An error occurred while loading the PDF.
Mutation-Guided Fuzzing: Expanding Coverage-Guided Fuzzing with Mutation Analysis
Presenter(s)
Isabella Laybourn
Programs/Groups
15-59x Computer Science Independent Study
Abstract or Description
Fuzz testing is a popular technique for finding software bugs and security vulnerabilities using randomized test-input generation. State-of-the-art fuzzing tools perform coverage-guided fuzzing, but more coverage doesn’t necessarily mean better fault detection capability. This project aims to develop a new fuzzing technique that is guided by fault detection via mutation analysis instead of coverage and show that, by replacing code coverage with mutation score as the metric for evaluating and guiding fuzz-generated inputs, test suites can be created that will augment and/or improve on those suites generated using code coverage as a metric. A mutation analysis program built to emulate the default set of mutations in mutation analysis software PIT was used to create a guidance for use in fuzzer JQF. Running JQF with this guidance is compared to running JQF with coverage-guided fuzzing. Results are currently inconclusive, pending testing on larger benchmarks.
Mentor
Rohan Padhye