# A Feature-Oriented Corpus for Understanding, Evaluating and Improving   Fuzz Testing

**Authors:** Xiaogang Zhu, Xiaotao Feng, Tengyun Jiao, Sheng Wen, Yang Xiang, Seyit, Camtepe, Jingling Xue

arXiv: 1905.01405 · 2019-05-07

## TL;DR

This paper introduces FEData, a feature-oriented corpus that helps understand and evaluate fuzzers by highlighting specific search-hampering features, enabling targeted improvements.

## Contribution

It proposes a novel corpus generation approach based on search-hampering features, providing insights into why fuzzers succeed or fail.

## Key findings

- FEData focuses on four key search-hampering features.
- It enables understanding of fuzzing weaknesses beyond just bug counts.
- The corpus aids in diagnosing and improving fuzzing techniques.

## Abstract

Fuzzing is a promising technique for detecting security vulnerabilities. Newly developed fuzzers are typically evaluated in terms of the number of bugs found on vulnerable programs/binaries. However,existing corpora usually do not capture the features that prevent fuzzers from finding bugs, leading to ambiguous conclusions on the pros and cons of the fuzzers evaluated. A typical example is that Driller detects more bugs than AFL, but its evaluation cannot establish if the advancement of Driller stems from the concolic execution or not, since, for example, its ability in resolving a dataset`s magic values is unclear. In this paper, we propose to address the above problem by generating corpora based on search-hampering features. As a proof-of-concept, we have designed FEData, a prototype corpus that currently focuses on four search-hampering features to generate vulnerable programs for fuzz testing. Unlike existing corpora that can only answer "how", FEData can also further answer "why" by exposing (or understanding) the reasons for the identified weaknesses in a fuzzer. The "why" information serves as the key to the improvement of fuzzers.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.01405/full.md

## Figures

17 figures with captions in the complete paper: https://tomesphere.com/paper/1905.01405/full.md

## References

33 references — full list in the complete paper: https://tomesphere.com/paper/1905.01405/full.md

---
Source: https://tomesphere.com/paper/1905.01405