H-fuzzing: a new heuristic method for fuzzing data generation

Authors:
Jinjing Zhao;Yan Wen;Gang Zhao
Affiliations:
Beijing Institute of System Engineerring, Beijing, China and National Key Laboratory of Science and Technology on Information System Security, Beijing, China;Beijing Institute of System Engineerring, Beijing, China and National Key Laboratory of Science and Technology on Information System Security, Beijing, China;Beijing Institute of System Engineerring, Beijing, China and National Key Laboratory of Science and Technology on Information System Security, Beijing, China
Venue:
NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
Year:
2011

Citing 15
Cited 1

An empirical study of the reliability of UNIX utilities

Communications of the ACM
A semantic model of program faults

ISSTA '96 Proceedings of the 1996 ACM SIGSOFT international symposium on Software testing and analysis
Symbolic execution and program testing

Communications of the ACM
Generating Test Data for Functions with Pointer Inputs

Proceedings of the 17th IEEE international conference on Automated software engineering
Generating Tests from Counterexamples

Proceedings of the 26th International Conference on Software Engineering
Test input generation with java PathFinder

ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
JCrasher: an automatic robustness tester for Java

Software—Practice & Experience
Hybrid Concolic Testing

ICSE '07 Proceedings of the 29th international conference on Software Engineering
An empirical study of the robustness of Windows NT applications using random testing

WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
Directed test generation using symbolic grammars

Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
A System to Generate Test Data and Symbolically Execute Programs

IEEE Transactions on Software Engineering
Grammar-based whitebox fuzzing

Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Automatic generation of random self-checking test cases

IBM Systems Journal
Symstra: a framework for generating object-oriented unit tests using symbolic execution

TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Eclat: automatic generation and classification of test inputs

ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming

Comparative language fuzz testing: programming languages vs. fat fingers

Proceedings of the ACM 4th annual workshop on Evaluation and usability of programming languages and tools

Quantified Score

Hi-index	0.00

Visualization

Abstract

How to efficiently reduce the fuzzing data scale while assuring high fuzzing veracity and vulnerability coverage is a pivotal issue in program fuzz test. This paper proposes a new heuristic method for fuzzing data generation named with H-Fuzzing. H-Fuzzing achieves a high program execution path coverage by retrieving the static information and dynamic property from the program. Our experiments evaluate H-Fuzzing, Java Path Finder (JPF) and random fuzzing method. The evaluation results demonstrate that H-Fuzzing can use fewer iterations and testing time to reach more test path coverage compared with the other two methods.