Energy Distribution Matters in Greybox Fuzzing

2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion) Pub Date : 2019-05-25 DOI:10.1109/ICSE-Companion.2019.00109

Lingyun Situ, Linzhang Wang, Xuandong Li, Le Guan, Wenhui Zhang, Peng Liu

{"title":"Energy Distribution Matters in Greybox Fuzzing","authors":"Lingyun Situ, Linzhang Wang, Xuandong Li, Le Guan, Wenhui Zhang, Peng Liu","doi":"10.1109/ICSE-Companion.2019.00109","DOIUrl":null,"url":null,"abstract":"Existing energy distribution strategies of AFL and its variants have two limitations. (1) They focus on increasing coverage but ignore the fact that some code regions are more likely to be vulnerable. (2) They randomly select mutators and deterministically specify the number to mutator, therefore lack insights regarding which granularity of mutators are more helpful at that particular stage. We improve the two limitations of AFL's fuzzing energy distribution in a principled way. We direct the fuzzer to strengthen fuzzing toward regions that have a higher probability to contain vulnerabilities based on static semantic metrics of the target program. Furthermore, granularity-aware scheduling of mutators is proposed, which dynamically assigns ratios to different mutation operators. We implemented these improvements as an extension to AFL. Large-scale experimental evaluations showed the effectiveness of each improvement and performance of integration. The proposed tool has helped us find 12 new bugs and expose three new CVEs.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"20 1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSE-Companion.2019.00109","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Existing energy distribution strategies of AFL and its variants have two limitations. (1) They focus on increasing coverage but ignore the fact that some code regions are more likely to be vulnerable. (2) They randomly select mutators and deterministically specify the number to mutator, therefore lack insights regarding which granularity of mutators are more helpful at that particular stage. We improve the two limitations of AFL's fuzzing energy distribution in a principled way. We direct the fuzzer to strengthen fuzzing toward regions that have a higher probability to contain vulnerabilities based on static semantic metrics of the target program. Furthermore, granularity-aware scheduling of mutators is proposed, which dynamically assigns ratios to different mutation operators. We implemented these improvements as an extension to AFL. Large-scale experimental evaluations showed the effectiveness of each improvement and performance of integration. The proposed tool has helped us find 12 new bugs and expose three new CVEs.

查看原文本刊更多论文

灰盒模糊测试中的能量分配问题

现有的AFL及其变体的能量分配策略存在两个局限性。(1)他们专注于增加覆盖率，但忽略了一些代码区域更容易受到攻击的事实。(2)他们随机选择突变子并确定指定要突变的数量，因此缺乏对特定阶段哪种粒度的突变子更有帮助的见解。我们从原则性上改进了AFL模糊能量分布的两个局限性。我们根据目标程序的静态语义度量，指导模糊器对包含漏洞的概率更高的区域加强模糊。在此基础上，提出了基于粒度感知的变异算子调度方法，对不同的变异算子动态分配比例。我们将这些改进作为AFL的扩展来实现。大规模的实验评估表明了每次改进的有效性和集成的性能。这个被提议的工具已经帮助我们发现了12个新的bug，并暴露了3个新的cve。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)

自引率

0.00%

发文量