Fuzzing is utilized for testing software and systems for cybersecurity risk via the automated adaptation of inputs. It facilitates the identification of software bugs and misconfigurations that may create vulnerabilities, cause abnormal operations or result in systems' failure. While many fuzzers have been purpose-developed for testing specific systems, this paper proposes a generalized fuzzer that provides a specific capability for testing software and cyber-physical systems which utilize configuration files. While this fuzzer facilitates the detection of system and software defects and vulnerabilities, it also facilitates the determination of the impact of settings on device operations. This later capability facilitates the modeling of the devices in a cybersecurity risk assessment and analysis system. This paper describes and assesses the performance of the proposed fuzzer technology. It also details how the fuzzer operates as part of the broader cybersecurity risk assessment and analysis system.

翻译：模糊测试通过自动化调整输入，用于测试软件和系统的网络安全风险。它有助于识别可能产生漏洞、导致异常运行或引发系统故障的软件缺陷与错误配置。尽管已有许多针对特定系统的专用模糊测试工具，本文提出一种通用化模糊测试工具，为使用配置文件的软件和网络物理系统提供特定测试能力。该工具不仅有助于检测系统和软件缺陷与漏洞，还能评估设置对设备运行的影响。后一种能力有助于在网络安全风险评估与分析系统中对设备进行建模。本文描述并评估了所提出的模糊测试技术性能，同时详细阐述了该工具如何作为更广泛的网络安全风险评估与分析系统的组成部分运行。