English
Related papers

Related papers: Stateful protocol fuzzing with statemap-based reve…

200 papers

Greybox fuzzing is a scalable and practical approach for software testing. Most greybox fuzzing tools are coverage-guided as reaching high code coverage is more likely to find bugs. However, since most covered codes may not contain bugs,…

Cryptography and Security · Computer Science 2023-11-22 Pengfei Wang , Xu Zhou , Tai Yue , Peihong Lin , Yingying Liu , Kai Lu

Directed Grey-box Fuzzing (DGF) has emerged as a widely adopted technique for crash reproduction and patch testing, leveraging its capability to precisely navigate toward target locations and exploit vulnerabilities. However, current DGF…

Software Engineering · Computer Science 2025-07-01 Guangfa Lyu , Zhenzhong Cao , Xiaofei Ren , Fengyu Wang

In recent years, fuzzing has been widely applied not only to application software but also to system software, including the Linux kernel and firmware, and has become a powerful technique for vulnerability discovery. Among these approaches,…

Cryptography and Security · Computer Science 2026-03-27 Masami Ichikawa

While fuzzing is widely accepted as an efficient program testing technique, it is still unclear how to measure the comparative quality of different fuzzers. The current de facto quality metrics are edge coverage and the number of discovered…

Software Engineering · Computer Science 2024-09-24 Gwangmu Lee

Fuzzing is one of the prevailing methods for vulnerability detection. However, even state-of-the-art fuzzing methods become ineffective after some period of time, i.e., the coverage hardly improves as existing methods are ineffective to…

Cryptography and Security · Computer Science 2021-12-15 Shunkai Zhu , Jingyi Wang , Jun Sun , Jie Yang , Xingwei Lin , Liyi Zhang , Peng Cheng

Testing ultra-large microservices-based FinTech systems presents significant challenges, including restricted access to production environments, complex dependencies, and stringent security constraints. We propose SandBoxFuzz, a scalable…

Software Engineering · Computer Science 2025-04-29 Jiazhao Yu , Yanlun Tu , Zhanlei Zhang , Tiehua Zhang , Cheng Xu , Weigang Wu , Hong Jin Kang , Xi Zheng

In recent years, fuzz testing has proven itself to be one of the most effective techniques for finding correctness bugs and security vulnerabilities in practice. One particular fuzz testing tool, American Fuzzy Lop or AFL, has become…

Software Engineering · Computer Science 2018-07-31 Caroline Lemieux , Koushik Sen

Program analysis and automated testing have recently become an essential part of SSDLC. Directed greybox fuzzing is one of the most popular automated testing methods that focuses on error detection in predefined code regions. However, it…

Cryptography and Security · Computer Science 2026-02-02 Darya Parygina , Timofey Mezhuev , Daniil Kuts

Centroid-based methods including k-means and fuzzy c-means are known as effective and easy-to-implement approaches to clustering purposes in many applications. However, these algorithms cannot be directly applied to supervised tasks. This…

Machine Learning · Computer Science 2021-04-20 Pooya Ashtari , Fateme Nateghi Haredasht , Hamid Beigy

Since the advent of AFL, the use of mutational, feedback directed, grey-box fuzzers has become critical in the automated detection of security vulnerabilities. A great deal of research currently goes into their optimisation, including…

Software Engineering · Computer Science 2025-01-27 Daniel Blackwell , David Clark

Machine learning models are notoriously difficult to interpret and debug. This is particularly true of neural networks. In this work, we introduce automated software testing techniques for neural networks that are well-suited to discovering…

Machine Learning · Statistics 2018-07-31 Augustus Odena , Ian Goodfellow

The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Unfortunately, bugs, misconfigurations,…

Networking and Internet Architecture · Computer Science 2020-12-08 Apoorv Shukla , Said Jawad Saidi , Stefan Schmid , Marco Canini , Thomas Zinner , Anja Feldmann

Directed greybox fuzzing (DGF) aims to efficiently trigger bugs at specific target locations by prioritizing seeds whose execution paths are more likely to reach the targets. However, existing DGF approaches suffer from imprecise potential…

Cryptography and Security · Computer Science 2026-02-03 Yifan Zhang , Xin Zhang

Fuzz testing, or "fuzzing," refers to a widely deployed class of techniques for testing programs by generating a set of inputs for the express purpose of finding bugs and identifying security flaws. Grey-box fuzzing, the most popular…

Artificial Intelligence · Computer Science 2018-08-28 Siddharth Karamcheti , Gideon Mann , David Rosenberg

Fuzzing is an effective technique for discovering software vulnerabilities by generating random test inputs and executing them against the target program. However, fuzzing large and complex programs remains challenging due to difficulties…

Cryptography and Security · Computer Science 2024-06-10 Dongdong She , Adam Storek , Yuchong Xie , Seoyoung Kweon , Prashast Srivastava , Suman Jana

Ever-increasing design complexity of System-on-Chips (SoCs) led to significant verification challenges. Unlike software, bugs in hardware design are vigorous and eternal i.e., once the hardware is fabricated, it cannot be repaired with any…

Hardware Architecture · Computer Science 2025-12-11 Deepak Narayan Gadde , Aman Kumar , Djones Lettnin , Sebastian Simon

In recent years, coverage-based greybox fuzzing has proven itself to be one of the most effective techniques for finding security bugs in practice. Particularly, American Fuzzy Lop (AFL for short) is deemed to be a great success in fuzzing…

Cryptography and Security · Computer Science 2019-01-24 Junjie Wang , Bihuan Chen , Lei Wei , Yang Liu

Seed scheduling, the order in which seeds are selected, can greatly affect the performance of a fuzzer. Existing approaches schedule seeds based on their historical mutation data, but ignore the structure of the underlying Control Flow…

Cryptography and Security · Computer Science 2022-03-25 Dongdong She , Abhishek Shah , Suman Jana

Fuzzing is a security testing methodology effective in finding bugs. In a nutshell, a fuzzer sends multiple slightly malformed messages to the software under test, hoping for crashes or weird system behaviour. The methodology is relatively…

Cryptography and Security · Computer Science 2023-01-09 Cristian Daniele , Seyed Behnam Andarzian , Erik Poll

As mobile networks transition to 5G infrastructure, ensuring robust security becomes more important due to the complex architecture and expanded attack surface. Traditional security testing approaches for 5G networks rely on black-box…

Cryptography and Security · Computer Science 2026-02-26 Yu Wang , Yang Xiang , Chandra Thapa , Hajime Suzuki