Fuzzing with Quantitative and Adaptive Hot-Bytes Identification

by   Tai D. Nguyen, et al.

Fuzzing has emerged as a powerful technique for finding security bugs in complicated real-world applications. American fuzzy lop (AFL), a leading fuzzing tool, has demonstrated its powerful bug finding ability through a vast number of reported CVEs. However, its random mutation strategy is unable to generate test inputs that satisfy complicated branching conditions (e.g., magic-byte comparisons, checksum tests, and nested if-statements), which are commonly used in image decoders/encoders, XML parsers, and checksum tools. Existing approaches (such as Steelix and Neuzz) on addressing this problem assume unrealistic assumptions such as we can satisfy the branch condition byte-to-byte or we can identify and focus on the important bytes in the input (called hot-bytes) once and for all. In this work, we propose an approach called  which is designed based on the following principles. First, there is a complicated relation between inputs and branching conditions and thus we need not only an expressive model to capture such relationship but also an informative measure so that we can learn such relationship effectively. Second, different branching conditions demand different hot-bytes and we must adjust our fuzzing strategy adaptively depending on which branches are the current bottleneck. We implement our approach as an open source project and compare its efficiency with other state-of-the-art fuzzers. Our evaluation results on 10 real-world programs and LAVA-M dataset show that  achieves sustained increases in branch coverage and discovers more bugs than other fuzzers.


FairFuzz: Targeting Rare Branches to Rapidly Increase Greybox Fuzz Testing Coverage

In recent years, fuzz testing has proven itself to be one of the most ef...

HyperPUT: Generating Synthetic Faulty Programs to Challenge Bug-Finding Tools

As research in automatically detecting bugs grows and produces new techn...

Matryoshka: fuzzing deeply nested branches

Greybox fuzzing has made impressive progress in recent years, evolving f...

Better Pay Attention Whilst Fuzzing

Fuzzing is one of the prevailing methods for vulnerability detection. Ho...

FuzzerAid: Grouping Fuzzed Crashes Based On Fault Signatures

Fuzzing has been an important approach for finding bugs and vulnerabilit...

SQUIRREL: Testing Database Management Systems with Language Validity and Coverage Feedback

Fuzzing is an increasingly popular technique for verifying software func...

Rethinking Smart Contract Fuzzing: Fuzzing With Invocation Ordering and Important Branch Revisiting

Blockchain smart contracts have given rise to a variety of interesting a...

Please sign up or login with your details

Forgot password? Click here to reset