• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Ren Zezhong, Zheng Han, Zhang Jiayuan, Wang Wenjie, Feng Tao, Wang He, Zhang Yuqing. A Review of Fuzzing Techniques[J]. Journal of Computer Research and Development, 2021, 58(5): 944-963. DOI: 10.7544/issn1000-1239.2021.20201018
Citation: Ren Zezhong, Zheng Han, Zhang Jiayuan, Wang Wenjie, Feng Tao, Wang He, Zhang Yuqing. A Review of Fuzzing Techniques[J]. Journal of Computer Research and Development, 2021, 58(5): 944-963. DOI: 10.7544/issn1000-1239.2021.20201018
shu

A Review of Fuzzing Techniques

  • 1(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408)

  • 2(School of Computer and Communication, Lanzhou University of Technology, Lanzhou 730050)

  • 3(School of Cyber Engineering, Xidian University, Xi’an 710071)

  • 4(School of Computer Science and Cyberspace Security, Hainan University, Haikou 570228)

Funds: This work was supported by the National Key Research and Development Program of China (2018YFB0804701), the National Natural Science Foundation of China (U1836210, 61762060), and the Key Research and Development Program of the Science and Technology Department of Gansu Province of China (20YF3GA016).
More Information
  • Published Date: April 30, 2021
    Graphical Abstract
    • Abstract
  • Fuzzing is a security testing technique, which is playing an increasingly important role, especially in detecting vulnerabilities. Fuzzing has experienced rapid development in recent years. A large number of new achievements have emerged, so it is necessary to summarize and analyze relevant achievements to follow fuzzing’s research frontier. Based on 4 top security conferences (IEEE S&P, USENIX Security, CCS, NDSS) about network and system security, we summarized fuzzing’s basic workflow, including preprocessing, input building, input selection, evaluation, and post-fuzzing. We discussed each link’s tasks, challenges, and the corresponding research results. We emphatically analyzed the fuzzing testing method based on coverage guidance, represented by the American Fuzzy Lop tool and its improvements. Using fuzzing testing technology in different fields will face vastly different challenges. We summarized the unique requirements and corresponding solutions for fuzzing testing in specific areas by sorting and analyzing the related literature. Mostly, we focused on the Internet of Things and the kernel security field because of their rapid development and importance. In recent years, the progress of anti-fuzzing testing technology and machine learning technology has brought challenges and opportunities to the development of fuzzing testing technology. These opportunities and challenges provide direction reference for the further research.
    • FullText(HTML)
    • References (0)
    • Related Articles

  • Related Articles

    [1]Yue Wenjing, Qu Wenwen, Lin Kuan, Wang Xiaoling. Survey of Cardinality Estimation Techniques Based on Machine Learning[J]. Journal of Computer Research and Development, 2024, 61(2): 413-427. DOI: 10.7544/issn1000-1239.202220649
    [2]Chen Zhenzhu, Zhou Chunyi, Su Mang, Gao Yansong, Fu Anmin. Research Progress of Secure Outsourced Computing for Machine Learning[J]. Journal of Computer Research and Development, 2023, 60(7): 1450-1466. DOI: 10.7544/issn1000-1239.202220767
    [3]Li Jianing, Xiong Ruibin, Lan Yanyan, Pang Liang, Guo Jiafeng, Cheng Xueqi. Overview of the Frontier Progress of Causal Machine Learning[J]. Journal of Computer Research and Development, 2023, 60(1): 59-84. DOI: 10.7544/issn1000-1239.202110780
    [4]Liu Qixu, Chen Yanhui, Ni Jieshuo, Luo Cheng, Liu Caiyun, Cao Yaqin, Tan Ru, Feng Yun, Zhang Yue. Survey on Machine Learning-Based Anomaly Detection for Industrial Internet[J]. Journal of Computer Research and Development, 2022, 59(5): 994-1014. DOI: 10.7544/issn1000-1239.20211147
    [5]Wei Lifei, Chen Congcong, Zhang Lei, Li Mengsi, Chen Yujiao, Wang Qin. Security Issues and Privacy Preserving in Machine Learning[J]. Journal of Computer Research and Development, 2020, 57(10): 2066-2085. DOI: 10.7544/issn1000-1239.2020.20200426
    [6]Liu Chenyi, Xu Mingwei, Geng Nan, Zhang Xiang. A Survey on Machine Learning Based Routing Algorithms[J]. Journal of Computer Research and Development, 2020, 57(4): 671-687. DOI: 10.7544/issn1000-1239.2020.20190866
    [7]Liu Junxu, Meng Xiaofeng. Survey on Privacy-Preserving Machine Learning[J]. Journal of Computer Research and Development, 2020, 57(2): 346-362. DOI: 10.7544/issn1000-1239.2020.20190455
    [8]Ji Shouling, Li Jinfeng, Du Tianyu, Li Bo. Survey on Techniques, Applications and Security of Machine Learning Interpretability[J]. Journal of Computer Research and Development, 2019, 56(10): 2071-2096. DOI: 10.7544/issn1000-1239.2019.20190540
    [9]Meng Xiaofeng, Ma Chaohong, Yang Chen. Survey on Machine Learning for Database Systems[J]. Journal of Computer Research and Development, 2019, 56(9): 1803-1820. DOI: 10.7544/issn1000-1239.2019.20190446
    [10]Wen Guihua. Relative Transformation for Machine Learning[J]. Journal of Computer Research and Development, 2008, 45(4): 612-618.

