Revealing inputs causing web API performance latency using response-time-guided genetic algorithm fuzzing

Ying Tzu Huang, Shin Jie Lee

研究成果: Article同行評審

摘要

Web APIs are integral to modern web development, enabling service integration and automation. Ensuring their performance and functionality is critical, yet performance testing is less explored due to the difficulty in detecting performance bugs. This paper presents a response time-guided genetic algorithm (GA) fuzzing approach to uncover web API performance latency in a black-box setting. Unlike traditional random input generation, our method uses GA to refine inputs through crossover and mutation, guided by response time-based fitness. We propose two seed generation methods: pairwise combinatorial testing using Mircosoft’s Pairwise Independent Combinatorial Testing (PICT) and randomly paired combinations. We compared our method with classic random fuzzing. Experiments on five real-world web APIs show that our approach significantly outperforms classic random fuzzing, identifying inputs with response times 1.5 to 26.3 times longer. Additionally, PICT-generated seeds demonstrated superior performance compared to randomly-paired combinations in 2 out of 5 APIs. Our findings highlight the potential of GA-based fuzzing to reveal web API performance latency, advocating for further research in this area.

原文English
頁(從 - 到)459-472
頁數14
期刊Artificial Life and Robotics
29
發行號4
DOIs
出版狀態Published - 2024 11月

All Science Journal Classification (ASJC) codes

  • 一般生物化學,遺傳學和分子生物學
  • 人工智慧

引用此