English
Related papers

Related papers: Is Stateful Fuzzing Really Challenging?

200 papers

Fuzzing is one of the prevailing methods for vulnerability detection. However, even state-of-the-art fuzzing methods become ineffective after some period of time, i.e., the coverage hardly improves as existing methods are ineffective to…

Cryptography and Security · Computer Science 2021-12-15 Shunkai Zhu , Jingyi Wang , Jun Sun , Jie Yang , Xingwei Lin , Liyi Zhang , Peng Cheng

Fuzzy systems are a way to allow machines, systems and frameworks to deal with uncertainty, which is not possible in binary systems that most computers use. These systems have already been deployed for certain use cases, and fuzzy systems…

Machine Learning · Computer Science 2025-07-10 Arthur Alexander Lim , Zhen Bin It , Jovan Bowen Heng , Tee Hui Teo

Software fuzzing is a strong testing technique that has become the de facto approach for automated software testing and software vulnerability detection in the industry. The random nature of fuzzing makes monitoring and understanding the…

Software Engineering · Computer Science 2021-12-28 Aftab Hussain , Mohammad Amin Alipour

While fuzzing is widely accepted as an efficient program testing technique, it is still unclear how to measure the comparative quality of different fuzzers. The current de facto quality metrics are edge coverage and the number of discovered…

Software Engineering · Computer Science 2024-09-24 Gwangmu Lee

Fuzz testing, or fuzzing, has become one of the de facto standard techniques for bug finding in the software industry. In general, fuzzing provides various inputs to the target program to discover unhandled exceptions and crashes. In…

Software Engineering · Computer Science 2021-09-20 Yifan Wang , Yuchen Zhang , Chengbin Pang , Peng Li , Nikolaos Triandopoulos , Jun Xu

The adequate testing of stateful software systems is a hard and costly activity. Failures that result from complex stateful interactions can be of high impact, and it can be hard to replicate failures resulting from erroneous stateful…

Software Engineering · Computer Science 2020-04-20 Stefan Karlsson

Firmware serves as the critical interface between hardware and software in computing systems, making any bugs or vulnerabilities particularly dangerous as they can cause catastrophic system failures. While fuzzing is a promising approach…

Cryptography and Security · Computer Science 2026-02-03 Dakshina Tharindu , Aruna Jayasena , Prabhat Mishra

In recent years, fuzz testing has proven itself to be one of the most effective techniques for finding correctness bugs and security vulnerabilities in practice. One particular fuzz testing tool, American Fuzzy Lop or AFL, has become…

Software Engineering · Computer Science 2018-07-31 Caroline Lemieux , Koushik Sen

Hardware-level memory vulnerabilities severely threaten computing systems. However, hardware patching is inefficient or difficult postfabrication. We investigate the effectiveness of hardware fuzzing in detecting hardware memory…

Cryptography and Security · Computer Science 2024-10-31 Mohamadreza Rostami , Chen Chen , Rahul Kande , Huimin Li , Jeyavijayan Rajendran , Ahmad-Reza Sadeghi

Given the growing importance of smart contracts in various applications, ensuring their security and reliability is critical. Fuzzing, an effective vulnerability detection technique, has recently been widely applied to smart contracts.…

Software Engineering · Computer Science 2024-02-06 Shuohan Wu , Zihao Li , Luyi Yan , Weimin Chen , Muhui Jiang , Chenxu Wang , Xiapu Luo , Hao Zhou

Fuzzing is an automated software testing technique broadly adopted by the industry. A popular variant is mutation-based fuzzing, which discovers a large number of bugs in practice. While the research community has studied mutation-based…

Software Engineering · Computer Science 2022-10-24 Patrick Jauernig , Domagoj Jakobovic , Stjepan Picek , Emmanuel Stapf , Ahmad-Reza Sadeghi

As one of the most successful and effective software testing techniques in recent years, fuzz testing has uncovered numerous bugs and vulnerabilities in modern software, including network protocol software. In contrast to other fuzzing…

Networking and Internet Architecture · Computer Science 2024-02-28 Shihao Jiang , Yu Zhang , Junqiang Li , Hongfang Yu , Long Luo , Gang Sun

Storage systems are fundamental to modern computing infrastructures, yet ensuring their correctness remains challenging in practice. Despite decades of research on system testing, many storage-system failures (including durability,…

Software Engineering · Computer Science 2026-02-09 Ying Wang , Jiahui Chen , Dejun Jiang

Vulnerable software represents a tremendous threat to modern information systems. Vulnerabilities in widespread applications may be used to spread malware, steal money and conduct target attacks. To address this problem, developers and…

Cryptography and Security · Computer Science 2018-07-06 Maksim Shudrak , Vyacheslav Zolotarev

In the modern era where software plays a pivotal role, software security and vulnerability analysis are essential for secure software development. Fuzzing test, as an efficient and traditional software testing method, has been widely…

Software Engineering · Computer Science 2025-05-20 Linghan Huang , Peizhou Zhao , Huaming Chen , Lei Ma

A fundamental challenge of software testing is the statistically well-grounded extrapolation from program behaviors observed during testing. For instance, a security researcher who has run the fuzzer for a week has currently no means (i) to…

Software Engineering · Computer Science 2018-04-05 Marcel Böhme

Since the advent of AFL, the use of mutational, feedback directed, grey-box fuzzers has become critical in the automated detection of security vulnerabilities. A great deal of research currently goes into their optimisation, including…

Software Engineering · Computer Science 2025-01-27 Daniel Blackwell , David Clark

Fuzzing is one of the most effective technique to identify potential software vulnerabilities. Most of the fuzzers aim to improve the code coverage, and there is lack of directedness (e.g., fuzz the specified path in a software). In this…

Cryptography and Security · Computer Science 2020-10-26 Xiaogang Zhu , Shigang Liu , Xian Li , Sheng Wen , Jun Zhang , Camtepe Seyit , Yang Xiang

Information leakage is a class of error that can lead to severe consequences. However unlike other errors, it is rarely explicitly considered during the software testing process. LeakFuzzer advances the state of the art by using a…

Software Engineering · Computer Science 2025-01-27 Daniel Blackwell , Ingolf Becker , David Clark

Coverage-based graybox fuzzer (CGF), such as AFL has gained great success in vulnerability detection thanks to its ease-of-use and bug-finding power. Since some code fragments such as memory allocation are more vulnerable than others,…

Cryptography and Security · Computer Science 2021-03-02 Wenshuo Wang , Liang Cheng , Yang Zhang