English
Related papers

Related papers: MulCovFuzz: A Multi-Component Coverage-Guided Grey…

200 papers

Directed fuzzing focuses on automatically testing specific parts of the code by taking advantage of additional information such as (partial) bug stack trace, patches or risky operations. Key applications include bug reproduction, patch…

Cryptography and Security · Computer Science 2020-08-18 Manh-Dung Nguyen , Sébastien Bardin , Richard Bonichon , Roland Groz , Matthieu Lemerre

Deep learning (DL) frameworks serve as the backbone for a wide range of artificial intelligence applications. However, bugs within DL frameworks can cascade into critical issues in higher-level applications, jeopardizing reliability and…

Software Engineering · Computer Science 2025-10-20 Shiwen Ou , Yuwei Li , Lu Yu , Chengkun Wei , Tingke Wen , Qiangpu Chen , Yu Chen , Haizhi Tang , Zulie Pan

In this paper we show E-FuzzEdge, a novel fuzzing architecture targeted towards improving the throughput of fuzzing campaigns in contexts where scalability is unavailable. E-FuzzEdge addresses the inefficiencies of hardware-in-the-loop…

Cryptography and Security · Computer Science 2025-10-03 Davide Rusconi , Osama Yousef , Mirco Picca , Flavio Toffalini , Andrea Lanzi

Network-facing applications are commonly exposed to all kinds of attacks, especially when connected to the internet. As a result, web servers like Nginx or client applications such as curl make every effort to secure and harden their code…

Cryptography and Security · Computer Science 2024-09-04 Nils Bars , Moritz Schloegel , Nico Schiller , Lukas Bernhard , Thorsten Holz

The purpose of continuous fuzzing platforms is to enable fuzzing for software projects via \emph{fuzz harnesses} -- but as the projects continue to evolve, are these harnesses updated in lockstep, or do they run out of date? If these…

Software Engineering · Computer Science 2025-05-12 Philipp Görz , Joschua Schilling , Thorsten Holz , Marcel Böhme

Java deserialization vulnerability is a severe threat in practice. Researchers have proposed static analysis solutions to locate candidate vulnerabilities and fuzzing solutions to generate proof-of-concept (PoC) serialized objects to…

Cryptography and Security · Computer Science 2023-04-11 Sicong Cao , Biao He , Xiaobing Sun , Yu Ouyang , Chao Zhang , Xiaoxue Wu , Ting Su , Lili Bo , Bin Li , Chuanlei Ma , Jiajia Li , Tao Wei

Fuzzing is an important method to discover vulnerabilities in programs. Despite considerable progress in this area in the past years, measuring and comparing the effectiveness of fuzzers is still an open research question. In software…

Software Engineering · Computer Science 2023-07-26 Philipp Görz , Björn Mathis , Keno Hassler , Emre Güler , Thorsten Holz , Andreas Zeller , Rahul Gopinath

Code reuse in software development frequently facilitates the spread of vulnerabilities, making the scope of affected software in CVE reports imprecise. Traditional methods primarily focus on identifying reused vulnerability code within…

Software Engineering · Computer Science 2024-11-28 Siyuan Li , Yuekang Li , Zuxin Chen , Chaopeng Dong , Yongpan Wang , Hong Li , Yongle Chen , Hongsong Zhu

We describe and evaluate a novel white-box fuzzer for C programs named FuSeBMC, which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. FuSeBMC explores and…

Cryptography and Security · Computer Science 2020-12-22 Kaled M. Alshmrany , Rafael S. Menezes , Mikhail R. Gadelha , Lucas C. Cordeiro

Software model checking is a verification technique which is widely used for checking temporal properties of software systems. Even though it is a property verification technique, its common usage in practice is in "bug finding", that is,…

Software Engineering · Computer Science 2022-04-20 Ruijie Meng , Zhen Dong , Jialin Li , Ivan Beschastnikh , Abhik Roychoudhury

Automatic test generation typically aims to generate inputs that explore new paths in the program under test in order to find bugs. Existing work has, therefore, focused on guiding the exploration toward program parts that are more likely…

Software Engineering · Computer Science 2019-05-20 Valentin Wüstholz , Maria Christakis

Cyber-physical systems (CPSs) in critical infrastructure face a pervasive threat from attackers, motivating research into a variety of countermeasures for securing them. Assessing the effectiveness of these countermeasures is challenging,…

Software Engineering · Computer Science 2020-07-17 Yuqi Chen , Bohan Xuan , Christopher M. Poskitt , Jun Sun , Fan Zhang

The rise of smart devices in critical domains--including automotive, medical, industrial--demands robust firmware testing. Fuzzing firmware in re-hosted environments is a promising method for automated testing at scale, but remains…

Cryptography and Security · Computer Science 2026-02-10 Guy Farrelly , Michael Chesser , Seyit Camtepe , Damith C. Ranasinghe

Fuzzing is widely used for detecting bugs and vulnerabilities, with various techniques proposed to enhance its effectiveness. To combine the advantages of multiple technologies, researchers proposed ensemble fuzzing, which integrates…

Software Engineering · Computer Science 2025-07-31 Yukai Zhao , Shaohua Wang , Jue Wang , Xing Hu , Xin Xia

The fifth generation of mobile broadband is more than just an evolution to provide more mobile bandwidth, massive machine-type communications, and ultra-reliable and low-latency communications. It relies on a complex, dynamic and…

Networking and Internet Architecture · Computer Science 2023-04-13 Zujany Salazar , Huu Nghia Nguyen , Wissam Mallouli , Ana R Cavalli , Edgardo Montes de Oca

The rapid development of large language models (LLMs) has revolutionized software testing, particularly fuzz testing, by automating the generation of diverse and effective test inputs. This advancement holds great promise for improving…

Software Engineering · Computer Science 2025-10-14 Linghan Huang , Peizhou Zhao , Huaming Chen

Industrial control systems (ICS) are vital to modern infrastructure but increasingly vulnerable to cybersecurity threats, particularly through weaknesses in their communication protocols. This paper presents MALF (Multi-Agent LLM Fuzzing…

Cryptography and Security · Computer Science 2025-10-06 Bowei Ning , Xuejun Zong , Kan He

Fuzzing is a commonly used technique designed to test software by automatically crafting program inputs. Currently, the most successful fuzzing algorithms emphasize simple, low-overhead strategies with the ability to efficiently monitor…

Software Engineering · Computer Science 2018-07-20 William Drozd , Michael D. Wagner

The widespread adoption of microservices has fundamentally transformed how modern software systems are designed, deployed, operated and maintained. However, well-known microservice properties (e.g., dynamic scalability and decentralized…

Software Engineering · Computer Science 2026-03-04 Man Zhang , Tao Yue , Andrea Arcuri

Fuzzing is a security testing methodology effective in finding bugs. In a nutshell, a fuzzer sends multiple slightly malformed messages to the software under test, hoping for crashes or weird system behaviour. The methodology is relatively…

Cryptography and Security · Computer Science 2023-01-09 Cristian Daniele , Seyed Behnam Andarzian , Erik Poll