Netinfo Security ›› 2023, Vol. 23 ›› Issue (8): 1-16.doi: 10.3969/j.issn.1671-1122.2023.08.001

Previous Articles     Next Articles

Review of Fuzzing Based on Machine Learning

WANG Juan1,2(), ZHANG Chong1,2, GONG Jiaxin1,2, LI Jun’e1,2   

  1. 1. School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China
    2. Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education, Wuhan University, Wuhan 430072, China
  • Received:2022-12-16 Online:2023-08-10 Published:2023-08-08
  • Contact: WANG Juan E-mail:jwang@whu.edu.cn

Abstract:

Fuzzing is one of the most popular vulnerability discovering techniques today. Traditional fuzzing often requires a lot of labor, which increases the application cycle of fuzzing. Besides, expert experience determines the effect of fuzzing. The wide application of machine learning has enabled machine learning techniques to be applied to software security testing. Many research works use machine learning to optimize the fuzzing process, making up for many defects of traditional fuzzing technology. This paper provided a review of fuzzing based on machine learning. Firstly, common vulnerability discovery methods, fuzzing process and classification, and the shortcomings of traditional fuzzing were summarized. Then, from the perspective of test case generation, mutation, screening, and scheduling of fuzzing, this paper focused on the application research of machine learning methods in fuzzing, as well as the research work on combining machine learning and fuzzing to realize other functions. Finally, based on the existing work, this paper analyzed and summarized the limitations and challenges in the current research work, and prospected the future development directions of this field.

Key words: fuzzing, vulnerability discovery, machine learning

CLC Number: