Abstract
Fuzz testing is an effective software testing technology being used to find correctness problems and security issues in software. AFL (American Fuzzy Lop) is one of the most advanced fuzzy testing tools. However, it is difficult for AFL to explore deeper parts of the program. This paper proposes an improved method called ADFL for low hit branch of the tested program to solve this problem. The method first optimizes the selection strategy for seed files, and secondly generates test cases with hits and low hits at higher frequencies during the mutation phase. The experimental results show that compared with the latest version of AFL, the coverage of ADFL is significantly increased in 24 h than AFL. ADFL can cover more branches than AFL in each benchmark program and improve branch coverage of program refactoring by 19.7% and 74.5%. Moreover, ADFL can indeed find more bugs, especially for deep nested test programs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
laf-tintel. https://lafintel.wordpress.com/. Accessed 23 Aug 2017
Fuzzing for Security. https://blog.chromium.org/2012/04/fuzzing-for-security.html. Accessed 21 June 2017
Bohme, M., Pham, V.T., Nszguyen, M.D., Roychoudhury, A.: Directed greybox fuzzing. In: ACM SIGSAC Conference on Computer and Communications Securit, pp. 2329–2344. ACM, Dallas (2017)
Bohme, M., Pham, V.T., Roychoudhury, A.: Coverage-based greybox fuzzing as Markov chain. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 1032–1043. ACM, Vienna (2016)
Fuzzing at Scale. https://security.googleblog.com/2011/08/fuzzing-at-scale.html. Accessed 21 June 2017
Fraser, G., Arcuri, A.: EvoSuite: automatic test suite generation for object-oriented software. In: ACM SIGSOFT Symposium on the Foundations of Software EngineeringSIGSOFT/FSE 2011, pp. 416–419. DBLP, Szeged (2011)
zzuf. http://caca.zoy.org/wiki/zzuf/. Accessed 10 May 2017
Holler, C., Herzig, K., Zeller, A.: Fuzzing with code fragments. In: Proceedings of Usenix Security, pp. 445–458 (2012)
Householder, A.D., Foote, J.M.: Probability-Based Parameter Selection for Black-Box Fuzz Testing (2012)
Li, Y., Chen, B., Chandramohan, M., Lin, S.W., Liu, Y., Tiu, A.: Steelix: program-state based binary fuzzing. In: Joint Meeting on Foundations of Software Engineering, pp. 627–637. ACM, Paderborn (2017)
Guided in-process fuzzing of Chrome components. https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome. Accessed 10 July 2017
Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: Network and Distributed System Security Symposium (2016)
American Fuzzy Lop. http://lcamtuf.coredump.cx/afl. Accessed 2 Aug 2017
Unique crashes as a metric. https://groups.google.com/d/msg/afl-users/fOPeb62FZUg/LYxgPYheDwAJ. Accessed 2 June 2017
American Fuzzy Lop Technical Details. http://lcamtuf.coredump.cx/afl/technical_details.txt. Accessed 2 Aug 2017
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, C., Kang, S. (2018). ADFL: An Improved Algorithm for American Fuzzy Lop in Fuzz Testing. In: Sun, X., Pan, Z., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2018. Lecture Notes in Computer Science(), vol 11067. Springer, Cham. https://doi.org/10.1007/978-3-030-00018-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-00018-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00017-2
Online ISBN: 978-3-030-00018-9
eBook Packages: Computer ScienceComputer Science (R0)