing is popular and effective in discovering unseen code and exposing bugs. However, only a few studies have concentrated on quantifying the importance of input bytes, which refers to the degree to which a byte contributes…

Cryptography and Security · Computer Science 2023-10-24 Kunpeng Zhang , Xiaogang Zhu , Xi Xiao , Minhui Xue , Chao Zhang , Sheng Wen

Fuzz testing (fuzzing) is a well-known method for exposing bugs/vulnerabilities in software systems. Popular fuzzers, such as AFL, use a biased random search over the domain of program inputs, where 100s or 1000s of inputs (test cases) are…

Software Engineering · Computer Science 2023-08-02 Yuntong Zhang , Ridwan Shariffdeen , Gregory J. Duck , Jiaqi Tan , Abhik Roychoudhury

Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise…

Software Engineering · Computer Science 2026-01-21 Chi Thien Tran

Coverage-guided fuzzers are powerful automated bug-finding tools. They mutate program inputs, observe coverage, and save any input that hits an unexplored path for future mutation. Unfortunately, without knowledge of input formats--for…

Cryptography and Security · Computer Science 2025-07-09 Harrison Green , Claire Le Goues , Fraser Brown

Mutation testing can help minimize the delivery of faulty software. Therefore, it is a recommended practice for developing embedded software in safety-critical cyber-physical systems (CPS). However, state-of-the-art mutation testing…

Software Engineering · Computer Science 2025-07-04 Jaekwon Lee , Fabrizio Pastore , Lionel Briand

Fuzzing has proven to be a highly effective approach to uncover software bugs over the past decade. After AFL popularized the groundbreaking concept of lightweight coverage feedback, the field of fuzzing has seen a vast amount of scientific…

Software fuzzing is a strong testing technique that has become the de facto approach for automated software testing and software vulnerability detection in the industry. The random nature of fuzzing makes monitoring and understanding the…

Software Engineering · Computer Science 2021-12-28 Aftab Hussain , Mohammad Amin Alipour

Testing a program's capability to effectively handling errors is a significant challenge, given that program errors are relatively uncommon. To solve this, Software Fault Injection (SFI)-based fuzzing integrates SFI and traditional fuzzing,…

Cryptography and Security · Computer Science 2024-07-08 Jin Wei , Ping Chen , Jun Dai , Xiaoyan Sun , Zhihao Zhang , Chang Xu , Yi Wanga

Taint-style vulnerabilities comprise a majority of fuzzer discovered program faults. These vulnerabilities usually manifest as memory access violations caused by tainted program input. Although fuzzers have helped uncover a majority of…

Cryptography and Security · Computer Science 2017-06-02 Bhargava Shastry , Federico Maggi , Fabian Yamaguchi , Konrad Rieck , Jean-Pierre Seifert

Testing with randomly generated inputs (fuzzing) has gained significant traction due to its capacity to expose program vulnerabilities automatically. Fuzz testing campaigns generate large amounts of data, making them ideal for the…

Software Engineering · Computer Science 2023-09-29 Maria-Irina Nicolae , Max Eisele , Andreas Zeller

Coverage-based greybox fuzzing (CGF) is one of the most successful methods for automated vulnerability detection. Given a seed file (as a sequence of bits), CGF randomly flips, deletes or bits to generate new files. CGF iteratively…

Cryptography and Security · Computer Science 2020-05-22 Van-Thuan Pham , Marcel Böhme , Andrew E. Santosa , Alexandru Răzvan Căciulescu , Abhik Roychoudhury

While AI-coding assistants accelerate software development, current testing frameworks struggle to keep pace with the resulting volume of AI-generated code. Traditional fuzzing techniques often allocate resources uniformly and lack semantic…

Software Engineering · Computer Science 2026-02-13 Ziyi Yang , Kalit Inani , Keshav Kabra , Vima Gupta , Anand Padmanabha Iyer