{"title":"利用响应时间引导遗传算法模糊法揭示导致网络应用程序接口性能延迟的输入信息","authors":"Ying-Tzu Huang, Shin-Jie Lee","doi":"10.1007/s10015-024-00957-4","DOIUrl":null,"url":null,"abstract":"<div><p>Web APIs are integral to modern web development, enabling service integration and automation. Ensuring their performance and functionality is critical, yet performance testing is less explored due to the difficulty in detecting performance bugs. This paper presents a response time-guided genetic algorithm (GA) fuzzing approach to uncover web API performance latency in a black-box setting. Unlike traditional random input generation, our method uses GA to refine inputs through crossover and mutation, guided by response time-based fitness. We propose two seed generation methods: pairwise combinatorial testing using Mircosoft’s Pairwise Independent Combinatorial Testing (PICT) and randomly paired combinations. We compared our method with classic random fuzzing. Experiments on five real-world web APIs show that our approach significantly outperforms classic random fuzzing, identifying inputs with response times 1.5 to 26.3 times longer. Additionally, PICT-generated seeds demonstrated superior performance compared to randomly-paired combinations in 2 out of 5 APIs. Our findings highlight the potential of GA-based fuzzing to reveal web API performance latency, advocating for further research in this area.</p></div>","PeriodicalId":46050,"journal":{"name":"Artificial Life and Robotics","volume":"29 4","pages":"459 - 472"},"PeriodicalIF":0.8000,"publicationDate":"2024-08-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Revealing inputs causing web API performance latency using response-time-guided genetic algorithm fuzzing\",\"authors\":\"Ying-Tzu Huang, Shin-Jie Lee\",\"doi\":\"10.1007/s10015-024-00957-4\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Web APIs are integral to modern web development, enabling service integration and automation. Ensuring their performance and functionality is critical, yet performance testing is less explored due to the difficulty in detecting performance bugs. This paper presents a response time-guided genetic algorithm (GA) fuzzing approach to uncover web API performance latency in a black-box setting. Unlike traditional random input generation, our method uses GA to refine inputs through crossover and mutation, guided by response time-based fitness. We propose two seed generation methods: pairwise combinatorial testing using Mircosoft’s Pairwise Independent Combinatorial Testing (PICT) and randomly paired combinations. We compared our method with classic random fuzzing. Experiments on five real-world web APIs show that our approach significantly outperforms classic random fuzzing, identifying inputs with response times 1.5 to 26.3 times longer. Additionally, PICT-generated seeds demonstrated superior performance compared to randomly-paired combinations in 2 out of 5 APIs. Our findings highlight the potential of GA-based fuzzing to reveal web API performance latency, advocating for further research in this area.</p></div>\",\"PeriodicalId\":46050,\"journal\":{\"name\":\"Artificial Life and Robotics\",\"volume\":\"29 4\",\"pages\":\"459 - 472\"},\"PeriodicalIF\":0.8000,\"publicationDate\":\"2024-08-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Artificial Life and Robotics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://link.springer.com/article/10.1007/s10015-024-00957-4\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"ROBOTICS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Artificial Life and Robotics","FirstCategoryId":"1085","ListUrlMain":"https://link.springer.com/article/10.1007/s10015-024-00957-4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ROBOTICS","Score":null,"Total":0}
引用次数: 0
摘要
网络应用程序接口(Web API)是现代网络开发不可或缺的一部分,它实现了服务集成和自动化。确保其性能和功能至关重要,但由于性能缺陷难以检测,性能测试的探索较少。本文提出了一种响应时间引导遗传算法(GA)模糊方法,用于在黑盒设置中发现网络应用程序接口的性能延迟。与传统的随机输入生成不同,我们的方法使用遗传算法,在基于响应时间的适配性指导下,通过交叉和突变来完善输入。我们提出了两种种子生成方法:使用 Mircosoft 的配对独立组合测试 (PICT) 进行配对组合测试和随机配对组合。我们将我们的方法与经典的随机模糊法进行了比较。在五个真实世界网络应用程序接口上进行的实验表明,我们的方法明显优于传统随机模糊法,识别输入的响应时间比传统随机模糊法长 1.5 到 26.3 倍。此外,在 5 个应用程序接口中的 2 个中,PICT 生成的种子比随机配对的组合表现出更优越的性能。我们的研究结果凸显了基于 GA 的模糊测试在揭示网络 API 性能延迟方面的潜力,从而推动了这一领域的进一步研究。
Revealing inputs causing web API performance latency using response-time-guided genetic algorithm fuzzing
Web APIs are integral to modern web development, enabling service integration and automation. Ensuring their performance and functionality is critical, yet performance testing is less explored due to the difficulty in detecting performance bugs. This paper presents a response time-guided genetic algorithm (GA) fuzzing approach to uncover web API performance latency in a black-box setting. Unlike traditional random input generation, our method uses GA to refine inputs through crossover and mutation, guided by response time-based fitness. We propose two seed generation methods: pairwise combinatorial testing using Mircosoft’s Pairwise Independent Combinatorial Testing (PICT) and randomly paired combinations. We compared our method with classic random fuzzing. Experiments on five real-world web APIs show that our approach significantly outperforms classic random fuzzing, identifying inputs with response times 1.5 to 26.3 times longer. Additionally, PICT-generated seeds demonstrated superior performance compared to randomly-paired combinations in 2 out of 5 APIs. Our findings highlight the potential of GA-based fuzzing to reveal web API performance latency, advocating for further research in this area.