Abstract
The existing open-source framework of Peach fuzzing test is based on mutation or model generation, which cannot obtain the execution information inside the input program, which makes many invalid byte mutations during fuzzing. This paper proposes a new feedback mechanism and mutation mechanism. Based on the Peach framework, the PtPeach guidance test cases generation link is improved. The key fields can be located with the help of the information changes during program execution during mutation so that the keyword section in the file can be fuzzed, which will greatly shorten the generation time of fuzzing test cases and speed up fuzzing for vulnerability mining speed. Experiments show that in the same time, we fuzzed the AcroRd32.dll in the Adobe library, and finally improved Peach's ability to perform fuzzing to find potential vulnerabilities.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Manès, V.J.M., et al.: The art, science, and engineering of fuzzing: a survey. IEEE Trans. Softw. Eng. (2019)
Rawat, S., Jain, V., Kumar, A., Cojocar, L., Giuffrida, C., Bos, H.: VUzzer: application-aware evolutionary fuzzing. In: NDSS, vol. 17, pp. 1–14 (2017).
Fioraldi, A., Maier, D., Eißfeldt, H., Heuse, M.: AFL++: combining incremental steps of fuzzing research. In: 14th USENIX Workshop on Offensive Technologies (WOOT 2020) (2020)
Kim, M., Park, S., Yoon, J., Kim, M., Noh, B.N.: File analysis data auto-creation model for peach fuzzing. J. Korea Inst. Inform. Security Cryptol. 24(2), 327–333 (2014)
You, W., et al.: Profuzzer: on-the-fly input type probing for better zero-day vulnerability discovery. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 769–786. IEEE (2019)
Pham, V.T., Böhme, M., Santosa, A.E., Caciulescu, A.R., Roychoudhury, A.: Smart greybox fuzzing. IEEE Trans. Softw. Eng. (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Yang, H., Zhao, J., Cui, B. (2022). PtPeach: Improved Design and Implementation of Peach Fuzzing Test for File Format. In: Barolli, L., Yim, K., Chen, HC. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing. IMIS 2021. Lecture Notes in Networks and Systems, vol 279. Springer, Cham. https://doi.org/10.1007/978-3-030-79728-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-79728-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-79727-0
Online ISBN: 978-3-030-79728-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)