ABSTRACT
Directed fuzzing technology is one of the key technologies to quickly reach a specific location of software, and to conduct targeted testing or bug recurrence. However, directed fuzzing technology has some problems, such as unreasonable seed energy allocation, low code coverage and incomplete testing. To solve the above problems, this paper proposes an optimization method of directed fuzzing based on Rich-Branch nodes. In this method, the concept of Rich-Branch nodes is defined and the algorithm of extracting Rich-Branch nodes is given. The optimization method collects the coverage information of the target program in the running process, calculates the weights of covered functions and nodes in real time by combining CG and CFG of the target program, and generates a list of Rich-Branch nodes. According to the weights of Rich-Branch nodes, the seed energy allocation algorithm of AFLGo is optimized and improved. Compared with AFLGo, this optimization method improves the average code coverage of each targeted point by 56.79%, and has the same target reaching ability as AFLGo.
- McNally, R., Yiu, K., Grove, D., & Gerhardy, D. 2012. Fuzzing: the state of the art.Google Scholar
- Miller, B. P., Fredriksen, L., & So, B. 1990. An empirical study of the reliability of UNIX utilities. Communications of the ACM, 33(12), 32-44.Google ScholarDigital Library
- King, J. C. 1976. Symbolic execution and program testing. Communications of the ACM, 19(7), 385-394.Google ScholarDigital Library
- Newsome, J., & Song, D. X. 2005, February. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software. In NDSS (Vol. 5, pp. 3-4).Google Scholar
- Böhme, M., Pham, V. T., Nguyen, M. D., & Roychoudhury, A. 2017, October. Directed greybox fuzzing. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 2329-2344).Google ScholarDigital Library
- Nossum, V., & Casasnovas, Q. 2016, April. Filesystem fuzzing with american fuzzy lop. In Vault Linux Storage and Filesystems Conference.Google Scholar
- Skiscim, C. C., & Golden, B. L. 1983. Optimization by simulated annealing: A preliminary computational study for the tsp. Institute of Electrical and Electronics Engineers (IEEE).Google Scholar
Index Terms
- RDGFuzz: A directed greybox fuzzing optimization method based on Rich-Branch nodes
Recommendations
Directed Greybox Fuzzing
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityExisting Greybox Fuzzers (GF) cannot be effectively directed, for instance, towards problematic changes or patches, towards critical system calls or dangerous locations, or towards functions in the stack-trace of a reported vulnerability that we wish to ...
KCFuzz: Directed Fuzzing Based on Keypoint Coverage
Artificial Intelligence and SecurityAbstractDirected fuzzing, as an efficient method to focus on a specific set of targets in the program, often works better than random fuzzing when combined with a researcher’s empirical judgment. However, the current directed fuzzing work is not efficient ...
Sequence coverage directed greybox fuzzing
ICPC '19: Proceedings of the 27th International Conference on Program ComprehensionExisting directed fuzzers are not efficient enough. Directed symbolic-execution-based whitebox fuzzers, e.g. BugRedux, spend lots of time on heavyweight program analysis and constraints solving at runtime. Directed greybox fuzzers, such as AFLGo, ...
Comments