CWEInject: build fuzzer benchmark through bug templates

Zongshuai Ma; Zehui Wu; Qiang Wei

doi:10.1117/12.3032933

5 July 2024 CWEInject: build fuzzer benchmark through bug templates

Zongshuai Ma, Zehui Wu, Qiang Wei

Proceedings Volume 13184, Third International Conference on Electronic Information Engineering and Data Processing (EIEDP 2024); 131844S (2024) https://doi.org/10.1117/12.3032933
Event: 3rd International Conference on Electronic Information Engineering and Data Processing (EIEDP 2024), 2024, Kuala Lumpur, Malaysia

Abstract

With the development of fuzzy testing techniques and the generation of new techniques, evaluating and comparing the performance of fuzzy testers is a key challenge, and the evaluation index system needs to be supported by reliable test sets. Benchmark test sets with explicit, realistic vulnerabilities can be a good way of evaluating the ability of fuzzy testers to find in-the-wild vulnerabilities, and make the evaluation results have reliability. In order to batch a benchmark construction, this paper proposes CWEInject, a tool that performs data flow analysis on a target program, dynamically tracks the locations that satisfy the vulnerability template injection, and then injects the vulnerability template into the program to generate a vulnerability program. Our approach can generate vulnerability programs that satisfy the test benchmarks for fuzzy testing. Finally, we conducted experiments on six open-source programs, through which we demonstrated that the benchmark test set generated by the method is suitable for evaluating fuzzy testing tools as well as comparing the performance of different improved techniques.

(2024) Published by SPIE. Downloading of the abstract is permitted for personal use only.

Citation Download Citation

Zongshuai Ma, Zehui Wu, and Qiang Wei "CWEInject: build fuzzer benchmark through bug templates", Proc. SPIE 13184, Third International Conference on Electronic Information Engineering and Data Processing (EIEDP 2024), 131844S (5 July 2024); https://doi.org/10.1117/12.3032933

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
7 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Open source software

Tunable filters

Fuzzy logic

Analytical research

Engineering

Software engineering

RELATED CONTENT

Analysis of traffic safety risk state of highway reconstruction and...
Proceedings of SPIE (June 14 2023)

Charting the evolution bibliometric perspectives on anomaly detection within...
Proceedings of SPIE (June 07 2024)

4Pi microscopy in biomedicine a comprehensive bibliometric assessment of...
Proceedings of SPIE (June 07 2024)

Grey Wolf optimizer for efficient feature selection in robotic systems
Proceedings of SPIE (June 07 2024)

Method for determining median opening length in multi lane conversion...
Proceedings of SPIE (February 20 2024)

Selection of CPU scheduling dynamically through machine learning
Proceedings of SPIE (April 22 2020)

FC NT a crime prediction algorithm incorporating formal context...
Proceedings of SPIE (October 10 2023)

Subscribe to Digital Library

Receive Erratum Email Alert

Keywords/Phrases

Search In:

Publication Years