MOAFL: Potential Seed Selection with Multi-Objective Particle Swarm Optimization

Proceedings of the 7th International Conference on Communication and Information Processing Pub Date : 2021-12-16 DOI:10.1145/3507971.3507977

Jinman Jiang, Rui Ma, Xiajing Wang, Jinyuan He, Donghai Tian, Jiating Li

{"title":"MOAFL: Potential Seed Selection with Multi-Objective Particle Swarm Optimization","authors":"Jinman Jiang, Rui Ma, Xiajing Wang, Jinyuan He, Donghai Tian, Jiating Li","doi":"10.1145/3507971.3507977","DOIUrl":null,"url":null,"abstract":"Fuzzing has become one of the most widely used technology for discovering software vulnerabilities thanks to its effectiveness. However, even the state-of-the-art fuzzers are not very efficient at identifying promising seeds. Coverage-guided fuzzers like American Fuzzy Lop (AFL) usually employ single criterion to evaluate the quality of seeds that may pass up potential seeds. To overcome this problem, we design a potential seed selection scheme, called MOAFL. The key idea is to measure seed potential utilizing multiple objectives and prioritize promising seeds that are more likely to generate interesting seeds via mutation. More specifically, MOAFL leverages lightweight swarm intelligence techniques like Multi-Objective Particle Swarm Optimization (MOPSO) to handle multi-criteria seed selection, which allows MOAFL to choose promising seeds effectively. We implement this scheme based on AFL and our evaluations on LAVA-M dataset and 7 popular real-world programs demonstrate that MOAFL significantly increases the code coverage over AFL.","PeriodicalId":439757,"journal":{"name":"Proceedings of the 7th International Conference on Communication and Information Processing","volume":"51 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 7th International Conference on Communication and Information Processing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3507971.3507977","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Fuzzing has become one of the most widely used technology for discovering software vulnerabilities thanks to its effectiveness. However, even the state-of-the-art fuzzers are not very efficient at identifying promising seeds. Coverage-guided fuzzers like American Fuzzy Lop (AFL) usually employ single criterion to evaluate the quality of seeds that may pass up potential seeds. To overcome this problem, we design a potential seed selection scheme, called MOAFL. The key idea is to measure seed potential utilizing multiple objectives and prioritize promising seeds that are more likely to generate interesting seeds via mutation. More specifically, MOAFL leverages lightweight swarm intelligence techniques like Multi-Objective Particle Swarm Optimization (MOPSO) to handle multi-criteria seed selection, which allows MOAFL to choose promising seeds effectively. We implement this scheme based on AFL and our evaluations on LAVA-M dataset and 7 popular real-world programs demonstrate that MOAFL significantly increases the code coverage over AFL.

查看原文本刊更多论文

MOAFL:基于多目标粒子群优化的潜在种子选择

模糊测试由于其有效性而成为应用最广泛的软件漏洞发现技术之一。然而，即使是最先进的测毛器，在识别有希望的种子方面也不是很有效。美国的Fuzzy Lop (AFL)等覆盖度导向的模糊器通常采用单一的标准来评估种子的质量，这可能会导致潜在种子的流失。为了克服这个问题，我们设计了一个潜在的种子选择方案，称为MOAFL。关键思想是利用多个目标来衡量种子潜力，并优先考虑更有可能通过突变产生有趣种子的有前途的种子。更具体地说，MOAFL利用轻量级群体智能技术，如多目标粒子群优化(MOPSO)来处理多标准种子选择，使MOAFL能够有效地选择有前途的种子。我们基于AFL实现了该方案，并对LAVA-M数据集和7个流行的现实世界程序进行了评估，结果表明MOAFL比AFL显著提高了代码覆盖率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 7th International Conference on Communication and Information Processing

自引率

0.00%

发文量