Empirical analysis and modeling of black-box mutational fuzzing

Mingyi Zhao, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Scopus citations


Black-box mutational fuzzing is a simple yet effective method for finding software vulnerabilities. In this work, we collect and analyze fuzzing campaign data of 60,000 fuzzing runs, 4,000 crashes and 363 unique bugs, from multiple Linux programs using CERT Basic Fuzzing Framework. Motivated by the results of empirical analysis, we propose a stochastic model that captures the long-tail distribution of bug discovery probability and exploitability. This model sheds light on practical questions such as what is the expected number of bugs discovered in a fuzzing campaign within a given time, why improving software security is hard, and why different parties (e.g., software vendors, white hats, and black hats) are likely to find different vulnerabilities. We also discuss potential generalization of this model to other vulnerability discovery approaches, such as recently emerged bug bounty programs.

Original languageEnglish (US)
Title of host publicationEngineering Secure Software and Systems - 8th International Symposium, ESSoS 2016, Proceedings
EditorsEric Bodden, Juan Caballero, Elias Athanasopoulos
PublisherSpringer Verlag
Number of pages17
ISBN (Print)9783319308050
StatePublished - 2016
Event8th International Symposium on Engineering Secure Software and Systems, ESSoS 2016 - London, United Kingdom
Duration: Apr 6 2016Apr 8 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other8th International Symposium on Engineering Secure Software and Systems, ESSoS 2016
Country/TerritoryUnited Kingdom

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Empirical analysis and modeling of black-box mutational fuzzing'. Together they form a unique fingerprint.

Cite this