FinFuzzer: One Step Further in Fuzzing Fintech Systems

Qingshun Wang; Lihua Xu; Jun Xiao; Qi Guo; Haotian Zhang; Liang Dou; Liang He; Tao Xie

doi:10.1109/ASE51524.2021.9678675

FinFuzzer: One Step Further in Fuzzing Fintech Systems

Qingshun Wang, Lihua Xu, Jun Xiao, Qi Guo, Haotian Zhang, Liang Dou, Liang He, Tao Xie

Information Trust Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Comprehensive testing is of high importance to ensure the reliability of software systems, especially for systems with high stakes such as FinTech systems. In this paper, we share our observations of the Ant Group's status quo in testing their financial services, specifically on the importance of properly transforming relevant external environment settings and prioritizing input object fields for mutation during automated fuzzing. Based on these observations, we propose FinFuzzer, an automated fuzz testing framework that detects and transforms relevant environmental settings into system inputs, prioritizes input object fields, and mutates system inputs on both environment settings and high-priority object fields. Our evaluation of FinFuzzer against four FinTech systems developed by the Ant Group shows that FinFuzzer can outperform a state-of-the-art approach in terms of line coverage in much shorter time.

Original language	English (US)
Title of host publication	Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1111-1115
Number of pages	5
ISBN (Electronic)	9781665403375
DOIs	https://doi.org/10.1109/ASE51524.2021.9678675
State	Published - 2021
Event	36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021 - Virtual, Online, Australia Duration: Nov 15 2021 → Nov 19 2021

Publication series

Name	Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021

Conference

Conference	36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
Country/Territory	Australia
City	Virtual, Online
Period	11/15/21 → 11/19/21

Keywords

FinTech
Fuzzing
Software Testing

ASJC Scopus subject areas

Artificial Intelligence
Software
Safety, Risk, Reliability and Quality
Control and Optimization

Online availability

10.1109/ASE51524.2021.9678675

Library availability

Discover UIUC Full Text

Cite this

Wang, Q., Xu, L., Xiao, J., Guo, Q., Zhang, H., Dou, L., He, L., & Xie, T. (2021). FinFuzzer: One Step Further in Fuzzing Fintech Systems. In Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021 (pp. 1111-1115). (Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ASE51524.2021.9678675

FinFuzzer: One Step Further in Fuzzing Fintech Systems. / Wang, Qingshun; Xu, Lihua; Xiao, Jun et al.
Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 1111-1115 (Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Wang, Q, Xu, L, Xiao, J, Guo, Q, Zhang, H, Dou, L, He, L & Xie, T 2021, FinFuzzer: One Step Further in Fuzzing Fintech Systems. in Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021. Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021, Institute of Electrical and Electronics Engineers Inc., pp. 1111-1115, 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021, Virtual, Online, Australia, 11/15/21. https://doi.org/10.1109/ASE51524.2021.9678675

Wang Q, Xu L, Xiao J, Guo Q, Zhang H, Dou L et al. FinFuzzer: One Step Further in Fuzzing Fintech Systems. In Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 1111-1115. (Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021). doi: 10.1109/ASE51524.2021.9678675

Wang, Qingshun ; Xu, Lihua ; Xiao, Jun et al. / FinFuzzer : One Step Further in Fuzzing Fintech Systems. Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 1111-1115 (Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021).

@inproceedings{5137604874f94cdf8f15e27f10afddd3,

title = "FinFuzzer: One Step Further in Fuzzing Fintech Systems",

abstract = "Comprehensive testing is of high importance to ensure the reliability of software systems, especially for systems with high stakes such as FinTech systems. In this paper, we share our observations of the Ant Group's status quo in testing their financial services, specifically on the importance of properly transforming relevant external environment settings and prioritizing input object fields for mutation during automated fuzzing. Based on these observations, we propose FinFuzzer, an automated fuzz testing framework that detects and transforms relevant environmental settings into system inputs, prioritizes input object fields, and mutates system inputs on both environment settings and high-priority object fields. Our evaluation of FinFuzzer against four FinTech systems developed by the Ant Group shows that FinFuzzer can outperform a state-of-the-art approach in terms of line coverage in much shorter time.",

keywords = "FinTech, Fuzzing, Software Testing",

author = "Qingshun Wang and Lihua Xu and Jun Xiao and Qi Guo and Haotian Zhang and Liang Dou and Liang He and Tao Xie",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021 ; Conference date: 15-11-2021 Through 19-11-2021",

year = "2021",

doi = "10.1109/ASE51524.2021.9678675",

language = "English (US)",

series = "Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1111--1115",

booktitle = "Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021",

address = "United States",

}

TY - GEN

T1 - FinFuzzer

T2 - 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021

AU - Wang, Qingshun

AU - Xu, Lihua

AU - Xiao, Jun

AU - Guo, Qi

AU - Zhang, Haotian

AU - Dou, Liang

AU - He, Liang

AU - Xie, Tao

PY - 2021

Y1 - 2021

N2 - Comprehensive testing is of high importance to ensure the reliability of software systems, especially for systems with high stakes such as FinTech systems. In this paper, we share our observations of the Ant Group's status quo in testing their financial services, specifically on the importance of properly transforming relevant external environment settings and prioritizing input object fields for mutation during automated fuzzing. Based on these observations, we propose FinFuzzer, an automated fuzz testing framework that detects and transforms relevant environmental settings into system inputs, prioritizes input object fields, and mutates system inputs on both environment settings and high-priority object fields. Our evaluation of FinFuzzer against four FinTech systems developed by the Ant Group shows that FinFuzzer can outperform a state-of-the-art approach in terms of line coverage in much shorter time.

AB - Comprehensive testing is of high importance to ensure the reliability of software systems, especially for systems with high stakes such as FinTech systems. In this paper, we share our observations of the Ant Group's status quo in testing their financial services, specifically on the importance of properly transforming relevant external environment settings and prioritizing input object fields for mutation during automated fuzzing. Based on these observations, we propose FinFuzzer, an automated fuzz testing framework that detects and transforms relevant environmental settings into system inputs, prioritizes input object fields, and mutates system inputs on both environment settings and high-priority object fields. Our evaluation of FinFuzzer against four FinTech systems developed by the Ant Group shows that FinFuzzer can outperform a state-of-the-art approach in terms of line coverage in much shorter time.

KW - FinTech

KW - Fuzzing

KW - Software Testing

UR - http://www.scopus.com/inward/record.url?scp=85125487446&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85125487446&partnerID=8YFLogxK

U2 - 10.1109/ASE51524.2021.9678675

DO - 10.1109/ASE51524.2021.9678675

M3 - Conference contribution

AN - SCOPUS:85125487446

T3 - Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021

SP - 1111

EP - 1115

BT - Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 15 November 2021 through 19 November 2021

ER -

FinFuzzer: One Step Further in Fuzzing Fintech Systems

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this