Socialz: Multi-Feature Social Fuzz Testing
Pages 1445 - 1453
Abstract
Online social networks have become an integral aspect of our daily lives and play a crucial role in shaping our relationships with others. However, bugs and glitches, even minor ones, can cause anything from frustrating problems to serious data leaks that can have far-reaching impacts on millions of users.
To mitigate these risks, fuzz testing, a method of testing with randomised inputs, can provide increased confidence in the correct functioning of a social network. However, implementing traditional fuzz testing methods can be prohibitively difficult or impractical for programmers outside of the social network's development team.
To tackle this challenge, we present Socialz, a novel approach to social fuzz testing that (1) characterises real users of a social network, (2) diversifies their interaction using evolutionary computation across multiple, non-trivial features, and (3) collects performance data as these interactions are executed. With Socialz, we aim to put social testing tools in everybody's hands, thereby improving the reliability and security of social networks used worldwide.
In our study, we came across (1) one known limitation of the current GitLab CE and (2) 6,907 errors, of which 40.16% are beyond our debugging skills.
References
[1]
John Ahlgren, Maria Eugenia Berezin, Kinga Bojarczuk, Elena Dulskyte, Inna Dvortsova, Johann George, Natalija Gucevska, Mark Harman, Ralf Laemmel, Erik Meijer, et al. 2020. WES: Agent-based user interaction simulation on real infrastructure. In IEEE/ACM 42nd International Conference on Software Engineering Workshops (ICSEW). 276--284.
[2]
John Ahlgren, Kinga Bojarczuk, Sophia Drossopoulou, Inna Dvortsova, Johann George, Natalija Gucevska, Mark Harman, Maria Lomeli, Simon MM Lucas, Erik Meijer, et al. 2021. Facebook's cyber-cyber and cyber-physical digital twins. In Evaluation and Assessment in Software Engineering. 1--9.
[3]
Nadia Alshahwan, Xinbo Gao, Mark Harman, Yue Jia, Ke Mao, Alexander Mols, Taijin Tei, and Ilya Zorin. 2018. Deploying Search Based Software Engineering with Sapienz at Facebook. In Symposium on Search-Based Software Engineering (SSBSE). 3--45.
[4]
Mahmoud A. Bokhari, Brad Alexander, and Markus Wagner. 2020. Towards Rigorous Validation of Energy Optimisation Experiments. In Genetic and Evolutionary Computation Conference (GECCO). 1232--1240.
[5]
Jon Brodkin. 2022. Trump's social app marred by bugs and apparent ban on Devin Nunes cow accounts. https://arstechnica.com/tech-policy/2022/02/trumps-truth-social-rollout-has-been-as-glitchy-as-youd-expect/
[6]
Gitlab CE. 2023. Issue #360755: "Limit the maximum number of followed users. https://gitlab.com/gitlab-org/gitlab/-/issues/360755
[7]
Yuan Cheng, Jaehong Park, and Ravi Sandhu. 2012. A user-to-user relationship-based access control model for online social networks. In IFIP Annual conference on data and applications security and privacy (DBSec). 8--24.
[8]
Domenico Cotroneo, Antonio Ken Iannillo, and Roberto Natella. 2019. Evolutionary Fuzzing of Android OS Vendor System Services. Empirical Software Engineering 24, 6 (2019), 3630--3658.
[9]
Charlotte Day. 2015. 5 Annoying Social Media Bugs. https://www.linkedin.com/pulse/5-annoying-social-media-bugs-charlotte-day/
[10]
Carola Doerr and Markus Wagner. 2018. Simple On-the-Fly Parameter Selection Mechanisms for Two Classical Discrete Black-Box Optimization Benchmark Problems. In Genetic and Evolutionary Computation Conference (GECCO). 943--950.
[11]
Thomas Dohmke. 2023. 100 million developers and counting. https://github.blog/2023-01-25-100-million-developers-and-counting/
[12]
Nick Duffield and Balachander Krishnamurthy. 2016. Efficient Sampling for Better OSN Data Provisioning. arXiv preprint arXiv:1612.04666 (2016).
[13]
Daschel Franz, Heather Elizabeth Marsh, Jason I Chen, and Alan R Teo. 2019. Using Facebook for Qualitative Research: A Brief Primer. Journal of Medical Internet Research 21, 8 (2019), e13544.
[14]
GitLab. 2023. About GitLab. https://about.gitlab.com/company/
[15]
GitLab. 2023. GitLab documentation. https://docs.gitlab.com/
[16]
GitLab. 2024. About GitLab. https://docs.gitlab.com/ee/api/rest/#status-codes
[17]
Mark Harman and Peter O'Hearn. 2018. From Start-ups to Scale-ups: Opportunities and Open Problems for Static and Dynamic Program Analysis. In IEEE 18th International Working Conference on Source Code Analysis and Manipulation (SCAM). 1--23.
[18]
Muhammad Abid Jamil, Muhammad Arif, Normi Sham Awang Abubakar, and Akhlaq Ahmad. 2016. Software Testing Techniques: A Literature Review. In 6th International Conference on Information and Communication Technology for the Muslim World (ICT4M). 177--182.
[19]
Yuchen Jiang, Shen Yin, Kuan Li, Hao Luo, and Okyay Kaynak. 2021. Industrial applications of digital twins. Philosophical Transactions of the Royal Society A 379, 2207 (2021).
