Call for Papers - Ongoing round of submission, notification and publication.
    
  
Home    |    Login or Register    |    Contact CSC
By Title/Keywords/Abstract   By Author
Browse CSC-OpenAccess Library.
  • HOME
  • LIST OF JOURNALS
  • AUTHORS
  • EDITORS & REVIEWERS
  • LIBRARIANS & BOOK SELLERS
  • PARTNERSHIP & COLLABORATION
Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available
(no registration required)

(610.28KB)


-- CSC-OpenAccess Policy
-- Creative Commons Attribution NonCommercial 4.0 International License
>> COMPLETE LIST OF JOURNALS

EXPLORE PUBLICATIONS BY COUNTRIES

EUROPE
MIDDLE EAST
ASIA
AFRICA
.............................
United States of America
United Kingdom
Canada
Australia
Italy
France
Brazil
Germany
Malaysia
Turkey
China
Taiwan
Japan
Saudi Arabia
Jordan
Egypt
United Arab Emirates
India
Nigeria
A Review on Grammar-Based Fuzzing Techniques
Hamad Ali Al Salem, Jia Song
Pages - 114 - 123     |    Revised - 31-05-2019     |    Published - 01-06-2019
Published in International Journal of Computer Science and Security (IJCSS)
Volume - 13   Issue - 3    |    Publication Date - June 2019  Table of Contents
MORE INFORMATION
References   |   Abstracting & Indexing
KEYWORDS
Fuzzing, Grammar-based, Generation, Mutation, Techniques, File Input Quality.
ABSTRACT
Fuzzing has become the most interesting software testing technique because it can find different types of bugs and vulnerabilities in many target programs. Grammar-based fuzzing tools have been shown effectiveness in finding bugs and generating good fuzzing files. Fuzzing techniques are usually guided by different methods to improve their effectiveness. However, they have limitation as well. In this paper, we present an overview of grammar-based fuzzing tools and techniques that are used to guide them which include mutation, machine learning, and evolutionary computing. Few studies are conducted on this approach and show the effectiveness and quality in exploring new vulnerabilities in a program. Here we summarize the studied fuzzing tools and explain each one method, input format, strengths and limitations. Some experiments are conducted on two of the fuzzing tools and comparing between them based on the quality of generated fuzzing files.
ABSTRACTING & INDEXING
1 Google Scholar 
2 refSeek 
3 BibSonomy 
4 Doc Player 
5 Scribd 
6 SlideShare 
REFERENCES
Darwin, C. (2004). On the origin of species, 1859. Routledge.
Eiben, A. E., & Smith, J. E. (2003). Introduction to Evolutionary Computing. Natural Computing Series. doi:10.1007/978-3-662-05094-1.
Godefroid, P., Kiezun, A., & Levin, M. (2008). Grammar-based Whitebox Fuzzing. ACM Sigplan Notices, (pp. 206-2015).
Godefroid, P., Peleg, H., & Singh, R. (2017). Learn&Fuzz: Machine Learning for Input Fuzzing. Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering.
Grieco, G., Ceresa, M., & Buiras, P. (2016). QuickFuzz: An Automatic Random Fuzzer for Common File Formats. Proceedings of the 9th International Symposium on Haskell.
Guo, T., Zhang, P., Wang, X., & Wei, Q. (2013). GramFuzz: Fuzzing Testing of Web Browsers Based on Grammar Analysis and structural mutation. Second International Conference on Informatics & Applications (ICIA).
Hodován, R., Kiss, Á., & Gyimóthy, T. (2018). Grammarinator: A grammar-based open source fuzzer. Proceedings of the 9th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation.
Holler, C., Herzig, K., & Zeller, A. (2012). Fuzzing with Code Fragments. Presented as part of the 21st {USENIX} Security Symposium .
Hu, Z., Shi, J., Huang, Y., Xiong, J., & Bu, X. (2018). GANFuzz: a GAN-based industrial network protocol fuzzing framework. Proceedings of the 15th ACM International Conference on Computing Frontiers.
Kim, S. Y., Cha, S., & Bae, D. H. (2013). Automatic and lightweight grammar generation for fuzz testing. Computers & Security, 36, 1-11.
Liang, H., Pei, X., Jia, X., Shen, W., & Zhang, J. (Sep. 2018). Fuzzing: State of the Art. IEEE Transactions on Reliability, 67, 1199-1218.
Miller, C., & Peterson Z. (2007). Analysis of mutation and generation-based fuzzing. Independent Security Evaluators, Tech. Rep.
Oehlert, P. (2005). Violating Assumptions with Fuzzing. IEEE Security & Privacy, 3, 58-62.
Sargsyan, S., Kurmangaleev, S., Mehrabyan, M., Mishechkin, M., Ghukasyan, T., & Asryan, S. (2018). Grammar-based Fuzzing. Ivannikov Memorial Workshop (IVMEM).
Stephens, N., Grosen, J., Salls, C., Dutcher, A., Wang, R., Corbetta, J., Shoshitaishvili, Y., Kruegel, C., & Vigna, G. (2016). Driller: Augmenting Fuzzing Through Selective Symbolic Execution. NDSS.
Veggalam, S., Rawat, S., Haller, I., & Bos, H. (2016). IFuzzer: An evolutionary interpreter fuzzer using genetic programming. European Symposium on Research in Computer Security, (pp. 581-601).
Wang, J., Chen, B., Wei, L., & Liu, Y. (2017). Skyfire: Data-Driven Seed Generation for Fuzzing. IEEE Symposium on Security and Privacy (pp. 579-594). IEEE.
Yang, D., Zhang, Y., & Liu, Q. (2012). BlendFuzz: A Model-Based Framework for Fuzz Testing Programs with grammatical inputs. IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, (pp. 1070-1076).
MANUSCRIPT AUTHORS
Mr. Hamad Ali Al Salem
Computer Science Department University of Idaho Moscow, ID, 83844 - United States of America
halsalem@hotmail.com
Dr. Jia Song
Computer Science Department University of Idaho Moscow, ID, 83844 - United States of America


CREATE AUTHOR ACCOUNT
 
LAUNCH YOUR SPECIAL ISSUE
View all special issues >>
 
PUBLICATION VIDEOS
 
You can contact us anytime since we have 24 x 7 support.
Join Us|List of Journals|
    
Copyrights © 2025 Computer Science Journals (CSC Journals). All rights reserved. Privacy Policy | Terms of Conditions