Skip to main content
Conference ProceedingsOPEN ACCESS

Evaluating fuzz testing

Proceedings of the ACM Conference on Computer and Communications Security (2018) 2123-2138
DOI: 10.1145/3243734.3243804
491Citations
Citations of this article
373Readers
Mendeley users who have this article in their library.

Abstract

Fuzz testing has enjoyed great success at discovering security critical bugs in real software. Recently, researchers have devoted significant effort to devising new fuzzing techniques, strategies, and algorithms. Such new ideas are primarily evaluated experimentally so an important question is: What experimental setup is needed to produce trustworthy results? We surveyed the recent research literature and assessed the experimental evaluations carried out by 32 fuzzing papers. We found problems in every evaluation we considered. We then performed our own extensive experimental evaluation using an existing fuzzer. Our results showed that the general problems we found in existing experimental evaluations can indeed translate to actual wrong or misleading assessments. We conclude with some guidelines that we hope will help improve experimental evaluations of fuzz testing algorithms, making reported results more robust.

Author supplied keywords

References Powered by Scopus

A critique and improvement of the CL common language effect size statistics of McGraw and Wong

Journal of Educational and Behavioral Statistics
1158Citations
N/AReaders
Get full text

A practical guide for using statistical tests to assess randomized algorithms in software engineering

Proceedings - International Conference on Software Engineering
790Citations
N/AReaders
Get full text

Driller: Augmenting Fuzzing Through Selective Symbolic Execution

23rd Annual Network and Distributed System Security Symposium, NDSS 2016
775Citations
N/AReaders
Get full text
View more at Scopus

Cited by Powered by Scopus

The Art, Science, and Engineering of Fuzzing: A Survey

IEEE Transactions on Software Engineering
258Citations
N/AReaders
Get full text

Sfuzz: An efficient adaptive fuzzer for solidity smart contracts

Proceedings - International Conference on Software Engineering
232Citations
N/AReaders
Get full text

Superion: Grammar-Aware Greybox Fuzzing

Proceedings - International Conference on Software Engineering
197Citations
N/AReaders
Get full text
View more at Scopus

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Klees, G., Ruef, A., Cooper, B., Wei, S., & Hicks, M. (2018). Evaluating fuzz testing. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 2123–2138). Association for Computing Machinery. https://doi.org/10.1145/3243734.3243804

Readers over time

‘18‘19‘20‘21‘22‘23‘24‘250306090120

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 167

78%

Researcher 28

13%

Professor / Associate Prof. 12

6%

Lecturer / Post doc 6

3%

Readers' Discipline

Tooltip

Computer Science 219

93%

Engineering 12

5%

Mathematics 3

1%

Design 2

1%

Article Metrics

Tooltip
Mentions
News Mentions: 1

Save time finding and organizing research with Mendeley

Sign up for free
0