Improving Fuzz Testing Using Game Theory

We propose a game theoretical model for fuzz testing, consisting in generating unexpected input to search for software vulnerabilities. As of today, no performance guarantees or assessment frameworks for fizzing exist. Our paper addresses these issues and describes a simple model that can be used to assess and identify optimal fizzing strategies, by leveraging game theory. In this context, payoff functions are obtained using a tainted data analysis and instrumentation of a target application to assess the impact of different fizzing strategies.