A Review of Fuzzing Techniques

Ren Zezhong; Zheng Han; Zhang Jiayuan; Wang Wenjie; Feng Tao; Wang He; Zhang Yuqing

doi:10.7544/issn1000-1239.2021.20201018

Journal of Computer Research and Development > 2021 > 58(5): 944-963. > DOI: 10.7544/issn1000-1239.2021.20201018 CSTR: 32373.14.issn1000-1239.2021.20201018

Ren Zezhong, Zheng Han, Zhang Jiayuan, Wang Wenjie, Feng Tao, Wang He, Zhang Yuqing. A Review of Fuzzing Techniques[J]. Journal of Computer Research and Development, 2021, 58(5): 944-963. DOI: 10.7544/issn1000-1239.2021.20201018

Citation:

PDF (1224 KB)

A Review of Fuzzing Techniques

¹(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408)
²(School of Computer and Communication, Lanzhou University of Technology, Lanzhou 730050)
³(School of Cyber Engineering, Xidian University, Xi’an 710071)
⁴(School of Computer Science and Cyberspace Security, Hainan University, Haikou 570228)

Funds: This work was supported by the National Key Research and Development Program of China (2018YFB0804701), the National Natural Science Foundation of China (U1836210, 61762060), and the Key Research and Development Program of the Science and Technology Department of Gansu Province of China (20YF3GA016).

More Information

Published Date: April 30, 2021

Graphical Abstract

Abstract

Abstract

Fuzzing is a security testing technique, which is playing an increasingly important role, especially in detecting vulnerabilities. Fuzzing has experienced rapid development in recent years. A large number of new achievements have emerged, so it is necessary to summarize and analyze relevant achievements to follow fuzzing’s research frontier. Based on 4 top security conferences (IEEE S&P, USENIX Security, CCS, NDSS) about network and system security, we summarized fuzzing’s basic workflow, including preprocessing, input building, input selection, evaluation, and post-fuzzing. We discussed each link’s tasks, challenges, and the corresponding research results. We emphatically analyzed the fuzzing testing method based on coverage guidance, represented by the American Fuzzy Lop tool and its improvements. Using fuzzing testing technology in different fields will face vastly different challenges. We summarized the unique requirements and corresponding solutions for fuzzing testing in specific areas by sorting and analyzing the related literature. Mostly, we focused on the Internet of Things and the kernel security field because of their rapid development and importance. In recent years, the progress of anti-fuzzing testing technology and machine learning technology has brought challenges and opportunities to the development of fuzzing testing technology. These opportunities and challenges provide direction reference for the further research.
- fuzzing,
- basic working process,
- IoT security,
- kernel security,
- machine learning

FullText(HTML)

References (0)

[1]	Yue Wenjing, Qu Wenwen, Lin Kuan, Wang Xiaoling. Survey of Cardinality Estimation Techniques Based on Machine Learning[J]. Journal of Computer Research and Development, 2024, 61(2): 413-427. DOI: 10.7544/issn1000-1239.202220649
[2]	Li Jianing, Xiong Ruibin, Lan Yanyan, Pang Liang, Guo Jiafeng, Cheng Xueqi. Overview of the Frontier Progress of Causal Machine Learning[J]. Journal of Computer Research and Development, 2023, 60(1): 59-84. DOI: 10.7544/issn1000-1239.202110780
[3]	Wang Ye, Chen Junwu, Xia Xin, Jiang Bo. Intelligent Requirements Elicitation and Modeling: A Literature Review[J]. Journal of Computer Research and Development, 2021, 58(4): 683-705. DOI: 10.7544/issn1000-1239.2021.20200740
[4]	Chen Jinyin, Chen Yipeng, Chen Yiming, Zheng Haibin, Ji Shouling, Shi Jie, Cheng Yao. Fairness Research on Deep Learning[J]. Journal of Computer Research and Development, 2021, 58(2): 264-280. DOI: 10.7544/issn1000-1239.2021.20200758
[5]	Cheng Keyang, Wang Ning, Shi Wenxi, Zhan Yongzhao. Research Advances in the Interpretability of Deep Learning[J]. Journal of Computer Research and Development, 2020, 57(6): 1208-1217. DOI: 10.7544/issn1000-1239.2020.20190485
[6]	Liu Chenyi, Xu Mingwei, Geng Nan, Zhang Xiang. A Survey on Machine Learning Based Routing Algorithms[J]. Journal of Computer Research and Development, 2020, 57(4): 671-687. DOI: 10.7544/issn1000-1239.2020.20190866
[7]	Liu Junxu, Meng Xiaofeng. Survey on Privacy-Preserving Machine Learning[J]. Journal of Computer Research and Development, 2020, 57(2): 346-362. DOI: 10.7544/issn1000-1239.2020.20190455
[8]	Ji Shouling, Li Jinfeng, Du Tianyu, Li Bo. Survey on Techniques, Applications and Security of Machine Learning Interpretability[J]. Journal of Computer Research and Development, 2019, 56(10): 2071-2096. DOI: 10.7544/issn1000-1239.2019.20190540
[9]	Meng Xiaofeng, Ma Chaohong, Yang Chen. Survey on Machine Learning for Database Systems[J]. Journal of Computer Research and Development, 2019, 56(9): 1803-1820. DOI: 10.7544/issn1000-1239.2019.20190446
[10]	Yu Kai, Jia Lei, Chen Yuqiang, and Xu Wei. Deep Learning: Yesterday, Today, and Tomorrow[J]. Journal of Computer Research and Development, 2013, 50(9): 1799-1804.

Cited By

Cited by

Periodical cited type(5)

1.	周军芽，吴进伟，吴广飞，张何为. 基于Bi-LSTM神经网络的短文本敏感词识别方法. 武汉理工大学学报(信息与管理工程版). 2024(02): 312-316 .
2.	石新满，胡广林，邵鑫，赵新爽，张思慧，乔晓. 基于人工智能大语言模型技术的电网优化运行应用分析. 自动化与仪器仪表. 2024(08): 180-184 .
3.	李卓卓，蒋雨萌. 信息隐私量表对象、指标和应用的研究与展望. 情报理论与实践. 2024(10): 41-52 .
4.	谭九生，李猛. 人机融合智能的伦理风险及其适应性治理. 昆明理工大学学报(社会科学版). 2022(03): 37-45 .
5.	潘旭东，张谧，杨珉. 基于神经元激活模式控制的深度学习训练数据泄露诱导. 计算机研究与发展. 2022(10): 2323-2337 . 本站查看