RCFuzzer: Recommendation-based Collaborative Fuzzer
- Authors
- Mo, Hyeonmin; Yang, Jongmun; Kim, Yunho
- Issue Date
- Dec-2025
- Publisher
- Elsevier BV
- Keywords
- Collaborative fuzzing; Crash detection; Thompson sampling
- Citation
- Journal of Systems and Software, v.230, pp 1 - 23
- Pages
- 23
- Indexed
- SCIE
SCOPUS
- Journal Title
- Journal of Systems and Software
- Volume
- 230
- Start Page
- 1
- End Page
- 23
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/210701
- DOI
- 10.1016/j.jss.2025.112564
- ISSN
- 0164-1212
1873-1228
- Abstract
- Fuzzing is an effective technique for detecting bugs by executing programs with randomly generated or mutated inputs. However, as various fuzzers have been developed, selecting the most suitable fuzzer for a specific program has become increasingly difficult. To address this issue, collaborative fuzzing techniques have been proposed, which combine multiple fuzzers and select the optimal one. However, existing approaches are inefficient and have limited accuracy, as they require significant time to evaluate fuzzer performance and fail to effectively utilize the latest results from the fuzzing campaign.
To overcome these challenges, we propose RCFuzzer, a ReCommendation based collaborative Fuzzer. RCFuzzer treats the fuzzer selection problem as a Multi-Armed Bandit(MAB) problem and improves the efficiency and accuracy of selecting the optimal fuzzer using Thompson sampling. First, RCFuzzer is efficient because it directly utilizes the current fuzzing results, eliminating the need for additional time to evaluate individual fuzzers. Second, RCFuzzer can accurately select the optimal fuzzer by using the fuzzing results obtained from the current state of the fuzzing target as feedback. Additionally, to further improve the accuracy of fuzzer selection, RCFuzzer adopts the branch difficulty heuristics, which assigns different weights to branches based on their difficulty to cover and evaluates fuzzers accordingly.
The empirical evaluation on the 47 programs from MAGMA, UNIFUZZ and Google’s Fuzzer-Test-Suite shows that RCFuzzer outperforms individual fuzzers in code coverage and crash detection capability. Additionally, RCFuzzer achieves higher code coverage for 29 out of 47 programs and detects 18 more unique crashes than autofz, the state-of-the-art collaborative fuzzer.
- Files in This Item
-
Go to Link
- Appears in
Collections - 서울 공과대학 > 서울 미래자동차공학과 > 1. Journal Articles
- 서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.