Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

RCFuzzer: Recommendation-based Collaborative Fuzzer

Authors
Mo, HyeonminYang, JongmunKim, Yunho
Issue Date
Dec-2025
Publisher
Elsevier BV
Keywords
Collaborative fuzzing; Crash detection; Thompson sampling
Citation
Journal of Systems and Software, v.230, pp 1 - 23
Pages
23
Indexed
SCIE
SCOPUS
Journal Title
Journal of Systems and Software
Volume
230
Start Page
1
End Page
23
URI
https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/210701
DOI
10.1016/j.jss.2025.112564
ISSN
0164-1212
1873-1228
Abstract
Fuzzing is an effective technique for detecting bugs by executing programs with randomly generated or mutated inputs. However, as various fuzzers have been developed, selecting the most suitable fuzzer for a specific program has become increasingly difficult. To address this issue, collaborative fuzzing techniques have been proposed, which combine multiple fuzzers and select the optimal one. However, existing approaches are inefficient and have limited accuracy, as they require significant time to evaluate fuzzer performance and fail to effectively utilize the latest results from the fuzzing campaign. To overcome these challenges, we propose RCFuzzer, a ReCommendation based collaborative Fuzzer. RCFuzzer treats the fuzzer selection problem as a Multi-Armed Bandit(MAB) problem and improves the efficiency and accuracy of selecting the optimal fuzzer using Thompson sampling. First, RCFuzzer is efficient because it directly utilizes the current fuzzing results, eliminating the need for additional time to evaluate individual fuzzers. Second, RCFuzzer can accurately select the optimal fuzzer by using the fuzzing results obtained from the current state of the fuzzing target as feedback. Additionally, to further improve the accuracy of fuzzer selection, RCFuzzer adopts the branch difficulty heuristics, which assigns different weights to branches based on their difficulty to cover and evaluates fuzzers accordingly. The empirical evaluation on the 47 programs from MAGMA, UNIFUZZ and Google’s Fuzzer-Test-Suite shows that RCFuzzer outperforms individual fuzzers in code coverage and crash detection capability. Additionally, RCFuzzer achieves higher code coverage for 29 out of 47 programs and detects 18 more unique crashes than autofz, the state-of-the-art collaborative fuzzer.
Files in This Item
Go to Link
Appears in
Collections
서울 공과대학 > 서울 미래자동차공학과 > 1. Journal Articles
서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Kim, Yunho photo

Kim, Yunho
COLLEGE OF ENGINEERING (SCHOOL OF COMPUTER SCIENCE)
Read more

Altmetrics

Total Views & Downloads

BROWSE