Improving greybox fuzzing with dictionary-based mutations: A systematic literature review
DOI:
https://doi.org/10.18489/sacjv37i2/21430Keywords:
Dictionary-based mutation, Greybox fuzzing, Software vulnerability, Mutational Fuzzing, Software testingAbstract
Detecting deep bugs that are guided by complex conditions, based on specific byte sequences of the input, often requires input structure-aware or grammar-aware fuzzing strategies. However, the grammar or specification of the input may not be readily available. In this regard, there exists anecdotal evidence that dictionary-based mutations contribute to preserving the syntactic structure of input test cases and may approximate the efficacy of grammar-aware fuzzing. It is not yet clear as to which is the best strategy for automatically extracting fuzzing dictionary tokens from the codebase of the program under test. In this study we conduct a systematic review of the impact of dictionary-based mutations on the fuzzing process. We further review strategies for automatically
extracting dictionary tokens and optimizing dictionary-based mutations. Our findings are that current strategies for extracting fuzzing dictionary are not optimised for highly structured input. Furthermore, about 58% of the reviewed state-of-the art fuzzing tools rely on the random mutation operator distribution of respective baseline fuzzer. Moreover, the evaluation of these fuzzing tools report on aggregated performance of mutation operator scheduling algorithms, and not specific individual operators such as dictionary-based mutation operators.
References
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Enock L. Dube, Boluwaji A. Akinnuwesi, Stephen G. Fashoto, Petros M. Mashwama, Vusi W. Tsabedze
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
.png){kind=spacer}