Fuzzing based on similarity of test casesInformation technology is developing rapidly. Along with rapid advancements, a large number of software security breaches are occurring, which have a significant impact on organizations and individuals. In recent years, many methods have been proposed to identify and prevent software weaknesses. “Fuzzing was first proposed by Miller et al. in 1990 to detect software vulnerabilities” (Zhang, Liu, Lei, Kung, Csallner, Nystrom & Wang, 2012, p.102). In the process of vulnerability detection, the program inputs are modified to form different inputs to identify the different possible paths present in the program. The execution behavior of programs is monitored on different inputs to detect exceptions. If exceptions are found, it can be said that weaknesses are present in the program and the software is vulnerable. There are two different types of fuzzing, namely black box fuzzing and white box fuzzing. Black box testing does not take into account the source code of the program. It is only used to identify weaknesses in the different inputs that can be provided to the program. Whereas white box testing is used to test all the different possible paths of a program. However, many challenges exist for both categories of fuzzing. According to Zhang et al. (2012), white-box testing fails to identify paths that contain complex data structures and unresolvable branch conditions, while black-box testing fails to test the semantics of complex programs that are deeper ( p.103). the challenges of both types of testing Zhang et.al, (2012) proposed a two-step fuzzing process to effectively test the semantics of complex programs (p.103). The...... middle of paper ......to detect security vulnerabilities. While binary level extensions can be placed, vulnerabilities can be modified with the application of non-parallel statistical testing, making the fuzzing process effective in determining software weaknesses and identifying bugs. ReferencesAnon., 2011a . Available: http://nvd.nist.gov (Online). Ganesh, V., Leek, T., Rinard, M., 2009. Hue-based directed white-box fuzzing. In: Proceedings of the 31st IEEE International Conference on Software Engineering (ICSE). Godefroid, P., Levin, MY, Molnar, D., 2008. Automated white-box fuzz testing. In: Proceedings of Network and Distributed Systems Security (NDSS). Zhang, D., Liu, D., Lei, Y., Kung, D., Csallner, C., Nystrom, N., Wang, W. (2012). Sim Fuzz: similarity test case based on deep fuzzing, The Journal of Systems and Software, 85,102-111.