Next Article in Journal
Advantages and Pitfalls of Dataset Condensation: An Approach to Keyword Spotting with Time-Frequency Representations
Next Article in Special Issue
Jamming Analysis between Non-Cooperative Mega-Constellations Based on Satellite Network Capacity
Previous Article in Journal
IPCB: Intelligent Pseudolite Constellation Based on High-Altitude Balloons
Previous Article in Special Issue
Trajectory Planning for UAV-Assisted Data Collection in IoT Network: A Double Deep Q Network Approach
 
 
Article
Peer-Review Record

WolfFuzz: A Dynamic, Adaptive, and Directed Greybox Fuzzer

Electronics 2024, 13(11), 2096; https://doi.org/10.3390/electronics13112096
by Qingyao Zeng 1, Dapeng Xiong 2,*, Zhongwang Wu 2, Kechang Qian 2, Yu Wang 2 and Yinghao Su 1
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Electronics 2024, 13(11), 2096; https://doi.org/10.3390/electronics13112096
Submission received: 22 April 2024 / Revised: 22 May 2024 / Accepted: 27 May 2024 / Published: 28 May 2024

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

 

This article introduces WolfFuzz, which presents some innovations in mutation and exploration scheduling. However, the writing in this paper is scattered and requires extensive editing.

 

Some examples as follows:

 

In the third paragraph of Section 1, the discussion of related work seems rushed and lacks comparison with the methods proposed in this paper. The mention of "between three distinct phases" in Section 1 is not promptly introduced. It is generally understood as two phases: exploration and exploitation. Or are they similar to the three phases in FishFuzz, which should be clarified early in the paper.

 

Why is it stated in Figure 1 that "With FishFuzz's distance calculation, A-B-D-F is 3, A-C-F is 2, showing equal preference for A-C-F." Here, there is a typo "FishFuzz," and isn't the distance different (3 vs 2)? In FishFuzz, isn't it the calculation of function distances? How are the branch reachability probabilities in this figure calculated based on FishFuzz? I cannot find the probabilities in the main body of the paper either.

 

On page 4, "fuzzy testing" should be "fuzz testing." There are also other instances where "fuzzy" is incorrectly used.

 

In Section 3.4, there's a typo in “Figure ??”.

 

In Section 5.2, while the result is about code coverage, it's suggested that the conclusion could indeed detect more errors: "This means that WolfFuzz could identify additional vulnerabilities."

 

 

In Section 5.5, there's virtually no explanation for Table 8, leaving readers unsure of what the numbers represent.

Comments on the Quality of English Language

Must be improved

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

This paper presents an innovative approach to grey-box fuzzing by introducing a dynamic, adaptive system named WolfFuzz, designed to improve efficiency in vulnerability identification within software systems. The paper is well-organized. Some comments to the authors for improvement

Abstract. Please add some quantitative results. For example how much is % of improvement by comparative trials with state-of-the-art  fuzzers such as AFL and AFLGo.

Consider adding a section/paragraph discussing the implications of the findings for practical applications in more diverse contexts or different types of software systems and any potential limitations or challenges that may arise when deploying WolfFuzz in real-world scenarios.

 

 

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

 

The paper requires a thorough rewrite, focusing on restructuring and clarifying descriptions rather than simply making minor word changes. Here are some specific examples of areas that need improvement:

 

The paper lacks sufficient support for statements such as "WOLFFUZZ demonstrates an average speed improvement of 3.20 times over the baseline and is able to reproduce 76.4% of known bugs at a faster rate." The source of the 3.2x improvement is unclear, and the assertion that WolfFuzz reproduces bugs faster needs more substantiation. Additionally, Table 7 only presents WolfFuzz's results, and in Section 5.4, the numbers of unique crashes are deemed irrelevant since they haven't been deduplicated.

Figure 3, illustrating the overall process of WolfFuzz, requires clearer explanation.

The utilization of IGWO (presumably a method or tool) is not adequately elucidated and necessitates a rewritten explanation.

The concept of branch reachability probability lacks sufficient explanation.

In the algorithm, there seems to be a discrepancy between the hunt_mode and its corresponding mode in Figure 4.

 

These issues must be addressed to enhance the clarity and credibility of the paper.

Comments on the Quality of English Language

Poor

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

The authors adressed all the comments

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 3

Reviewer 1 Report

Comments and Suggestions for Authors

The revision looks much better now.

Comments on the Quality of English Language

No

Back to TopTop