On the effectiveness of scheduling fuzz testing

Wei Jun Chen; Hsiao Rong Tyan; Shih-Kun Huang

doi:10.3233/978-1-61499-484-8-841

On the effectiveness of scheduling fuzz testing

Wei Jun Chen, Hsiao Rong Tyan, Shih-Kun Huang

Center for Information Technology Services

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

With the rapid development of software systems, exploiting software vulnerabilities to invade the system has largely increased. As a result, software security becomes vitally important. Since it is impossible to develop programs without bugs and it is inefficient to test program manually, we need a systematic software testing methods to verify if the software is with good quality. Black-box testing is a technique that can find bugs without the target program's source code, and normally copes with mutation fuzz testing. There are numerous fuzz testing tools freely available, but to find the maximum amount of unique bugs in limited interval of time is still a problem remained to be solved. In this paper we have used several scheduling algorithms to improve the fuzzer called FOE (Failure Observation Engine) to better improve the original fuzzing efficiency and produce maximum unique bugs in a given period of time.

Original language	English
Title of host publication	Intelligent Systems and Applications - Proceedings of the International Computer Symposium, ICS 2014
Editors	William Cheng-Chung Chu, Han-Chieh Chao, Stephen Jenn-Hwa Yang
Publisher	IOS Press
Pages	841-849
Number of pages	9
ISBN (Electronic)	9781614994831
DOIs	https://doi.org/10.3233/978-1-61499-484-8-841
State	Published - 2015
Event	International Computer Symposium, ICS 2014 - Taichung, Taiwan Duration: 12 Dec 2014 → 14 Dec 2014

Publication series

Name	Frontiers in Artificial Intelligence and Applications
Volume	274
ISSN (Print)	0922-6389
ISSN (Electronic)	1879-8314

Conference

Conference	International Computer Symposium, ICS 2014
Country/Territory	Taiwan
City	Taichung
Period	12/12/14 → 14/12/14

Keywords

Black-box testing
Computer Security
Fuzz testing
Software Security
Software testing

Access to Document

10.3233/978-1-61499-484-8-841

Cite this

Chen, W. J., Tyan, H. R., & Huang, S.-K. (2015). On the effectiveness of scheduling fuzz testing. In W. C.-C. Chu, H.-C. Chao, & S. J.-H. Yang (Eds.), Intelligent Systems and Applications - Proceedings of the International Computer Symposium, ICS 2014 (pp. 841-849). (Frontiers in Artificial Intelligence and Applications; Vol. 274). IOS Press. https://doi.org/10.3233/978-1-61499-484-8-841

@inproceedings{ff2f22ec8ac54a5e85d0348bc0721595,

title = "On the effectiveness of scheduling fuzz testing",

abstract = "With the rapid development of software systems, exploiting software vulnerabilities to invade the system has largely increased. As a result, software security becomes vitally important. Since it is impossible to develop programs without bugs and it is inefficient to test program manually, we need a systematic software testing methods to verify if the software is with good quality. Black-box testing is a technique that can find bugs without the target program's source code, and normally copes with mutation fuzz testing. There are numerous fuzz testing tools freely available, but to find the maximum amount of unique bugs in limited interval of time is still a problem remained to be solved. In this paper we have used several scheduling algorithms to improve the fuzzer called FOE (Failure Observation Engine) to better improve the original fuzzing efficiency and produce maximum unique bugs in a given period of time.",

keywords = "Black-box testing, Computer Security, Fuzz testing, Software Security, Software testing",

author = "Chen, {Wei Jun} and Tyan, {Hsiao Rong} and Shih-Kun Huang",

year = "2015",

doi = "10.3233/978-1-61499-484-8-841",

language = "English",

series = "Frontiers in Artificial Intelligence and Applications",

publisher = "IOS Press",

pages = "841--849",

editor = "Chu, {William Cheng-Chung} and Han-Chieh Chao and Yang, {Stephen Jenn-Hwa}",

booktitle = "Intelligent Systems and Applications - Proceedings of the International Computer Symposium, ICS 2014",

address = "荷蘭",

}

Chen, WJ, Tyan, HR & Huang, S-K 2015, On the effectiveness of scheduling fuzz testing. in WC-C Chu, H-C Chao & SJ-H Yang (eds), Intelligent Systems and Applications - Proceedings of the International Computer Symposium, ICS 2014. Frontiers in Artificial Intelligence and Applications, vol. 274, IOS Press, pp. 841-849, International Computer Symposium, ICS 2014, Taichung, Taiwan, 12/12/14. https://doi.org/10.3233/978-1-61499-484-8-841

On the effectiveness of scheduling fuzz testing. / Chen, Wei Jun; Tyan, Hsiao Rong; Huang, Shih-Kun.
Intelligent Systems and Applications - Proceedings of the International Computer Symposium, ICS 2014. ed. / William Cheng-Chung Chu; Han-Chieh Chao; Stephen Jenn-Hwa Yang. IOS Press, 2015. p. 841-849 (Frontiers in Artificial Intelligence and Applications; Vol. 274).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the effectiveness of scheduling fuzz testing

AU - Chen, Wei Jun

AU - Tyan, Hsiao Rong

AU - Huang, Shih-Kun

PY - 2015

Y1 - 2015

N2 - With the rapid development of software systems, exploiting software vulnerabilities to invade the system has largely increased. As a result, software security becomes vitally important. Since it is impossible to develop programs without bugs and it is inefficient to test program manually, we need a systematic software testing methods to verify if the software is with good quality. Black-box testing is a technique that can find bugs without the target program's source code, and normally copes with mutation fuzz testing. There are numerous fuzz testing tools freely available, but to find the maximum amount of unique bugs in limited interval of time is still a problem remained to be solved. In this paper we have used several scheduling algorithms to improve the fuzzer called FOE (Failure Observation Engine) to better improve the original fuzzing efficiency and produce maximum unique bugs in a given period of time.

AB - With the rapid development of software systems, exploiting software vulnerabilities to invade the system has largely increased. As a result, software security becomes vitally important. Since it is impossible to develop programs without bugs and it is inefficient to test program manually, we need a systematic software testing methods to verify if the software is with good quality. Black-box testing is a technique that can find bugs without the target program's source code, and normally copes with mutation fuzz testing. There are numerous fuzz testing tools freely available, but to find the maximum amount of unique bugs in limited interval of time is still a problem remained to be solved. In this paper we have used several scheduling algorithms to improve the fuzzer called FOE (Failure Observation Engine) to better improve the original fuzzing efficiency and produce maximum unique bugs in a given period of time.

KW - Black-box testing

KW - Computer Security

KW - Fuzz testing

KW - Software Security

KW - Software testing

UR - http://www.scopus.com/inward/record.url?scp=84926472358&partnerID=8YFLogxK

U2 - 10.3233/978-1-61499-484-8-841

DO - 10.3233/978-1-61499-484-8-841

M3 - Conference contribution

AN - SCOPUS:84926472358

T3 - Frontiers in Artificial Intelligence and Applications

SP - 841

EP - 849

BT - Intelligent Systems and Applications - Proceedings of the International Computer Symposium, ICS 2014

A2 - Chu, William Cheng-Chung

A2 - Chao, Han-Chieh

A2 - Yang, Stephen Jenn-Hwa

PB - IOS Press

T2 - International Computer Symposium, ICS 2014

Y2 - 12 December 2014 through 14 December 2014

ER -

On the effectiveness of scheduling fuzz testing

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this