Chen, T.
, Kuo, F.
, Ma, W.
, Susilo, W.
, Towey, D.
, Voas, J.
and Zhou, Z.
(2016),
Metamorphic Testing for Cybersecurity, Computer (IEEE Computer), [online], https://doi.org/10.1109/MC.2016.176, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=920197
(Accessed October 7, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Metamorphic Testing for Cybersecurity
Published
Author(s)
Tsong Yueh Chen, Fei-Ching Kuo, Wenjuan Ma, Willy Susilo, Dave Towey, , Zhi Q. Zhou
Abstract
Testing is a major approach for the detection of software defects, including security vulnerabilities. This article introduces metamorphic testing (MT), a relatively new testing method, and discusses how the new perspective of MT can help to conduct negative testing as well as to alleviate the oracle problem in the testing of security-related functionality and behavior. As demonstrated by the effectiveness of MT in detecting previously unknown bugs in real-world critical applications such as compilers and code obfuscators, we conclude that software testing should be conducted from diverse perspectives in order to achieve greater cybersecurity.Citation
Computer (IEEE Computer)
Volume
49
Issue
6
Pub Type
Journals
Download Paper
Keywords
cybersecurity, metamorphic testing, test oracles, fuzz testing, correctness
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created June 26, 2016, Updated October 12, 2021