Improving fuzzing assessment methods through the analysis of metrics and experimental conditions

Iturbe, Mikel

Ikusi/Ireki

Improving fuzzing assessment methods through the analysis of metrics and experimental conditions.pdf (2.504Mb)

Erregistro osoa

Eragina

Partekatu

Gorde erreferentzia

Izenburua

Improving fuzzing assessment methods through the analysis of metrics and experimental conditions

Egilea

Iturbe, Mikel Mondragon Unibertsitatea

Egilea (beste erakunde batekoa)

Eceiza Olaizola, Maialen

Flores, José Luis

Ikerketa taldea

Análisis de datos y ciberseguridad

Beste instituzio

Ikerlan

Bertsioa

Bertsio argitaratua

Eskubideak

Sarbidea

Sarbide irekia

URI

https://hdl.handle.net/20.500.11984/5858

Argitaratzailearen bertsioa

https://doi.org/10.1016/j.cose.2022.102946

Non argitaratua

Computers & Security Vol. 124. Article 102946. January, 2023

Argitaratzailea

Elsevier

Gako-hitzak

fuzzing
Evaluation methodology
security
software testing ... [+]

fuzzing
Evaluation methodology
security
software testing
Metrics [-]

Laburpena

Fuzzing is nowadays one of the most widely used bug hunting techniques. By automatically generating malformed inputs, fuzzing aims to trigger unwanted behavior on its target. While fuzzing research has matured considerably in the last years, the evaluation and comparison of different fuzzing proposals remain challenging, as no standard set of metrics, data, or experimental conditions exist to allow such observation. This paper aims to fill that gap by proposing a standard set of features to allow such comparison. For that end, it first reviews the existing evaluation methods in the literature and discusses all existing metrics by evaluating seven fuzzers under identical experimental conditions. After examining the obtained results, it recommends a set of practices –particularly on the metrics to be used–, to allow proper comparison between different fuzzing proposals. [-]