research-article

Energy distribution matters in greybox fuzzing

Authors:

Le Guan,

Peng LiuAuthors Info & Claims

ICSE '19: Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings

Pages 270 - 271

https://doi.org/10.1109/ICSE-Companion.2019.00109

Published: 25 May 2019 Publication History

Get Access

Abstract

Existing energy distribution strategies of AFL and its variants have two limitations. (1) They focus on increasing coverage but ignore the fact that some code regions are more likely to be vulnerable. (2) They randomly select mutators and deterministically specify the number to mutator, therefore lack insights regarding which granularity of mutators are more helpful at that particular stage. We improve the two limitations of AFL's fuzzing energy distribution in a principled way. We direct the fuzzer to strengthen fuzzing toward regions that have a higher probability to contain vulnerabilities based on static semantic metrics of the target program. Furthermore, granularity-aware scheduling of mutators is proposed, which dynamically assigns ratios to different mutation operators. We implemented these improvements as an extension to AFL. Large-scale experimental evaluations showed the effectiveness of each improvement and performance of integration. The proposed tool has helped us find 12 new bugs and expose three new CVEs.

References

[1]

M. Böhme, V.-T. Pham, M.-D. Nguyen, and A. Roychoudhury, "Directed greybox fuzzing," in CCS. ACM, 2017, pp. 2329--2344.

Digital Library

Google Scholar

[2]

M. Böhme, V.-T. Pham, and A. Roychoudhury, "Coverage-based greybox fuzzing as markov chain," TSE, 2017.

Google Scholar

[3]

P. Chen, H. Chen, Y. Zhang, J. Dai, X. Zhang, S. Huang, Z. Yang, M. Yang, H. Chen, W. Han et al., "Angora: efficient fuzzing by principled search," in S&P, vol. 14. Springer-Verlag New York, 2013, pp. 117--149.

Google Scholar

[4]

S. Gan, C. Zhang, X. Qin, X. Tu, K. Li, Z. Pei, and Z. Chen, "Collafl: Path sensitive fuzzing," in S&P. IEEE, 2018, pp. 679--696.

Google Scholar

[5]

http://lcamtuf.coredump.cx/afl/, "Afl."

Google Scholar

[6]

C. Lemieux and K. Sen, "Fairfuzz: A targeted mutation strategy for increasing greybox fuzz testing coverage," in ASE. ACM, 2018, pp. 475--485.

Digital Library

Google Scholar

[7]

S. Schumilo, C. Aschermann, R. Gawlik, S. Schinzel, and T. Holz, "kafl: Hardware-assisted feedback fuzzing for os kernels," in Usenix Security, 2017.

Digital Library

Google Scholar

[8]

J. Wang, B. Chen, L. Wei, and Y. Liu, "Skyfire: Data-driven seed generation for fuzzing," in S&P. IEEE, 2017, pp. 579--594.

Crossref

Google Scholar

Cited By

View all

Ye MNan YDai HYang SLuo XZheng Z(2024)FunFuzz: A Function-Oriented Fuzzer for Smart Contract Vulnerability Detection with High Effectiveness and EfficiencyACM Transactions on Software Engineering and Methodology10.1145/367472533:7(1-20)Online publication date: 28-Jun-2024
https://dl.acm.org/doi/10.1145/3674725
Jang JKim HBalenson D(2019)FuzzBuilderProceedings of the 35th Annual Computer Security Applications Conference10.1145/3359789.3359846(627-637)Online publication date: 9-Dec-2019
https://dl.acm.org/doi/10.1145/3359789.3359846

Recommendations

DiPri: Distance-Based Seed Prioritization for Greybox Fuzzing (Registered Report)
FUZZING 2023: Proceedings of the 2nd International Fuzzing Workshop

Greybox fuzzing is a powerful testing technique. Given a set of initial seeds, greybox fuzzing continuously generates new test inputs to execute the program under test and gravitates executions towards rarely explored program regions with code ...
Sequence coverage directed greybox fuzzing
ICPC '19: Proceedings of the 27th International Conference on Program Comprehension

Existing directed fuzzers are not efficient enough. Directed symbolic-execution-based whitebox fuzzers, e.g. BugRedux, spend lots of time on heavyweight program analysis and constraints solving at runtime. Directed greybox fuzzers, such as AFLGo, ...
Vulnerable Region-Aware Greybox Fuzzing
Abstract
Fuzzing is known to be one of the most effective techniques to uncover security vulnerabilities of large-scale software systems. During fuzzing, it is crucial to distribute the fuzzing resource appropriately so as to achieve the best fuzzing ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICSE '19: Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings

May 2019

369 pages

Conference Chair:
Gunter Mussbacher
McGill University, Canada
,
General Chair:
Joanne M. Atlee
University of Waterloo, Canada
,
Program Chair:
Tevfik Bultan
University of California, Santa Barbara

Publisher

IEEE Press

Publication History

Published: 25 May 2019

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '19

Sponsor:

SIGSOFT
IEEE-CS

ICSE '19: 41st International Conference on Software Engineering

May 25 - 31, 2019

Quebec, Montreal, Canada

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
84
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)1

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ye MNan YDai HYang SLuo XZheng Z(2024)FunFuzz: A Function-Oriented Fuzzer for Smart Contract Vulnerability Detection with High Effectiveness and EfficiencyACM Transactions on Software Engineering and Methodology10.1145/367472533:7(1-20)Online publication date: 28-Jun-2024
https://dl.acm.org/doi/10.1145/3674725
Jang JKim HBalenson D(2019)FuzzBuilderProceedings of the 35th Annual Computer Security Applications Conference10.1145/3359789.3359846(627-637)Online publication date: 9-Dec-2019
https://dl.acm.org/doi/10.1145/3359789.3359846

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

DiPri: Distance-Based Seed Prioritization for Greybox Fuzzing (Registered Report)

Sequence coverage directed greybox fuzzing

Vulnerable Region-Aware Greybox Fuzzing