Comparison of the combined fuzzing algorithm based on mutation analysis with the fuzzing algorithm based on code coverage

Abstract

This article presents a comparative analysis between the μ2 algorithm and the Zest algorithm using the same amount of time rather than inputs and comparison by metrics other than mutation analysis. The Zest algorithm, embedded in the JQF framework, prioritizes comprehensive code coverage by generating inputs that satisfy both structural and semantic requirements. In contrast, μ2 is an approach that expands the scope of coverage-guided fuzzing through the integration of mutation analysis, which, in turn, enables the generation of higher-quality test cases. The obtained conclusions confirm that mutation-based fuzzing requires more time for generating input data that ensures complete code coverage. The research has revealed that under equal conditions, the combined algorithm based on mutation analysis provides less overall code coverage compared to the code coverage-based algorithm. Furthermore, it is noteworthy that the approach of fuzzing guided by mutation analysis, such as the one exemplified by the μ2 algorithm, is relatively less explored in the existing body of research. In reality, the shortage of publications dedicated to the topic of fuzzing based on mutation analysis is evident from the limited references in fuzzing review papers. This gap in awareness might contribute to the restrained popularity of mutation analysis within the security research community and in software testing. Additionally, this article aims to enhance the visibility of mutation analysis among fuzzing researchers.