[20]
Özgür Kafalı, Akın Günay, and Pınar Yolum. 2014. Detecting and predicting privacy violations in online social networks. Distributed and Parallel Databases 32, 1 (2014), 161--190.
[21]
Saurabh Kumar and Pradeep Kumar. 2021. Privacy Preserving in Online Social Networks Using Fuzzy Rewiring. IEEE Transactions on Engineering Management Early Access (2021), 1--9.
[22]
Yuwei Li, Shouling Ji, Chenyang Lv, Yuan Chen, Jianhai Chen, Qinchen Gu, and Chunming Wu. 2019. V-fuzz: Vulnerability-oriented evolutionary fuzzing. arXiv preprint arXiv:1901.01142 52, 5 (2019), 3745--3756.
[23]
Valentin J. M. Manes, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo. 2018. The Art, Science, and Engineering of Fuzzing: A Survey. arXiv preprint arXiv:1812.00140 (2018).
[24]
Leonardo Mariani, Mauro Pezzè, and Daniele Zuddas. 2015. Chapter Four - Recent Advances in Automatic Black-Box Testing. In Advances in Computers, Atif Memon (Ed.). Vol. 99. 157--193.
[25]
Phil McMinn. 2011. Search-Based Software Testing: Past, Present and Future. In IEEE 4th International Conference on Software Testing, Verification and Validation Workshops (ICSTW). 153--163.
[26]
George Morahan. 2022. The Social Media Sites That Have Lost The Most User Data. https://businessplus.ie/tech/social-media-lost-user-data/
[27]
Aneta Neumann, Wanru Gao, Carola Doerr, Frank Neumann, and Markus Wagner. 2018. Discrepancy-based evolutionary diversity optimization. In Genetic and Evolutionary Computation Conference (GECCO). 991--998.
[28]
Stack Overflow. 2024. GitLab lag. https://www.bing.com/search?q=site%3A+stackoverflow.com+GitLab+lag
[29]
Lawrence Page, Sergey Brin, Rajeev Motwani, and Terry Winograd. 1999. The PageRank citation ranking: Bringing order to the web. (1999). Report, Stanford InfoLab.
[30]
Raúl Pardo and Gerardo Schneider. 2017. Model checking social network models. arXiv preprint arXiv:1709.02105 256 (2017), 238--252.
[31]
Mina Young Pedersen, Marija Slavkovik, and Sonja Smets. 2021. Social Bot Detection as a Temporal Logic Model Checking Problem. In International Workshop on Logic, Rationality and Interaction (LORI). Springer, 158--173.
[32]
Adil Rasheed, Omer San, and Trond Kvamsdal. 2020. Digital Twin: Values, Challenges and Enablers From a Modeling Perspective. IEEE Access 8 (2020), 21980--22012.
[33]
Sebastian Risi, Sandy D. Vanderbleek, Charles E. Hughes, and Kenneth O. Stanley. 2009. How novelty search escapes the deceptive trap of learning to learn. In Genetic and Evolutionary Computation Conference (GECCO). 153--160.
[34]
Rishi Ranjan Singh. 2020. Centrality Measures: A Tool to Identify Key Actors in Social Networks. arXiv preprint arXiv:2011.01627 (2020).
[35]
Tamara Ulrich and Lothar Thiele. 2011. Maximizing population diversity in single-objective optimization. In Genetic and Evolutionary Computation Conference (GECCO). 641--648.
[36]
Ziyuan Zhong, Gail Kaiser, and Baishakhi Ray. 2022. Neural Network Guided Evolutionary Fuzzing for Finding Traffic Violations of Autonomous Vehicles. IEEE Transactions on Software Engineering Early Access (2022), 1--15.
Index Terms
- Socialz: Multi-Feature Social Fuzz Testing
Recommendations
Automatic and lightweight grammar generation for fuzz testing
Blackbox fuzz testing can only test a small portion of code when rigorously checking the well-formedness of input values. To overcome this problem, blackbox fuzz testing is performed using a grammar that delineates the format information of input ...
Model-Based Fuzz Testing
ICST '12: Proceedings of the 2012 IEEE Fifth International Conference on Software Testing, Verification and ValidationThe European ITEA2 project DIAMONDS (Development and Industrial Application of Multi-Domain Security Testing Technologies) develops under the direction of Fraunhofer FOKUS, Berlin efficient and automated security test methods for security-critical, ...
Network protocol fuzz testing for information systems and applications: a survey and taxonomy
Fuzzing or fuzz testing has been introduced as a software testing technique to reduce vulnerabilities in software systems or given targets. To achieve a maximum benefit-to-cost ratio and without complication, we use fuzz testing [11]. In addition, ...
Comments
Information & Contributors
Information
Published In
July 2024
1657 pages
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 14 July 2024
Check for updates
Author Tag
Qualifiers
- Research-article
Funding Sources
- Facebook Agent-based User Interaction Simulation to Find and Fix Integrity and Privacy Issues
Conference
GECCO '24
Sponsor:
GECCO '24: Genetic and Evolutionary Computation Conference
July 14 - 18, 2024
VIC, Melbourne, Australia
Acceptance Rates
Overall Acceptance Rate 1,669 of 4,410 submissions, 38%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 26Total Downloads
- Downloads (Last 12 months)26
- Downloads (Last 6 weeks)17
Reflects downloads up to 01 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in