FinFuzzer: One Step Further in Fuzzing Fintech Systems

Qingshun Wang, Lihua Xu, Jun Xiao, Qi Guo, Haotian Zhang, Liang Dou, Liang He, Tao Xie

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Comprehensive testing is of high importance to ensure the reliability of software systems, especially for systems with high stakes such as FinTech systems. In this paper, we share our observations of the Ant Group's status quo in testing their financial services, specifically on the importance of properly transforming relevant external environment settings and prioritizing input object fields for mutation during automated fuzzing. Based on these observations, we propose FinFuzzer, an automated fuzz testing framework that detects and transforms relevant environmental settings into system inputs, prioritizes input object fields, and mutates system inputs on both environment settings and high-priority object fields. Our evaluation of FinFuzzer against four FinTech systems developed by the Ant Group shows that FinFuzzer can outperform a state-of-the-art approach in terms of line coverage in much shorter time.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1111-1115
Number of pages5
ISBN (Electronic)9781665403375
DOIs
StatePublished - 2021
Event36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021 - Virtual, Online, Australia
Duration: Nov 15 2021Nov 19 2021

Publication series

NameProceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021

Conference

Conference36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021
Country/TerritoryAustralia
CityVirtual, Online
Period11/15/2111/19/21

Keywords

  • FinTech
  • Fuzzing
  • Software Testing

ASJC Scopus subject areas

  • Artificial Intelligence
  • Software
  • Safety, Risk, Reliability and Quality
  • Control and Optimization

Fingerprint

Dive into the research topics of 'FinFuzzer: One Step Further in Fuzzing Fintech Systems'. Together they form a unique fingerprint.

Cite this