A Review of Smart Fuzzing:Problem Exploration and Method Classification
With the increasing scale and complexity of software systems in recent years,along with the continuous growth in the number of security vulnerabilities and their expanding impact,the global security situation remains challenging.In response to this issue,academia and industry have been devoted to researching efficient vulnerability discovery techniques to identify and ad-dress potential vulnerabilities in advance.Among these techniques,fuzzing has garnered signifi-cant attention from academia and industry as an advanced vulnerability detection approach.To further enhance the capability of vulnerability discovery,researchers introduced smart fuzzing,which leverages artificial intelligence and program analysis techniques to assist in more efficiently testing and analyzing complex software systems,intelligently guiding the direction of vulnerabili-ty discovery.This paper reviews the progress of smart fuzzing over the past eight years,proposes a general fuzzing procedure model and a problem-oriented classification method for smart fuzzing techniques,and summarizes the current advantages and shortcomings of smart fuzzing from three aspects:optimizing test input generation,improving test efficiency,and enhancing test oracles.Finally,this paper offers a prospective outlook and summary of the challenges and future re-search directions in the field of smart fuzzing.
fuzzingsoftware and system securityvulnerability discoveryartificial intelligenceprogram analysis
万方数据
维普
