IDEAS home Printed from https://ideas.repec.org/a/plo/pone00/0237749.html
   My bibliography  Save this article

A systematic review of fuzzing based on machine learning techniques

Author

Listed:
  • Yan Wang
  • Peng Jia
  • Luping Liu
  • Cheng Huang
  • Zhonglin Liu

Abstract

Security vulnerabilities play a vital role in network security system. Fuzzing technology is widely used as a vulnerability discovery technology to reduce damage in advance. However, traditional fuzz testing faces many challenges, such as how to mutate input seed files, how to increase code coverage, and how to bypass the format verification effectively. Therefore machine learning techniques have been introduced as a new method into fuzz testing to alleviate these challenges. This paper reviews the research progress of using machine learning techniques for fuzz testing in recent years, analyzes how machine learning improves the fuzzing process and results, and sheds light on future work in fuzzing. Firstly, this paper discusses the reasons why machine learning techniques can be used for fuzzing scenarios and identifies five different stages in which machine learning has been used. Then this paper systematically studies machine learning-based fuzzing models from five dimensions of selection of machine learning algorithms, pre-processing methods, datasets, evaluation metrics, and hyperparameters setting. Secondly, this paper assesses the performance of the machine learning techniques in existing research for fuzz testing. The results of the evaluation prove that machine learning techniques have an acceptable capability of prediction for fuzzing. Finally, the capability of discovering vulnerabilities both traditional fuzzers and machine learning-based fuzzers is analyzed. The results depict that the introduction of machine learning techniques can improve the performance of fuzzing. We hope to provide researchers with a systematic and more in-depth understanding of fuzzing based on machine learning techniques and provide some references for this field through analysis and summarization of multiple dimensions.

Suggested Citation

  • Yan Wang & Peng Jia & Luping Liu & Cheng Huang & Zhonglin Liu, 2020. "A systematic review of fuzzing based on machine learning techniques," PLOS ONE, Public Library of Science, vol. 15(8), pages 1-37, August.
    • Handle: RePEc:plo:pone00:0237749
    DOI: 10.1371/journal.pone.0237749
    as

