Evaluation and Application of Two Fuzzing Approaches for Security Testing of IoT Applications


The proliferation of Internet of Things (IoT) embedded with vulnerable software has raised serious doubts about security of IoT devices and networks. Enhancing fuzzing performance and efficiency to enable testing these software samples is a challenge. Fuzzing is an automated technique widely used to provide software quality assurance during testing to find flaws and bugs by providing random or invalid inputs to a computer software. However, the technique could take significant amount of time and effort to complete during the test phase of the software development lifecycle. Reducing the time required to fuzz a software will improve efficiency and productivity during the software testing phase to enable detailed analysis and fixing of bugs or flaws found in the computer program. There are a number of factors that influence the fuzzing technique, such as quality of test cases or invalid inputs used during the test and how these samples were collected or created. In this paper, we introduce a technique to leverage from the different crashes discovered from two fuzzing approaches to improve fuzzers by concentrating on utilised test cases. The code coverage is used as an efficiency metric to measure the test case on the tested software and to assess the quality of a given input. Different sample features were created and analysed to identify the most effective and efficient feature used as input for the fuzzer program to test the target software.