Cited 0 time in
ZigZagFuzz: Interleaved Fuzzing of Program Options and Files
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Lee, Ahcheong | - |
| dc.contributor.author | Choi, Youngseok | - |
| dc.contributor.author | Hong, Shin | - |
| dc.contributor.author | Kim, Yunho | - |
| dc.contributor.author | Cho, Kyutae | - |
| dc.contributor.author | Kim, Moonzoo | - |
| dc.date.accessioned | 2025-03-10T07:00:10Z | - |
| dc.date.available | 2025-03-10T07:00:10Z | - |
| dc.date.issued | 2025-02 | - |
| dc.identifier.issn | 1049-331X | - |
| dc.identifier.issn | 1557-7392 | - |
| dc.identifier.uri | https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/206713 | - |
| dc.description.abstract | Command-line options (e.g., -l, -F, -R for ls) given to a command-line program can significantly alternate the behaviors of the program. Thus, fuzzing not only file input but also program options can improve test coverage and bug detection. In this article, we propose ZigZagFuzz which achieves higher test coverage and detects more bugs than the state-of-the-art fuzzers by separately mutating program options and file inputs in an iterative/interleaving manner. ZigZagFuzz applies the following three core ideas. First, to utilize different characteristics of the program option domain and the file input domain, ZigZagFuzz separates phases of mutating program options from ones of mutating file inputs and performs two distinct mutation strategies on the two different domains. Second, to reach deep segments of a target program that are accessed through an interleaving sequence of program option checks and file inputs checks, ZigZagFuzz continuously interleaves phases of mutating program options with phases of mutating file inputs. Finally, to improve fuzzing performance further, ZigZagFuzz periodically shrinks input corpus by removing similar test inputs based on their function coverage. The experiment results on the 20 real-world programs show that ZigZagFuzz improves test coverage and detects 1.9 to 10.6 times more bugs than the state-of-the-art fuzzers that mutate program options such as AFL++-argv, AFL++-all, Eclipser, CarpetFuzz, ConfigFuzz, and POWER. We have reported the new bugs detected by ZigZagFuzz, and the original developers confirmed our bug reports. | - |
| dc.format.extent | 31 | - |
| dc.language | 영어 | - |
| dc.language.iso | ENG | - |
| dc.publisher | Association for Computing Machinary, Inc. | - |
| dc.title | ZigZagFuzz: Interleaved Fuzzing of Program Options and Files | - |
| dc.type | Article | - |
| dc.publisher.location | 미국 | - |
| dc.identifier.doi | 10.1145/3697014 | - |
| dc.identifier.scopusid | 2-s2.0-85218336971 | - |
| dc.identifier.wosid | 001431182900003 | - |
| dc.identifier.bibliographicCitation | ACM Transactions on Software Engineering and Methodology, v.34, no.2, pp 1 - 31 | - |
| dc.citation.title | ACM Transactions on Software Engineering and Methodology | - |
| dc.citation.volume | 34 | - |
| dc.citation.number | 2 | - |
| dc.citation.startPage | 1 | - |
| dc.citation.endPage | 31 | - |
| dc.type.docType | Article | - |
| dc.description.isOpenAccess | N | - |
| dc.description.journalRegisteredClass | scie | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.relation.journalResearchArea | Computer Science | - |
| dc.relation.journalWebOfScienceCategory | Computer Science, Software Engineering | - |
| dc.subject.keywordPlus | Automatic test pattern generation | - |
| dc.subject.keywordPlus | Input output programs | - |
| dc.subject.keywordPlus | Program debugging | - |
| dc.subject.keywordAuthor | Automated test generation | - |
| dc.subject.keywordAuthor | bug detection | - |
| dc.subject.keywordAuthor | command-line program options | - |
| dc.subject.keywordAuthor | dynamic analysis | - |
| dc.subject.keywordAuthor | fuzzing | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
222, Wangsimni-ro, Seongdong-gu, Seoul, 04763, Korea+82-2-2220-1366
COPYRIGHT © 2024 HANYANG UNIVERSITY.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.
