Título
Improving fuzzing assessment methods through the analysis of metrics and experimental conditionsAutor-a
Otras instituciones
IkerlanVersión
Version publicada
Derechos
© 2022 The AuthorsAcceso
Acceso abiertoVersión del editor
https://doi.org/10.1016/j.cose.2022.102946Publicado en
Computers & Security Vol. 124. Article 102946. January, 2023Editor
ElsevierPalabras clave
fuzzing
Evaluation methodology
security
software testing ... [+]
Evaluation methodology
security
software testing ... [+]
fuzzing
Evaluation methodology
security
software testing
Metrics [-]
Evaluation methodology
security
software testing
Metrics [-]
Resumen
Fuzzing is nowadays one of the most widely used bug hunting techniques. By automatically generating malformed inputs, fuzzing aims to trigger unwanted behavior on its target. While fuzzing research ha ... [+]
Fuzzing is nowadays one of the most widely used bug hunting techniques. By automatically generating malformed inputs, fuzzing aims to trigger unwanted behavior on its target. While fuzzing research has matured considerably in the last years, the evaluation and comparison of different fuzzing proposals remain challenging, as no standard set of metrics, data, or experimental conditions exist to allow such observation. This paper aims to fill that gap by proposing a standard set of features to allow such comparison. For that end, it first reviews the existing evaluation methods in the literature and discusses all existing metrics by evaluating seven fuzzers under identical experimental conditions. After examining the obtained results, it recommends a set of practices –particularly on the metrics to be used–, to allow proper comparison between different fuzzing proposals. [-]
Sponsorship
Gobierno Vasco-Eusko JaurlaritzaID Proyecto
info:eu-repo/grantAgreement/GV/Elkartek 2021/KK-2021-00091/CAPV/REal tiME control and embeddeD securitY/REMEDYColecciones
- Artículos - Ingeniería [684]
El ítem tiene asociados los siguientes ficheros de licencia: