Table 8.
Overview of fuzzing in literature by different dimensions.
| Literature | Attack Vector | Characteristics | Knowledge Level | Type | Testing Platform |
|---|---|---|---|---|---|
| Lee [45] | Bluetooth, CAN |
Attacking ECU | ■ | Mutation | Instruments, real ECU |
| Fowler [46] | CAN | Reversing engineer, attacking network |
■ | Mutation | Vehicle simulator, an instrument cluster |
| Fowler [47] | CAN | Reversing engineer, inject message into ECU |
■ | Mutation | Display ECU |
| Werquin [48] | CAN | Reverse engineering | ■ | Mutation | Instrument Clusters |
| Radu [49] | CAN, ECU Firmware |
Control flow graph, static analysis |
☐ | Generation | Real ECU |
| Zhang [50] | CAN | Bit flip rate, generative adversarial network |
■ | Hybrid | Actual vehicle, IDS |
| Nishimura [51] | CAN FD | Adaption for CAN FD, test execution time measurement |
■ | Mutation | Real ECU |
| Li [52] | SOME/IP | Attach fuzzing mode, structural mutation |
🞕 | Hybrid | Program from GENIVI/vsomeip |
| Bayer [53] | UDS | UDS fuzzing | ☐ | Generation | Simulated ECU |
| Patki [54] | UDS | UDS fuzzing | ☐ | Generation | Real ECU |
| Moukahal [55] | Automotive system | Vulnerability-oriented fuzz, structure-aware mutation |
🞕 | Hybrid | OpenPilot |
| Moukahal [56] | Automotive system | Prioritized and targeted concolic execution | 🞕 | Hybrid | OpenPilot |
Hybrid = Generation + Mutation, ■ = Black box, ☐ = White box, 🞕 = Grey box.