skip to main content
10.1145/3440943.3444744acmconferencesArticle/Chapter ViewAbstractPublication PagesiceaConference Proceedingsconference-collections
research-article

Automatic Seed Generation based Hybrid Fuzzing for Code Coverage Efficiency

Published: 27 September 2021 Publication History

Abstract

Based on the 4th Industrial Revolution, numerous ICT technologies are developing, and for this reason, IoT devices are formed around us. Accordingly, hackers are inflicting financial and physical damage to our lives by using software vulnerabilities in IoT devices around us based on intelligent hacking technology. Automated security vulnerability response systems are required to respond to attacks through continuously occurring software vulnerabilities. In this paper, we analyze the hybrid fuzzing system that complements the technical limitations of the existing fuzzing technology as the base technology for an automated security vulnerability response system. In addition, we propose a hybrid fuzzing system based on an automatic seed generation mechanism for coverage efficiency in order to find vulnerabilities inherent in software quickly and efficiently.

References

[1]
MANÈS, Valentin JM, et al. Fuzzing: Art, science, and engineering. IEEE Transactions on Software Engineering, 2019. https://doi.org/10.1109/TSE.2019.2946563
[2]
LIANG, Hongliang, et al. Fuzzing: State of the art. IEEE Transactions on Reliability, 67.3: 1199-1218, 2018. https://doi.org/10.1109/TR.2018.2834476
[3]
CHEN, Yaohui, et al. MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing. arXiv preprint arXiv:2002.08568, 2020.
[4]
STEPHENS, Nick, et al. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In: NDSS. p. 1--16 2016.
[5]
YUN, Insu, et al. {QSYM}: A practical concolic execution engine tailored for hybrid fuzzing. In: 27th {USENIX} Security Symposium ({USENIX} Security 18). p. 745--761. 2018.
[6]
Taeeum Kim, et al. A Study on Hybrid Fuzzing using Dynamic Analysis for Automatic Binary Vulnerability Detection. Korea Academia-Industrial cooperation Society Journal, 20.6: 541-547, 2019.
[7]
ZHAO, Lei, et al. Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing. In: NDSS. 2019.
[8]
CHEN, Yaohui, et al. SAVIOR: towards bug-driven hybrid testing. In: 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 2020. p. 1580--1596. https://doi.org/10.1109/SP40000.2020.00002
[9]
LYU, Chenyang, et al. Smartseed: Smart seed generation for efficient fuzzing. arXiv preprint arXiv:1807.02606, 2018.
[10]
https://angr.io/, Accessed September 20, 2020.
[11]
MCCABE, Thomas J. A complexity measure. IEEE Transactions on software Engineering, 1976, 4: 308 320. https://doi.org/10.1109/TSE.1976.233837

Index Terms

  1. Automatic Seed Generation based Hybrid Fuzzing for Code Coverage Efficiency

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    ACM ICEA '20: Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications
    December 2020
    219 pages
    ISBN:9781450383042
    DOI:10.1145/3440943
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 27 September 2021

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Automatic Seed Generation Mechanism
    2. Fuzzing
    3. Hybrid Fuzzing
    4. System Security

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Funding Sources

    Conference

    ACM ICEA '20
    Sponsor:

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 60
      Total Downloads
    • Downloads (Last 12 months)10
    • Downloads (Last 6 weeks)2
    Reflects downloads up to 15 Feb 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media