Fuzz Testing Process Visualization

Han Lin Lu*, Ren Jie Zhuang, Shih Kun Huang

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review


The conventional fuzz testing process consists of an input mutation, an execution to test the program, monitoring, and information collection to discover bugs and security vul-nerabilities. However, practical programs have more features and complex logic, and leg-acy mutation strategies cannot reach a deeper path to find potential bugs. A solution to this problem is to analyze the input seeds and employ test harnesses for the testing flows. This study proposes an interactive visualization tool called FuzzInspector for fuzz testing. We implemented a visualizer mode on AFL++ to generate test data for a binary analysis tool (Qiling framework and Radare2). We then visualized the controlflow graph and execution path information. This method does not require the source code and reduces the perfor-mance overhead. We also implemented an interactive user interface for the user to set the breakpoint, seed, register, and memory address and send the request to the Qiling frame-work for dynamic analysis. Moreover, the seed constraint can assist the fuzzer in generat-ing a formatted seed for exploring a specific execution path. We evaluated the search time using a known approach to common vulnerabilities and exposures (CVE) and found that the search for bugs with constraints is 15 to 20 times faster than that without constraints. Moreover, we introduced a dynamic analysis feature to find controllable data and assist the exploit development process.

Original languageEnglish
Pages (from-to)1037-1059
Number of pages23
JournalJournal of Information Science and Engineering
Issue number5
StatePublished - Sep 2023


  • Cynefin framework
  • big data
  • knowledge application
  • knowledge creation
  • knowledge management
  • technology


Dive into the research topics of 'Fuzz Testing Process Visualization'. Together they form a unique fingerprint.

Cite this