    Download full text from publisher

    File URL: https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0237749
    Download Restriction: no
    File URL: https://journals.plos.org/plosone/article/file?id=10.1371/journal.pone.0237749&type=printable
    Download Restriction: no
    File URL: https://libkey.io/10.1371/journal.pone.0237749?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Wilkinson, Leland & Friendly, Michael, 2009. "The History of the Cluster Heat Map," The American Statistician, American Statistical Association, vol. 63(2), pages 179-184.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Alicja Grześkowiak, 2016. "Assessment of Participation in Cultural Activities in Poland by Selected Multivariate Methods," European Journal of Social Sciences Education and Research Articles, Revistia Research and Publishing, vol. 3, January -.
    2. Fabio Salamanca-Buentello & Mary V Seeman & Abdallah S Daar & Ross E G Upshur, 2020. "The ethical, social, and cultural dimensions of screening for mental health in children and adolescents of the developing world," PLOS ONE, Public Library of Science, vol. 15(8), pages 1-25, August.
    3. Nicodemo, Catia & Satorra, Albert, 2020. "Exploratory Data Analysis on Large Data Sets: The Example of Salary Variation in Spanish Social Security Data," IZA Discussion Papers 13459, Institute of Labor Economics (IZA).
    4. Wittek, Peter, 2013. "Two-way incremental seriation in the temporal domain with three-dimensional visualization: Making sense of evolving high-dimensional datasets," Computational Statistics & Data Analysis, Elsevier, vol. 66(C), pages 193-201.
    5. Lorentz, Harri & Kumar, Mukesh & Srai, Jagjit Singh, 2018. "Managing distance in international purchasing and supply: a systematic review of literature from the resource-based view perspective," International Business Review, Elsevier, vol. 27(2), pages 339-354.
    6. Xinhao Luo & Chen Liang & Yongyou Hu, 2019. "Comparison of Different Enhanced Coagulation Methods for Azo Dye Removal from Wastewater," Sustainability, MDPI, vol. 11(17), pages 1-14, August.
    7. Romildo Brito Neto & Celso Santos & Kevin Mulligan & Lucia Barbato, 2016. "Spatial and temporal water-level variations in the Texas portion of the Ogallala Aquifer," Natural Hazards: Journal of the International Society for the Prevention and Mitigation of Natural Hazards, Springer;International Society for the Prevention and Mitigation of Natural Hazards, vol. 80(1), pages 351-365, January.
    8. Shah Jahan Miah & Huy Quan Vu & Damminda Alahakoon, 2022. "A social media analytics perspective for human‐oriented smart city planning and management," Journal of the Association for Information Science & Technology, Association for Information Science & Technology, vol. 73(1), pages 119-135, January.
    9. Francesco Pasanisi & Gaia Righini & Massimo D’Isidoro & Lina Vitali & Gino Briganti & Sergio Grauso & Lorenzo Moretti & Carlo Tebano & Gabriele Zanini & Mabafokeng Mahahabisa & Mosuoe Letuma & Muso Ra, 2021. "A Cooperation Project in Lesotho: Renewable Energy Potential Maps Embedded in a WebGIS Tool," Sustainability, MDPI, vol. 13(18), pages 1-26, September.
    10. Diaz-Balteiro, L. & Alfranca, O. & Voces, R. & Soliño, M., 2023. "Using google search patterns to explain the demand for wild edible mushrooms," Forest Policy and Economics, Elsevier, vol. 152(C).
    11. Terrill L. Frantz, 2018. "Blockmap: an interactive visualization tool for big-data networks," Computational and Mathematical Organization Theory, Springer, vol. 24(2), pages 149-168, June.
    12. Magdalena Jastrzębska & Urszula Wachowska & Marta K. Kostrzewska, 2020. "Pathogenic and Non-Pathogenic Fungal Communities in Wheat Grain as Influenced by Recycled Phosphorus Fertilizers: A Case Study," Agriculture, MDPI, vol. 10(6), pages 1-15, June.
    13. Chengcheng Huang & Guoqiang Wang & Xiaogu Zheng & Jingshan Yu & Xinyi Xu, 2015. "Simple Linear Modeling Approach for Linking Hydrological Model Parameters to the Physical Features of a River Basin," Water Resources Management: An International Journal, Published for the European Water Resources Association (EWRA), Springer;European Water Resources Association (EWRA), vol. 29(9), pages 3265-3289, July.
    14. Francesca Conte & Pierluigi Vitale & Agostino Vollero & Alfonso Siano, 2018. "Designing a Data Visualization Dashboard for Managing the Sustainability Communication of Healthcare Organizations on Facebook," Sustainability, MDPI, vol. 10(12), pages 1-14, November.
    15. Bin Liu & Longyun Fang & Fule Liu & Xiaolong Wang & Junjie Chen & Kuo-Chen Chou, 2015. "Identification of Real MicroRNA Precursors with a Pseudo Structure Status Composition Approach," PLOS ONE, Public Library of Science, vol. 10(3), pages 1-20, March.
    16. Mark Paddrik & Richard Haynes & Andrew E. Todd & Peter A. Beling & William T. Scherer, 2014. "The Role of Visual Analysis in the Regulation of Electronic Order Book Markets," Staff Discussion Papers 14-02, Office of Financial Research, US Department of the Treasury.
    17. Pawel Zukowski & Paweł Okal & Konrad Kierczynski & Przemyslaw Rogalski & Sebastian Borucki & Michał Kunicki & Tomasz N. Koltunowicz, 2023. "Investigations into the Influence of Matrix Dimensions and Number of Iterations on the Percolation Phenomenon for Direct Current," Energies, MDPI, vol. 16(20), pages 1-19, October.
    18. Roy Costilla & Ivy Liu & Richard Arnold & Daniel Fernández, 2019. "Bayesian model-based clustering for longitudinal ordinal data," Computational Statistics, Springer, vol. 34(3), pages 1015-1038, September.
    19. Pedro García-del-Valle-y-Durán & Eduardo Gamaliel Hernandez-Martinez & Guillermo Fernández-Anaya, 2022. "The Greatest Common Decision Maker: A Novel Conflict and Consensus Analysis Compared with Other Voting Procedures," Mathematics, MDPI, vol. 10(20), pages 1-39, October.
    20. Ionela MANIU & Alexander WANDSCHNEIDER & Bogdan NEAMTU, 2017. "Practical Recommendations Of Data Preprocessing And Geospatial Measures For Optimizing The Neurological And Other Pediatric Emergencies Management," SEA - Practical Application of Science, Romanian Foundation for Business Intelligence, Editorial Department, issue 14, pages 305-311, August.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:plo:pone00:0237749. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: plosone (email available below). General contact details of provider: https://journals.plos.org/plosone/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.