Open Access

REVIEW

Fuzzing: Progress, Challenges, and Perspectives

Zhenhua Yu¹, Zhengqi Liu¹, Xuya Cong^1,*, Xiaobo Li², Li Yin³

1 Institute of Systems Security and Control, College of Computer Science and Technology, Xi’an University of Science and Technology, Xi’an, 710054, China
2 School of Mathematics and Information Science, Baoji University of Arts and Sciences, Baoji, 721013, China
3 Institute of Systems Engineering, Macau University of Science and Technology, Taipa, Macau, China

* Corresponding Author: Xuya Cong. Email:

Computers, Materials & Continua 2024, 78(1), 1-29. https://doi.org/10.32604/cmc.2023.042361

Received 28 May 2023; Accepted 16 October 2023; Issue published 30 January 2024

Abstract

As one of the most effective techniques for finding software vulnerabilities, fuzzing has become a hot topic in software security. It feeds potentially syntactically or semantically malformed test data to a target program to mine vulnerabilities and crash the system. In recent years, considerable efforts have been dedicated by researchers and practitioners towards improving fuzzing, so there are more and more methods and forms, which make it difficult to have a comprehensive understanding of the technique. This paper conducts a thorough survey of fuzzing, focusing on its general process, classification, common application scenarios, and some state-of-the-art techniques that have been introduced to improve its performance. Finally, this paper puts forward key research challenges and proposes possible future research directions that may provide new insights for researchers.

---

Keywords

---