Next Article in Journal
Communication Bandwidth Prediction Technology for Smart Power Distribution Business in Smart Parks
Next Article in Special Issue
Image Forgery Detection Using Deep Learning by Recompressing Images
Previous Article in Journal
An Analysis on the Architecture and the Size of Quantized Hardware Neural Networks Based on Memristors
Previous Article in Special Issue
CA-CRE: Classification Algorithm-Based Controller Area Network Payload Format Reverse-Engineering Method
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 10
Issue 24
10.3390/electronics10243142
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

SpotFuzz: Fuzzing Based on Program Hot-Spots

Electronics 2021, 10(24), 3142; https://doi.org/10.3390/electronics10243142
by Haibo Pang, Jie Jian, Yan Zhuang *, Yingyun Ye and Zhanbo Li
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Electronics 2021, 10(24), 3142; https://doi.org/10.3390/electronics10243142
Submission received: 16 November 2021 / Revised: 9 December 2021 / Accepted: 13 December 2021 / Published: 17 December 2021
(This article belongs to the Special Issue Data-Driven Security)

Round 1

Reviewer 1 Report

 
The authors defined invalid execution edges and time-consuming edges as hot-spots. They proposed the fuzzing solution SpotFuzz to solve energy waste. They implemented and tested the SpotFuzz prototype model. The experiment found 45.86% more unique crashes and 14.25% more edges than AFL on average.

The article's topic is interesting and novel. The manuscript is well-written and organized. There are some typos and grammar corrections. However, there are some concerns and criticisms that should be addressed before any possible consideration for publication.

1) What is COMPILE_TIME_RANDOM? Is it constant, function, etc.? It needs to be stated in the manuscript.
 
2) The conclusions should include the comparisons of the results and address how much efficiency of fuzzer improved?

 
3) On Section 6.2
  Driller[? ] missing reference number or some error/typo. The authors need to clarify it.
 
4). On Section 6.1
The authors stated the following sentence: 
"Hawkeye considers the short path and long path that can reach the target position and weighs the energy distribution between the short path and the long path."
 
Please clarify the sentences. It is not clear.

5) The text below Figure 2:

 "It will continuously perform the main loop: "sentence should end with a full stop.

6) Figure 3 is too small to read it. Make it a bigger and readable figure.


7) Check the percentage values +60.87.00% and +65.22.00% in Table 4. What are these zeros at the end?

8) The conclusion should focus on the comparison of the results and advantages of the model. The authors need to explain more about the novelty of the work in the conclusion.

Author Response

1)  COMPILE_TIME_RANDOM is a pseudocode that generates a random number between 0 and 655536. We have added the description in section 2.

2) and 8) have been modified in the conclusion.

3)[? ]  is a cite error,  we modified  it.

4). On Section 6.1,we resummarized the work of Hawkeye.

5)  Changed "It will continuously perform the main loop: " to "It will continuously perform the main loop."

6) Figure 3 has been made bigger.

7) We changed them in Table 4.

Please see the attachment for the revised article.

Author Response File: Author Response.pdf

Reviewer 2 Report

This is an interesting paper that could be potentially publishable subject to some revisions that are discussed in more detail below.

 

Detailed comments:

 

Research questions – Hypotheses: Consider to develop research questions and form relevant hypotheses.

Terms: The terms: “efficiency” and “effectiveness” are used. Please provide definitions and make clear the difference between them. Define also relevant terms, e.g. fuzzing efficiency.

 

Generalization of the results: Discuss on the generalization of the results of the study.

 

Implications: Discuss on both theoretical and practical implications of the study.

 

Limitations:  Discuss on the limitations of the study, if there are any.

 

Minor comments:

Define abbreviations, e.g. AFL

 

Author Response

  • Research questions – Hypotheses:  We assume that program hot-spots might cause energy waste and design a hot-spots ratio model to calculate the hot-spots ratio of seed at run-time. Please see section 2.4.
  • Terms: “efficiency” is used.
  • Generalization of the results: We shows our results of the study in conclusion.
  • Implications: In section 3, we define over-exercising and time-consuming edges as hot-spots,  design a hot-spots ratio model and propose a new power schedule strategy and seed priority selection algorithm.  We implement SpotFuzz prototype.  We elaborate  practical implications in section 5 which the experiment shows  SpotFuzz improves the fuzzing efficiency.
  • We modified all problem mentioned in the comments. Please see the attachment for the revised article.

Author Response File: Author Response.pdf

Back to TopTop