A Review of Fuzzing Techniques

被引：0

作者：

Ren Z. ^{[1
]}

Zheng H. ^{[1
]}

Zhang J. ^{[2
]}

Wang W. ^{[1
]}

Feng T. ^{[2
]}

Wang H. ^{[3
]}

Zhang Y. ^{[1
,3
,4
]}

机构：

[1] National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing

[2] School of Computer and Communication, Lanzhou University of Technology, Lanzhou

[3] School of Cyber Engineering, Xidian University, Xi'an

[4] School of Computer Science and Cyberspace Security, Hainan University, Haikou

来源：

Jisuanji Yanjiu yu Fazhan/Computer Research and Development | 2021年 / 58卷 / 05期

基金：

中国国家自然科学基金;

关键词：

Basic working process; Fuzzing; IoT security; Kernel security; Machine learning;

D O I：

10.7544/issn1000-1239.2021.20201018

中图分类号：

学科分类号：

摘要：

Fuzzing is a security testing technique, which is playing an increasingly important role, especially in detecting vulnerabilities. Fuzzing has experienced rapid development in recent years. A large number of new achievements have emerged, so it is necessary to summarize and analyze relevant achievements to follow fuzzing's research frontier. Based on 4 top security conferences (IEEE S&P, USENIX Security, CCS, NDSS) about network and system security, we summarized fuzzing's basic workflow, including preprocessing, input building, input selection, evaluation, and post-fuzzing. We discussed each link's tasks, challenges, and the corresponding research results. We emphatically analyzed the fuzzing testing method based on coverage guidance, represented by the American Fuzzy Lop tool and its improvements. Using fuzzing testing technology in different fields will face vastly different challenges. We summarized the unique requirements and corresponding solutions for fuzzing testing in specific areas by sorting and analyzing the related literature. Mostly, we focused on the Internet of Things and the kernel security field because of their rapid development and importance. In recent years, the progress of anti-fuzzing testing technology and machine learning technology has brought challenges and opportunities to the development of fuzzing testing technology. These opportunities and challenges provide direction reference for the further research. © 2021, Science Press. All right reserved.

引用

页码：944 / 963

页数：19

共 87 条

[1] Miller B P, Fredriksen L, So B., An empirical study of the reliability of UNIX utilities, Communications of the ACM, 33, 12, pp. 32-44, (1990)
[2] Langner R., Stuxnet: Dissecting a cyberwarfare weapon, IEEE Security & Privacy, 9, 3, pp. 49-51, (2011)
[3] Mohurle S, Patil M., A brief study of WannaCry threat: Ransomware attack 2017, International Journal of Advanced Research in Computer Science, 8, 5, pp. 1938-1940, (2017)
[4] DeFazio P A, Larsen R., The design, development & certification of the boeing 737 max, (2020)
[5] Hawkes B., Project zero five years of 'make 0day hard, (2019)
[6] Zhang Yan, Zhang Junwen, Zhang Dalin, Et al., Survey of directed fuzzy technology, Proc of the 9th IEEE Intl Conf on Software Engineering and Service Science (ICSESS), (2018)
[7] Pengfei Wang, Zhou Xu, Sok: The progress, challenges, and perspectives of directed greybox fuzzing, (2020)
[8] Li Jun, Zhao Bodong, Zhang Chao, Fuzzing: A survey, Cybersecurity, 1, 1, pp. 1-6, (2018)
[9] Liang Hongliang, Pei Xiaoxiao, Jia Xiaodong, Et al., Fuzzing state of the art, IEEE Transactions on Reliability, 67, 3, pp. 1199-1218, (2018)
[10] Man'es V J M, Han H, Han C, Et al., The art, science, and engineering of fuzzing: A survey[J/OL], IEEE Transactions on Software Engineering, (2019)

← 1 2 3 4 5 6 7 8 9 →