Fuzzing

From Rice Wiki


Fuzzing is a testing technique, where random outputs are generated to probe unintended behaviors of a software program.

Principle

Fuzzing is generally split into 4 steps: seed initialization, seed selection, mutation, and execution.

Seed initialization is the initial input to the fuzzing program. It can be random or human-designed to induce a specific behavior.

Seed selection follows seed initialization. After a pool of seeds are accumulated, the seed selection algorithm picks one. It can be arbitrary or with intent (such as AFL where seeds more likely to cause untested behaviors are selected).

After a seed is selected, it is mutated into a new input.

The mutated input is then executed on the program.

Sources

2309.10253v2_gpt-fuzzer