A Review of Fuzzing Techniques

Ren Zezhong; Zheng Han; Zhang Jiayuan; Wang Wenjie; Feng Tao; Wang He; Zhang Yuqing

doi:10.7544/issn1000-1239.2021.20201018

Journal of Computer Research and Development > 2021 > 58(5): 944-963. > DOI: 10.7544/issn1000-1239.2021.20201018 CSTR: 32373.14.issn1000-1239.2021.20201018

Ren Zezhong, Zheng Han, Zhang Jiayuan, Wang Wenjie, Feng Tao, Wang He, Zhang Yuqing. A Review of Fuzzing Techniques[J]. Journal of Computer Research and Development, 2021, 58(5): 944-963. DOI: 10.7544/issn1000-1239.2021.20201018

Citation:

PDF (1224 KB)

A Review of Fuzzing Techniques

¹(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408)
²(School of Computer and Communication, Lanzhou University of Technology, Lanzhou 730050)
³(School of Cyber Engineering, Xidian University, Xi’an 710071)
⁴(School of Computer Science and Cyberspace Security, Hainan University, Haikou 570228)

Funds: This work was supported by the National Key Research and Development Program of China (2018YFB0804701), the National Natural Science Foundation of China (U1836210, 61762060), and the Key Research and Development Program of the Science and Technology Department of Gansu Province of China (20YF3GA016).

More Information

Published Date: April 30, 2021

Graphical Abstract

Abstract

Abstract

Fuzzing is a security testing technique, which is playing an increasingly important role, especially in detecting vulnerabilities. Fuzzing has experienced rapid development in recent years. A large number of new achievements have emerged, so it is necessary to summarize and analyze relevant achievements to follow fuzzing’s research frontier. Based on 4 top security conferences (IEEE S&P, USENIX Security, CCS, NDSS) about network and system security, we summarized fuzzing’s basic workflow, including preprocessing, input building, input selection, evaluation, and post-fuzzing. We discussed each link’s tasks, challenges, and the corresponding research results. We emphatically analyzed the fuzzing testing method based on coverage guidance, represented by the American Fuzzy Lop tool and its improvements. Using fuzzing testing technology in different fields will face vastly different challenges. We summarized the unique requirements and corresponding solutions for fuzzing testing in specific areas by sorting and analyzing the related literature. Mostly, we focused on the Internet of Things and the kernel security field because of their rapid development and importance. In recent years, the progress of anti-fuzzing testing technology and machine learning technology has brought challenges and opportunities to the development of fuzzing testing technology. These opportunities and challenges provide direction reference for the further research.
- fuzzing,
- basic working process,
- IoT security,
- kernel security,
- machine learning

FullText(HTML)

References (0)

[1]	Xie Guo, Zhang Huaiwen, Wang Le, Liao Qing, Zhang Aoqian, Zhou Zhili, Ge Huilin, Wang Zhiheng, Wu Guozheng. Acceptance and Funding Status of Artificial Intelligence Discipline Projects Under the National Natural Science Foundation of China in 2024[J]. Journal of Computer Research and Development, 2025, 62(3): 648-661. DOI: 10.7544/issn1000-1239.202550008
[2]	Li Xu, Zhu Rui, Chen Xiaolei, Wu Jinxuan, Zheng Yi, Lai Chenghang, Liang Yuxuan, Li Bin, Xue Xiangyang. A Survey of Hallucinations in Large Vision-Language Models: Causes, Evaluations and Mitigations[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202440444
[3]	Chen Xuanting, Ye Junjie, Zu Can, Xu Nuo, Gui Tao, Zhang Qi. Robustness of GPT Large Language Models on Natural Language Processing Tasks[J]. Journal of Computer Research and Development, 2024, 61(5): 1128-1142. DOI: 10.7544/issn1000-1239.202330801
[4]	Zhang Mi, Pan Xudong, Yang Min. JADE-DB：A Universal Testing Benchmark for Large Language Model Safety Based on Targeted Mutation[J]. Journal of Computer Research and Development, 2024, 61(5): 1113-1127. DOI: 10.7544/issn1000-1239.202330959
[5]	Shu Wentao, Li Ruixiao, Sun Tianxiang, Huang Xuanjing, Qiu Xipeng. Large Language Models: Principles, Implementation, and Progress[J]. Journal of Computer Research and Development, 2024, 61(2): 351-361. DOI: 10.7544/issn1000-1239.202330303
[6]	Yang Yi, Li Ying, Chen Kai. Vulnerability Detection Methods Based on Natural Language Processing[J]. Journal of Computer Research and Development, 2022, 59(12): 2649-2666. DOI: 10.7544/issn1000-1239.20210627
[7]	Pan Xudong, Zhang Mi, Yang Min. Fishing Leakage of Deep Learning Training Data via Neuron Activation Pattern Manipulation[J]. Journal of Computer Research and Development, 2022, 59(10): 2323-2337. DOI: 10.7544/issn1000-1239.20220498
[8]	Pan Xuan, Xu Sihan, Cai Xiangrui, Wen Yanlong, Yuan Xiaojie. Survey on Deep Learning Based Natural Language Interface to Database[J]. Journal of Computer Research and Development, 2021, 58(9): 1925-1950. DOI: 10.7544/issn1000-1239.2021.20200209
[9]	Zheng Haibin, Chen Jinyin, Zhang Yan, Zhang Xuhong, Ge Chunpeng, Liu Zhe, Ouyang Yike, Ji Shouling. Survey of Adversarial Attack, Defense and Robustness Analysis for Natural Language Processing[J]. Journal of Computer Research and Development, 2021, 58(8): 1727-1750. DOI: 10.7544/issn1000-1239.2021.20210304
[10]	Wang Ye, Chen Junwu, Xia Xin, Jiang Bo. Intelligent Requirements Elicitation and Modeling: A Literature Review[J]. Journal of Computer Research and Development, 2021, 58(4): 683-705. DOI: 10.7544/issn1000-1239.2021.20200740