Zhen Cai
ABSTRACT
AFL (American Fuzzy Lop) is one of the most popular fuzzy test tools. Aiming at the problem of insufficient path coverage caused by complete random mutation in the non-deterministic mutation stage, this paper proposes a heuristic guided optimized strategy for non-deterministic mutation, and implements AFLCAI on the basis of AFL. AFLCAI uses the effector map mechanism to obtain the approximation of metadata, and improves the branch coverage and the number of path coverage by heuristic guided mutation. The comparison experiment proves that AFLCAI can effectively improve the code coverage without affecting the running speed. The branch coverage rate is increased by 3.79% and the new path is increased by 9.90%, which confirms the effectiveness and advantages of the proposed method.
- Miller B P, Fredriksen L, So B (1990). An empirical study of the reliability of UNIX utilities. Communications of the ACM, 33(12), 32--43.Google Scholar
Digital Library
- Li J, Zhao B D, Zhang C (2018). Fuzzing: a survey. Cybersecurity, 1--6.Google Scholar
- Liang H L, Pei X X, Jia X D, et al (2018). Fuzzing: state of the art. IEEE Trans on Reliability, 67(3):1199--1218.Google ScholarCross Ref
- Lemieux C, Sen K (2018). Fairfuzz: Targeting rare branches to rapidly increase greybox fuzz testing coverage. Proc of the 33rd IEEE/ACM International Conference on Automated Software Engineering. New York: ACM Press, 475--485.Google Scholar
- Wang J J, Chen B H, Wei L, et al (2017). Skyfire: data-driven seed generation for fuzzing. Proc of IEEE SP. Piscataway, NJ: IEEE Press, 2017, 579--594.Google Scholar
- You W, WSang X Q, Ma S Q, et al (2019) ProFuzzer: on-the-fly input type probing for better zero-day vulnerability discovery. Proc of IEEE SP. Piscataway, NJ: IEEE PressGoogle Scholar
- Gan S T, Zhang C, Qin X J, et al (2018). CollAFL: coverage sensitive fuzzing. Proc of IEEE SP. Piscataway, NJ: IEEE Press, 660--677.Google Scholar
- Böhme M, Pham V T, Roychoudhury A (2016). Coverage-based greybox fuzzing as markov chain. Proc of CCS. New York: ACM Press, 1032--1043.Google Scholar
- Cha S K, Woo M, Brumley D (2015). Program-adaptive mutational fuzzing. Proc of IEEE SP. Piscataway,NJ: IEEE Press, 725--741.Google ScholarDigital Library
- Kargén U, Shahmehri N (2018). Speeding up bug finding using focused fuzzing. Proc of the 13th International Conference on Availability, Reliability and Security. New York: ACM Press, (2018-08-27) [2019-04-09]. https://doi.org/10.1145/3230833.3230867.Google ScholarDigital Library
- Aschermann C, Schumilo S, Blazytko T, et al (2019). Redqueen: fuzzing with input-to-state correspondence. Proc of NDSS.Google Scholar
- Peng H, Shoshitaishvili Y, Payer M (2018). T-Fuzz: fuzzing by program transformation. Proc of IEEE SP. Piscataway, NJ: IEEE Press, 697--710.Google Scholar
- Cadar C, Dunbar D, Engler D (2008). KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. Proc of the 8th USENIX Conference on Operating Systems Design and Implementation. Berkeley: USENIX Association Press, 209--224.Google Scholar
- Li Y K, Chen B H, Chandramohan M, et al (2017). Steelix: programstate based binary fuzzing. Proc of the 11th Joint Meeting on Foundations of Software Engineering. New York: ACM Press, 627--637.Google Scholar
- Fu Y, Shi D H, Zhang Y, et al (2019). Improved fuzz testing approach based on coverage frequency. Computer Systems & Applications, 28(1), 17--24. (2018-17-07)[2019-04-09]. http://www.c-s-a.org.cn/1003-3254/6714.htmlGoogle Scholar
- Michal Z. American fuzzy lop. http://lcamtuf.coredump.cx/afl/.Google Scholar
Index Terms
- A Heuristic Guided Optimized Strategy for Non-Deterministic Mutation
Recommendations
Mutation Methods for Structured Input to Enhance Path Coverage of Fuzzers
Information Security ApplicationsAbstractExisting mutation methods used in coverage-based grey-box fuzzing (CGF), such as those employed by AFL and AFL++, can lead to biased testing for structured inputs. While fuzzing, certain input sections of structured input may receive fewer ...
Investigating Coverage Guided Fuzzing with Mutation Testing
Internetware '22: Proceedings of the 13th Asia-Pacific Symposium on InternetwareCoverage guided fuzzing (CGF) is an effective testing technique which has detected hundreds of thousands of bugs from various software applications. It focuses on maximizing code coverage to reveal more bugs during fuzzing. However, a higher coverage ...
Path Coverage Information for Adaptive Random Testing
ICIT '17: Proceedings of the 2017 International Conference on Information TechnologyThis paper proposes the application of path coverage information into Adaptive Random Testing (ART). The ART is a distance-based technique. It selects the furthest test cases from the previous executed test cases. Applying Path Coverage is intended to ...
Comments