Abstract
Greybox fuzzing technology is a kind of fuzzing technology that is commonly used now and effective. This fuzzing technology can guide the direction of fuzzing by acquiring the execution information of some paths in the program. However, the gray box fuzzy testing technology commonly used in the market today evaluates the seed of a sample by its path depth, execution time, and whether there is a new path to judge the quality of a sample, which is often not comprehensive. This article will propose a sample seed screening technology that uses ant colony algorithm to control gray box fuzzy test. By estimating the transition probability between the basic block and the basic block, we can determine what kind of seed sample is more likely to mutate into a new sample file. Based on this, the order and degree of fuzzing of the samples are determined, so as to improve the efficiency of fuzzing.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Böhme, M., Pham, V.-T., Roychoudhury, A.: Coverage-based greybox fuzzing as markov chain. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 1032–1043 (2016)
Böhme, M., Paul, S.: A probabilistic analysis of the efficiency of automated software testing. IEEE Trans. Softw. Eng. 42(4), 345–360 (2016)
Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: Addresssanitizer: a fast address sanity checker. In: Proceedings of the 2012 USENIX Conference on Annual Technical Conference, Series USENIX ATC 2012, p. 28 (2012)
Pham, V.-T., Böhme, M., Roychoudhury, A.: Model-based whitebox fuzzing for program binaries. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, Series ASE, pp. 552–562 (2016)
Chen, Y., Su, T., Sun, C., Su, Z., Zhao, J.: Coverage-directed differential testing of JVM implementations. In: PLDI 2016, pp. 85–99 (2016)
Sparks, S., Embleton, S., Cunningham, R., Zou, C.: Automated vulnerability analysis: leveraging control flow for evolutionary input crafting. In: 23d Annual Computer Security Applications Conference (ACSAC), pp. 477–486 (2007)
Website: Symbolic execution in vulnerability research. https://lcamtuf.blogspot.sg/2015/02/symbolic-execution-in-vuln-research.html. Accessed: 13 June 2017
Website: AFL vulnerability trophy case. http://lcamtuf.coredump.cx/afl/#bugs. Accessed 13 June 2017
Website: Peach fuzzer platform. http://www.peachfuzzer.com/products/peach-platform/. Accessed 13 June 2017
Chen, C., Cui, B., Ma, J., et al.: A systematic review of fuzzing techniques. Comput. Secur. 75, 118–137 (2018)
Takanen, A., Demott, J.D., Miller, C., et al.: Fuzzing for Software Security Testing and Quality Assurance. Artech House, Norwood (2018)
Takanen, A.: Fuzzing: the past, the present and the future. In: Actes du 7ème symposium sur la sécurité des technologies de l’information et des communications (SSTIC), pp. 202–212 (2009)
Pham, V.T., Böhme, M., Roychoudhury, A.: Model-based whitebox fuzzing for program binaries. In: 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 543–553. IEEE (2016)
Schieferdecker, I., Großmann, J., Schneider, M.: Model-based fuzzing for security testing. In: Keynote Talk at the 3rd International Workshop on Security Testing (SECTEST 2012), Montreal, Canada, April 2012 (2012)
Website: AFL technical details. http://lcamtuf.coredump.cx/afl/technical_details.txt. Accessed 13 June 2019
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Sun, B., Wang, B., Cui, B., Fu, Y. (2020). Greybox Fuzzing Based on Ant Colony Algorithm. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Advanced Information Networking and Applications. AINA 2020. Advances in Intelligent Systems and Computing, vol 1151. Springer, Cham. https://doi.org/10.1007/978-3-030-44041-1_112
Download citation
DOI: https://doi.org/10.1007/978-3-030-44041-1_112
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44040-4
Online ISBN: 978-3-030-44041-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)