Guide Fuzzing with Multi-Factor Potential Analysis

2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C) Pub Date : 2018-07-01 DOI:10.1109/QRS-C.2018.00087

Luhang Xu, Wei Dong, Liangze Yin, Qiuxi Zhong

{"title":"Guide Fuzzing with Multi-Factor Potential Analysis","authors":"Luhang Xu, Wei Dong, Liangze Yin, Qiuxi Zhong","doi":"10.1109/QRS-C.2018.00087","DOIUrl":null,"url":null,"abstract":"Fuzzing is a popular technique for software vulnerability mining. Although the state-of-the-art fuzzers combine many popular technologies to overcome the shortcomings of fuzzing, it leaves a lot to be desired. Symbolic execution can help fuzzer to generate effective input, but it brings heavy loads. Other technologies are difficult to support fuzzing to accurately generate inputs that satisfy constraints. Therefore, we propose Multi-Factor Potential Analysis (MPA), a new search strategy that enables fuzzing to traverse more paths based on symbolic execution. The goal of its search process is to find an unexplored path, in symbolic execution, which is easy to solve and has distinguished contribution to the growth rate of path coverage. Moreover, it also takes into account the high-risk functions contained in the path. Tinker-MPA, a tool that implements MPA strategy, is implemented. It traverses more paths in a limited time than the other state-of-the-art fuzzing tools such as AFL and Tinker on DARPA CGC benchmark. Besides, the vulnerability mining of Tinker-MPA is more efficient.","PeriodicalId":199384,"journal":{"name":"2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS-C.2018.00087","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Fuzzing is a popular technique for software vulnerability mining. Although the state-of-the-art fuzzers combine many popular technologies to overcome the shortcomings of fuzzing, it leaves a lot to be desired. Symbolic execution can help fuzzer to generate effective input, but it brings heavy loads. Other technologies are difficult to support fuzzing to accurately generate inputs that satisfy constraints. Therefore, we propose Multi-Factor Potential Analysis (MPA), a new search strategy that enables fuzzing to traverse more paths based on symbolic execution. The goal of its search process is to find an unexplored path, in symbolic execution, which is easy to solve and has distinguished contribution to the growth rate of path coverage. Moreover, it also takes into account the high-risk functions contained in the path. Tinker-MPA, a tool that implements MPA strategy, is implemented. It traverses more paths in a limited time than the other state-of-the-art fuzzing tools such as AFL and Tinker on DARPA CGC benchmark. Besides, the vulnerability mining of Tinker-MPA is more efficient.

查看原文本刊更多论文

用多因素潜力分析指导模糊测试

模糊测试是一种流行的软件漏洞挖掘技术。虽然最先进的模糊器结合了许多流行的技术来克服模糊的缺点，但它还有很多需要改进的地方。符号执行可以帮助fuzzer生成有效的输入，但它带来了沉重的负载。其他技术很难支持模糊来准确地生成满足约束的输入。因此，我们提出了多因素潜力分析(MPA)，这是一种新的搜索策略，使模糊测试能够基于符号执行遍历更多路径。其搜索过程的目标是寻找一条未探索的路径，采用符号执行，易于求解，对路径覆盖率的增长率有显著贡献。此外，它还考虑了路径中包含的高风险函数。实现了实现MPA策略的工具Tinker-MPA。它比其他先进的模糊测试工具(如DARPA CGC基准上的AFL和Tinker)在有限的时间内遍历更多的路径。此外，Tinker-MPA的漏洞挖掘效率更高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C)

自引率

0.00%

发文量