Improving fuzzing assessment methods through the analysis of metrics and experimental conditions

Iturbe, Mikel

Ver/Abrir

Improving fuzzing assessment methods through the analysis of metrics and experimental conditions.pdf (2.504Mb)

Registro completo

Impacto

Guarda la referencia

Título

Improving fuzzing assessment methods through the analysis of metrics and experimental conditions

Autor-a

Iturbe, Mikel Mondragon Unibertsitatea

Autor-a (de otra institución)

Eceiza Olaizola, Maialen

Flores, José Luis

Grupo de investigación

Análisis de datos y ciberseguridad

Otras instituciones

Ikerlan

Versión

Version publicada

Derechos

Acceso

Acceso abierto

URI

https://hdl.handle.net/20.500.11984/5858

Versión del editor

https://doi.org/10.1016/j.cose.2022.102946

Publicado en

Computers & Security Vol. 124. Article 102946. January, 2023

Editor

Elsevier

Palabras clave

fuzzing
Evaluation methodology
security
software testing ... [+]

fuzzing
Evaluation methodology
security
software testing
Metrics [-]

Resumen

Fuzzing is nowadays one of the most widely used bug hunting techniques. By automatically generating malformed inputs, fuzzing aims to trigger unwanted behavior on its target. While fuzzing research has matured considerably in the last years, the evaluation and comparison of different fuzzing proposals remain challenging, as no standard set of metrics, data, or experimental conditions exist to allow such observation. This paper aims to fill that gap by proposing a standard set of features to allow such comparison. For that end, it first reviews the existing evaluation methods in the literature and discusses all existing metrics by evaluating seven fuzzers under identical experimental conditions. After examining the obtained results, it recommends a set of practices –particularly on the metrics to be used–, to allow proper comparison between different fuzzing proposals. [-]