  • Cited by

    Periodical cited type(29)

    1. 丁森阳,徐向华. 基于字段信息和覆盖率反馈的协议模糊测试方法. 软件工程. 2025(02): 56-60+66 .
    2. 唐成华,蔡维嘉,杨萌萌,强保华. CBFuzzer:基于执行上下文导向及保护突破的程序缺陷模糊检测. 计算机研究与发展. 2025(03): 790-807 . 本站查看
    3. 陆力瑜,刘媛,洪超,曹扬,莫蓓蓓,匡晓云,杨祎巍. 基于影响性导向的模糊测试种子筛选方法. 网络安全技术与应用. 2024(02): 44-46 .
    4. 侍言,羌卫中,邹德清,金海. 进化内核模糊测试研究综述. 网络与信息安全学报. 2024(01): 1-21 .
    5. 王明义,甘水滔,王晓锋,刘渊. 基于种子智能生成的内核模糊测试模型. 信息安全学报. 2024(03): 124-137 .
    6. 李志博,李清宝,兰明敬. 基于ART优化选择策略的遗传算法生成测试数据方法. 计算机科学. 2024(06): 95-103 .
    7. 崔展齐,张家铭,郑丽伟,陈翔. 覆盖率制导的灰盒模糊测试研究综述. 计算机学报. 2024(07): 1665-1696 .
    8. 王琴应,许嘉诚,李宇薇,潘祖烈,张玉清,张超,纪守领. 智能模糊测试综述:问题探索和方法分类. 计算机学报. 2024(09): 2059-2083 .
    9. 许爱东,徐培明,尚进,孙钦东. 基于强化学习多算法组合模型的智能化模糊测试技术. 计算机工程与应用. 2024(20): 284-292 .
    10. 张翔,王峰,李兴华,查娟娟,叶家敏. 基于包序列变异和反馈引导的电力通信协议模糊测试方法. 宁夏电力. 2024(05): 70-75 .
    11. 刘羿希,何俊,吴波,刘丙童,李子玉. DevSecOps中软件安全性测试技术综述. 计算机应用. 2024(11): 3470-3478 .
    12. 李泽源,尹中旭,宗国笑,桑海涯. 基于多目标支配分析和路径动态修剪优化的定向模糊测试技术. 计算机应用研究. 2024(11): 3455-3463 .
    13. 纪守领,王琴应,陈安莹,赵彬彬,叶童,张旭鸿,吴敬征,李昀,尹建伟,武延军. 开源软件供应链安全研究综述. 软件学报. 2023(03): 1330-1364 .
    14. 孙力立 ,张培华 ,武成岗 ,王喆 . JavaScript引擎JIT代码的类型混淆缺陷检测器. 高技术通讯. 2023(03): 251-260 .
    15. 白英民,师智斌,信文阁,窦建民,张舒娟,王子建. 基于词嵌入与Shapelet时序特征的智能合约漏洞检测方法研究. 中北大学学报(自然科学版). 2023(04): 381-387 .
    16. 樊志强,王洪宇,刘日昇. 命令行接口模糊测试漏洞挖掘研究及应用. 网络安全与数据治理. 2023(07): 61-66+78 .
    17. 王鹃,张冲,龚家新,李俊娥. 基于机器学习的模糊测试研究综述. 信息网络安全. 2023(08): 1-16 .
    18. 李航宇,方浩然,曲彦文,郭帆. ADFuzz:使用异常检测筛选低频路径高效模糊测试. 计算机研究与发展. 2023(08): 1912-1924 . 本站查看
    19. 刘博洋,刘潮,任艺琳,满芮,苗晗. 基于模糊测试工控协议漏洞挖掘技术研究. 科技风. 2023(24): 78-80 .
    20. 白海波. 人工智能技术在模糊测试中的应用. 数字技术与应用. 2023(08): 16-18 .
    21. 张颖君,周赓,程亮,孙晓山,张阳. 基于双重覆盖信息协同的协议模糊测试. 计算机系统应用. 2023(09): 32-42 .
    22. 王宇,黄松,曲豫宾. 面向深度学习的模糊测试研究进展. 安庆师范大学学报(自然科学版). 2023(03): 66-73 .
    23. 陈锦山,余斯航,祁琦,孙鑫,安珂欣,李俊娥. 针对VxWorks电力工控终端的模糊测试方法. 电力信息与通信技术. 2023(09): 15-22 .
    24. 郑鹏,沙乐天. 基于混合分析的Java反序列化漏洞检测方法. 计算机工程. 2023(12): 136-145 .
    25. 王雨绚,张之江,姚旭寅,李伟杰,杨融. 机载网络安保测试方法研究. 工业控制计算机. 2022(03): 95-97 .
    26. 刘林彬,苗泉强,李俊娥. 基于模糊测试的GOOSE协议解析漏洞挖掘方法. 中国电力. 2022(04): 33-43 .
    27. 程亮,王化磊,张阳,孙晓山. 基于聚类和新覆盖信息的模糊测试改进. 计算机系统应用. 2022(09): 192-200 .
    28. 王朝晖,殷哲,刘娟. 软件供应链开源组件安全风险评估. 电子技术与软件工程. 2022(22): 80-84 .
    29. 张琦,马莺姿. 模糊测试器AFL种子变异策略优化研究. 现代信息科技. 2021(24): 142-145 .

    Other cited types(81)

Catalog

    Get Citation
    PDF
    XML
    Article views (2887) PDF downloads (2225) Cited by(110)
    Turn off MathJax
    Article Contents
    Abstract
    Related Articles
    Email Alert RSS
    微信订阅号<br/>(实时资讯)

    微信订阅号
    (实时资讯)

    微信服务号<br/>(同步网站)

    微信服务号
    (同步网站)

    微信视频号<br/>(视频分享)

    微信视频号
    (视频分享)

    CCF<br/>(扫码入会)

    CCF
    (扫码入会)

    Copyright © Editorial Department of Computer Research and Development

    Supported by: Beijing Renhe Information Technology Co., Ltd. Baidu Analytics

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return